Plugging the Policy Gap: If You Build It, Governance Will Follow Ian Taylor University of Washington Copyright Ian Taylor, 2007. This work is the intellectual.

Slides:



Advertisements
Similar presentations
Linda Ricks Managing Director, Information Systems May 25, 2006 Project and Resource Portfolio Management.
Advertisements

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Copyright Princeton University This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.
Copyright Donald E. Harris This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
A Tale of Two Worlds: Academia and the Information Technology Unit Geoff Nathan Faculty Liaison, C&IT Associate Professor, Department of English (Linguistics.
Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
E-Biz Forum 2002 E-Business Forum May 16, 2002 Steve Relyea Vice Chancellor – Business Affairs University of California, San Diego.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer
Dialogue: Does the Cornell Policy Process Play in Peoria? David Stack, Ph.D. Deputy CIO University of Wisconsin–Milwaukee Merri Beth Lavagnino, M.L.S.,
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.
Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.
3/20/20071 IT Strategy and Leadership in Higher Education: Two Case Studies Case 1: Roberts Wesleyan College. Presented by Pradeep (Peter) Saxena, CIO.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
So You Want to Switch Course Management Systems? We Have! Come Find Out What We’ve Learned. Copyright University of Okahoma This work is the intellectual.
Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Classroom Technologies Re-organization Copyright Kathy Bohnstedt, This work is the intellectual property of the author. Permission is granted for.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Copyright Emory University, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Catalyst Portfolio Tool Copyright Tom Lewis, This work is the intellectual property.
Issues Associated with ePortfolios in Small Colleges EDUCAUSE Mid-Atlantic Regional Conference 2006 Ed Barboni, Senior Advisor, Council of Independent.
Higher Education and the New International Imperative David Ward President American Council on Education Global Challenges and Higher Education Duke University.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.
Taking Cyber Security Awareness to the Street Community Aware.
March 21, 2006 NERCOMP 2006 Worcester, Massachusetts 1 Copyright Sunny Donenfeld, This work is the intellectual property of the author. Permission.
The Real At Risk E-Content: University Web Resources EDUCAUSE Joanne Kaczmarek University of Illinois at Urbana-Champaign Taylor Surface OCLC October 12,
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy.
Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
Sight Words.
1 Top 10 Challenges of the Academic Technology Community John P. Campbell & Dennis A. Trinkle EDUCAUSE Live! Monday, May 21, :00-2:00 PM Copyright.
Legal Issues in the “E-Learning Business” Jonathan Alger University of Michigan October 29, 2001 Copyright Jonathan Alger This work is the intellectual.
Advice for IT Leaders By Don Harris Vice Provost and CIO Emory University.
Copyright Michael Dieckmann, Geissler Golding, Melanie Haveard This work is the intellectual property of the author. Permission is granted for this material.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Copyright James Kulich This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.
Chief Information Officer Effectiveness in Higher Education Wayne Brown, Ph.D. Copyright Wayne Brown This work is the intellectual property of the.
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Top 10 Challenges of the Academic Technology Community Veronica Diaz, John Campbell, Dennis Trinkle Wednesday, October 24, :50 p.m. - 4:40 p.m.
October 2006 Funded by JISC and ESRC to serve the UK academic and research communities. Voyage of the U.K. JISC Federation: Shibbolizing the U.K.'s Research,
Portfolio Assessment: “If it Can’t be Measured, it Can’t be Managed” Walt Sevon Director, Classroom & Learning Technologies Co-Director, Technology Systems.
University of Southern California Identity and Access Management (IAM)
Federated Identity Management at Virginia Tech
Julian Hooker Assistant Managing Director Educause Southwest
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
University of Southern California Identity and Access Management (IAM)
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
Signet Privilege Management
EDUCAUSE Networking 2002 Washington, D.C. April 17, 2002
Enabling Applications to Use Your IdMS
Signet Privilege Management
Presentation transcript:

Plugging the Policy Gap: If You Build It, Governance Will Follow Ian Taylor University of Washington Copyright Ian Taylor, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Areas of focus Policy issues around Identity Management Policy issues around Identity Management Controlling Access to systems and data Controlling Access to systems and data Management and distribution of PII Management and distribution of PII Protection of privileged information Protection of privileged information The chain of delegated authority The chain of delegated authority Finding the Owners, Custodians, Stewards Finding the Owners, Custodians, Stewards And holding them accountable! And holding them accountable!

The fundamental problem Technology solutions outpace the development of policy and formal practice. Technology solutions outpace the development of policy and formal practice. Those who develop technology solutions are not (normally) responsible for developing institutional policy. Those who develop technology solutions are not (normally) responsible for developing institutional policy. Those responsible for formulating institutional policy are (normally) positioned outside of the IT organization. Those responsible for formulating institutional policy are (normally) positioned outside of the IT organization.

The risks Practices and procedures develop in an ad hoc fashion, without guidance or oversight Practices and procedures develop in an ad hoc fashion, without guidance or oversight Might be good, but will probably be poor. Might be good, but will probably be poor. Non-compliance with institutional standards, state and Federal regulations: liability issues. Non-compliance with institutional standards, state and Federal regulations: liability issues. Real risks to real people: PII exposure, ID theft, personal danger (stalking). Real risks to real people: PII exposure, ID theft, personal danger (stalking).

What we’ve done about it Security Middleware unit formed 2003, consolidating Security Middleware unit formed 2003, consolidating Person Registry Person Registry Pubcookie (SSO) Pubcookie (SSO) White Pages and other LDAP directories White Pages and other LDAP directories Privilege Management system (ASTRA) Privilege Management system (ASTRA) Certificate Authority Certificate Authority … etc … etc Main focus of efforts: Main focus of efforts: Consolidating, rebuilding, extending Consolidating, rebuilding, extending Preparing for future services Preparing for future services Responding to client demands Responding to client demands Searched for Policy guidance Searched for Policy guidance

Case: ASTRA Privilege Management Deployed 2003, created Delegator and Authorizer roles reflecting the hierarchy of control and the organizational structure of the University. Deployed 2003, created Delegator and Authorizer roles reflecting the hierarchy of control and the organizational structure of the University. These roles were not previously defined and did not exist. We worked directly with the Executive Vice President and Provost to create a delegation process which produced an authoritative chart of these designees. These roles were not previously defined and did not exist. We worked directly with the Executive Vice President and Provost to create a delegation process which produced an authoritative chart of these designees.

Case: Student Groups Groups Directory Service supplies Course Groups to departmental system developers, for the purpose of managing access to services and resources. Groups Directory Service supplies Course Groups to departmental system developers, for the purpose of managing access to services and resources. The release of student data in this fashion raised several FERPA policy questions. We worked directly with the Registrar to develop a lightweight registration and approval process for the use of this data. The release of student data in this fashion raised several FERPA policy questions. We worked directly with the Registrar to develop a lightweight registration and approval process for the use of this data.

Techniques, tips, experiences Build it anyway. Build it anyway. Research, read, and reflect existing published policies. Ask questions. Research, read, and reflect existing published policies. Ask questions. Be prepared for The Brush-off. Be prepared for The Brush-off. Presumptive Close. Presumptive Close. Deal with whoever will deal with you. Deal with whoever will deal with you. Communicate, communicate, communicate. Communicate, communicate, communicate.

The Beams of New College How Buildings Learn, by Stewart Brand The anthropologist/philosopher Gregory Bateson used to tell a story: New College, Oxford, is of rather late foundation, hence the name. It was founded around the late 14th century. It has, like other colleges, a great dining hall with big oak beams across the top, yes? These might be two feet square, forty-five feet long. A century ago, so I am told, some busy entomologist went up into the roof of the dining hall with a penknife and poked at the beams and found that they were full of beetles. This was reported to the College Council, who met in some dismay, because where would they get beams of that caliber nowadays?

The Beams of New College How Buildings Learn, by Stewart Brand One of the Junior Fellows stuck his neck out and suggested that there might be on College lands some oak. These colleges are endowed with pieces of land scattered across the country. So they called in the College Forester, who of course had not been near the college itself for some years and asked him about oaks. And he pulled his forelock and said, “Well sirs, we was wonderin’ when you’d be askin’.”

The Beams of New College How Buildings Learn, by Stewart Brand Upon further inquiry it was discovered that when the College was founded, a grove of oaks had been planted to replace the beams in the dining hall when they became beetly, because oak beams always become beetly in the end. This plan had been passed down from one Forester to the next for five hundred years. “You don’t cut them oaks. Them’s for the College Hall.” A nice story. That’s the way to run a culture.

The Middleware Architect Building infrastructure (growing trees) for the future, quietly waiting out the storms and tempests of university administration; waiting for the day they realize that they need what we’ve built (grown) more than they ever knew. Building infrastructure (growing trees) for the future, quietly waiting out the storms and tempests of university administration; waiting for the day they realize that they need what we’ve built (grown) more than they ever knew. Then they’ll create policy around what already exists. Then they’ll create policy around what already exists.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.