Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Slides:

Advertisements

Similar presentations

Module N° 4 – ICAO SSP framework

Advertisements

Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, This work is the intellectual property.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

The International Security Standard

More CMM Part Two : Details.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.

University of Notre Dame Office of Information Technologies March 26, Maintaining the Right Balance Using the Project Charter to Set IT Project Prioritization.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Purdue University Calumet Enrollment Services Center Integrated Service Delivery In-person and on the Web Beth Pellicciotti Assistant Vice Chancellor Academic.

TESL Ontario Conference October 28 & 29, Project Team Project Lead - Carolyn Cohen Research Lead - Antonella Valeo Research Consultants - Sheila.

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Assessing the Effects of Virtual Communities of Practice on Professional Development 2003 AAHE Assessment Conference Darren Cambridge & Vicki Suter EDUCAUSE/NLII/AAHE.

CCSU’s E-portfolio Initiative and the IT Career Ladder Jo Kinnard, Ph.D. Clayton College and State University, Morrow, GA.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.

NLII Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.

Turning Information Into Action: Enterprise Reporting at Columbia University Maria E. Mosca, Director Student Information Systems Columbia University in.

Copyright Marilyn Drury, Darrell Fremont, Doreen Hayek, This work is the intellectual property of the authors. Permission is granted for this material.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Copyright Dr. Thomas L. Franke, Ms. Candace F. Benson, and Ms. Dixie L. Lawson (2003). This work is the intellectual property of the authors. Permission.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Classroom Technologies Re-organization Copyright Kathy Bohnstedt, This work is the intellectual property of the author. Permission is granted for.

Chicagoland IASA Spring Conference

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Serving MERLOT on Your Campus Gerry Hanley California State University and MERLOT Seminars on Academic Computing August 7, 2002 Snowmass CO Copyright Gerard.

CMM Level 3 KPA’s CS4320 Fall Organizational Process Focus (Goals) Software process development and improvement activities are coordinated across.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

Chapter 3 Internal Controls.

Issues Associated with ePortfolios in Small Colleges EDUCAUSE Mid-Atlantic Regional Conference 2006 Ed Barboni, Senior Advisor, Council of Independent.

Higher Education and the New International Imperative David Ward President American Council on Education Global Challenges and Higher Education Duke University.

Considering Internal Control

BusinessAllstars.com 1 BusinessAllstars.com Presents Copyright © 2004 by Gainbridge Associates All right reserved This material may not be used or reproduced.

Taking Cyber Security Awareness to the Street Community Aware.

Establishing an IT Process Improvement Program Carrie Regenstein-CSG- May 13, 2005 and Jeff Silber EDUCAUSE Midwest Reg. Conf.— March 23, 2005 Copyright.

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

George Mason University Assessing Technology Support: Using Portfolios to Set Goals and Measure Progress Anne Agee, Star Muir, Walt Sevon Information Technology.

NLII05 Annual Meeting Professional Development of Faculty and Instructional Technology Staff through Communities of Practice University of Memphis: Technology.

Getting Everyone "On Board" for a Major IT Project Presentation to CUMREC MAY 16, 2002 Warren Mills, CEO Copyright Advantiv, Inc This work is the.

Chapter 9: Introduction to Internal Control Systems

A Cat-Herding Tale Forging a Single Course Management System for a Decentralized Institution Copyright Abdul Shibli, 2004.This work is the intellectual.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

The Duluth Area CIO’s Consortium Collaborating with Regional IT Organizations Copyright Linda Deneen and Lynne Hamre, This work is the intellectual.

Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.

© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.

Top 10 Challenges of the Academic Technology Community Veronica Diaz, John Campbell, Dennis Trinkle Wednesday, October 24, :50 p.m. - 4:40 p.m.

Systemic Progress in Teaching and Learning Common Elements that Support Campus-Wide Innovation Copyright Andrea Nixon, A. Michael Berman, Christine Haile,

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Julian Hooker Assistant Managing Director Educause Southwest

Educause/Internet 2 Computer and Network Security Task Force

Decentralization in a Centralized IT Environment

A Framework for Control

Ed Barboni, Senior Advisor, Council of Independent Colleges

THE ACCOUNTABLE NET: INFORMATION SECURITY GOVERNANCE

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

Presentation transcript:

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Information Security Governance National CyberSecurity Summit, Dec 2003 Five Task Forces  Awareness for Home Users & Small Business  Cyber Security Early Warning  Corporate Governance  Technical Standards/Common Criteria  Security Across the Software Development Lifecycle

Corporate Governance Task Force Convened to “develop and promote a coherent governance framework to drive implementation of effective information security programs” in private sector organizations Five principal recommendations Adaptation of recommendations to education and non-profit institutions addressed in appendix

Corporate Governance Task Force Recommendation 1: Organizations should adopt the Information Security Governance Framework described in this report to embed cyber security into their corporate governance process. The ISG Framework addresses the following areas of governance:  Authority and functions of the Board of Directors/Trustees  Authority and functions of the Senior Executive  Authority and functions of the Executive Team members  Authority and functions of Senior Managers  Responsibilities of all employees and users  Organizational unit security program  Organizational unit reporting  Information Security Program evaluation

Corporate Governance Task Force Recommendation 2: Organizations should signal their commitment to information security governance by stating on their website that they intend to use these tools to assess their performance and report the results to their board of directors. 12 Core Principles:  CEOs should have an annual information security evaluation conducted, review the evaluation results with staff, and report on performance to the Board of Directors.  Periodic risk assessments of information assets should be conducted as part of a risk management program.  Policies and procedures should be implemented based on these risk assessments to secure information assets.  A security management structure should be established to assign explicit individual roles, responsibilities, authority, and accountability.

Corporate Governance Task Force  Organizations should develop plans and initiate actions to provide adequate information security for networks, facilities, systems and information.  Organizations should treat information security as an integral part of the system life-cycle.  Organizations should provide information security awareness, training and education to personnel.  Organizations should conduct periodic testing and evaluation of the effectiveness of information security policies and procedures.  Organizations should create and execute a plan for remedial action to address any information security deficiencies.  Organizations should develop and implement incident response procedures.  Organizations should establish plans, procedures and tests to provide continuity of operations.  Organizations should use security best practices guidance, such as ISO 17799, to measure information security performance.

Corporate Governance Task Force Recommendation 3: All organizations that are members of the Corporate Governance Task Force should voluntarily signal their commitment to information security governance by posting a statement on their website. In addition, the four trade associations (TechNet, BSA, ITAA and the Chamber of Commerce) involved in the National Cyber Security Summit should encourage their members to embrace information security governance and post statements on their websites. Furthermore, all Summit participants should embrace information security governance and post statements on their websites, and if applicable, encourage their members to do so as well. Recommendation 4: The Department of Homeland Security should endorse the Information Security Governance Framework and Core Set of Principles, and encourage the private sector to make cyber security part of its corporate governance efforts. Recommendation 5: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) should revise the Internal Controls- Integrated Framework so that it explicitly addresses information security governance.

Corporate Governance Task Force Application to Education and Non-Profit Institutions  Adaptation of Language to Fit Structures and Organizations of Education and Non-Profits Translation to “Dean” or “Director” instead of “senior company manager”, etc. Translation to “Board of Regents” or “Trustees” instead of “Board of Directors” “Impact of downtime on revenues” to “impact of downtime to instructional, research, service missions”  Verification and compliance recommendations seem to fit well

Information Security Governance in Higher Education Next Steps  Pilot recommendations at few higher ed institutions  Draft specific recommendations for higher ed  Promulgate through EDUCAUSE, NACUBO, other HEIT Alliance partners