Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

Slides:

Advertisements

Similar presentations

A Presentation to the Cabinet A Presentation to Stakeholders

Advertisements

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Local Public Health System Assessment

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Security, Privacy, Copyright, and Other Institutional Policy Implications of Online Learning Rodney J. Petersen, J.D. Policy Analyst & Security Task Force.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

DO NO HARM IRRB Presentation Purposes Responsibilities Processes NLU IRRB Home page.

Security Controls – What Works

Open Library Environment Designing technology for the way libraries really work November 19, 2008 ~ ASERL, Atlanta Lynne O’Brien Director, Academic Technology.

Information Security Policies and Standards

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Developing a Records & Information Retention & Disposition Program:

Head Start A to Z Communication This product was prepared under Grant #90HC0006 for the U.S. Department of Health and Human Services, Administration for.

IT Strategic Planning Project – Hamilton Campus FY2005.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Information Systems Security Officer

Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.

THE ETHICAL CONDUCT OF RESEARCH Chapter 4. HISTORY OF ETHICAL PROTECTIONS The Nuremberg Code The Office for Human Research Protections (OHRP), United.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Awareness: Taking the Medicine and Liking It Shirley C. Payne Director for Security Coordination University of Virginia EDUCAUSE Conference October.

Standards and Guidelines for Quality Assurance in the European

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

1 Open Library Environment Designing technology for the way libraries really work December 8, 2008 ~ CNI, Washington DC Lynne O’Brien Director, Academic.

Franklin University Dr. Lewis Chongwony, Instructional Designer

ACADEMIC PERFORMANCE AUDIT

Toward An Ethical World... Responsible Internet Citizenship: Safety, Security, & Scholarship Rodney J. Petersen Policy Analyst and Security Task Force.

Chapter Three IT Risks and Controls.

Session 5 Integrating CLAS Into Policy and Practice CLAS Training [ADD DATE] [ADD PRESENTER NAME] [ADD ORGANIZATION NAME]

1 Introduction to Evaluating the Minnesota Demonstration Program Paint Product Stewardship Initiative September 19, 2007 Seattle, WA Matt Keene, Evaluation.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.

Policy Pickles at Sueme U Seminars in Academic Computing 2005 – Case 5.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Institutional Considerations

ACADEMIC PERFORMANCE AUDIT ON AREA 1, 2 AND 3 Prepared By: Nor Aizar Abu Bakar Quality Academic Assurance Department.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

Cyberethics, Cybersafety, and Cybersecurity (C3): Implications for the Classroom Teacher Amy Ginther Project NEThics Director; Policy Develoment Coordinator.

Model Approaches to IT Policy Development EDUCAUSE Pre-Conference Seminar 05A, October 19, 2004 Amy Ginther, Coordinator of Policy Development and Education,

University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Integrated Knowledge & Information Policy Framework iKMS Practitioners’ Conference Singapore November

1 April 21 – 23, 2004 Baltimore, Maryland John Arnaldi, Ph.D. Coordinator of Education USF Research Compliance Barry Bercu, M.D. Chair, USF Biomedical.

What Institutional Researchers Should Know about the IRB Susan Thompson Senior Research Analyst Office of Institutional Research Presented at the Texas.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

1 Learning Outcomes Assessment: An Overview of the Process at Texas State Beth Wuest Director, Academic Development and Assessment Lisa Garza Director,

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

PDR 2016 A Guide for Professional Staff 1. Plan 2. Progress 3. Review.

HLC Criterion Two Primer Tuesday Sept. 8, Criterion Two. Integrity: Ethical and Responsible Conduct The institution acts with integrity; its conduct.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

OLA’S VISION AND VALUES FRAMEWORK

A Guide for Managers for Professional Staff

DRAFT Standards for the Accreditation of e-Learning Programs

A Guide for Professional Staff

A Guide for Professional Staff

Outline What is governance and what does it comprise?

Sam Catherine Johnston, Senior TA Specialist National AEM Center

Cynthia Curry, Director National AEM Center

Presentation transcript:

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004

Agenda Discussion throughout session on: Model policy development process Influences on security policy Security policy taxonomy Model security policies Awareness programs

Model Policy Development Process Predevelopment –Identify Issues –Conduct Analysis Development –Draft Language –Get Approvals –Determine Distribution/Education Maintenance –Solicit Evaluation and Review –Plan Measurement and Compliance

Policy Development Process ACUPA

Traits of Sound Policy Processes Setting the Stage WritingApprovingDistributingEducatingEnforcingReviewing Consistency with University values and mission Identification and involvement of stakeholders Informed participants Assess cost- benefit Preventing reinvention of the wheel Use a common format Agree on common definitions & terms Allow for user feedback Discussion and consensus building Wide review and input Approval from senior administrative levels Ease of access to resources Online Accessible from one location Allow for text and other searches Send to official distribution lists Include contacts to answer questions Hold a policy day Have traveling road shows! Have signed user agreements Require policies to be read before services granted Create policy enforcement office Assess liability/ feasibility Respond to complaints Identify an owner for each policy Develop a plan for active maintenance Archive, date, and notify constituencies of major changes

Identifying Policy Stakeholders

Higher Education Values Higher Education environment…tends to be more open than corporate or gov’t environments; reality of student residential environments Measures taken to improve security must protect and not impede the expression of these values. Balance need for security with important aspects of higher education environment.

Core Academic Values Oblinger, In Computer and Network Security in Higher Education, Luker & Petersen, editors. Community: shared decision making; outreach to connected communities (access to affiliates or other patrons) Autonomy: academic and intellectual freedom; distributed computing Privacy: “the right to open inquiry without having the subject of one’s interest examined or scrutinized by others” (American Library Association, 2002) Fairness: due process

Influences on Security Policy EDUCAUSE/Internet2 six principles to guide policy development: Civility and Community Academic and Intellectual Freedom Privacy and Confidentiality Equity, Diversity and Access Fairness and Process Ethics, Integrity and Responsibility

What to Include? Security Policy Taxonomy Security Architecture Security Awareness Security Implementation Security Management Data Security Identity Theft Incident Handling/Incident Response Information Assurance Network Vulnerability Assessment Physical Security Privacy Security Planning Security Policies Security Risk Assessment and Analysis

Writing Policy: Elements of Institutional Policies Policy Name Scope Purpose Policy Statement Roles/Responsibilities Definitions References Supporting Procedures? Consequences/Sanctions for Non-Compliance

Model security policies EDUCAUSE/Cornell Institute for Computer Policy and Law, includes security policy primer, sample policies and templateshttp://

Awareness Programs Target Audiences: faculty, staff, students, IT professionals Delivery Methods: presentations, ads, articles, quizzes, handouts, videos Message Framework –Knowledge: what to do –Skills: how to do –Attitudes: want to do National Initiatives: –EDUCAUSE Security Education and Awareness –

Awareness Programs Communication tips (Payne, In Luker/Petersen.) –Take the message to the people –Be consistent in the message –Write to short attention spans –Make the message real to each target audience –Make it fun –Repeat, repeat, repeat Some examples:

Resources Computer and Network Security in Higher Education, Mark Luker and Rodney Petersen, editors. Collection of policies and policy development resources:

Contact Information Office of Information Technology University of Maryland, College Park Amy Ginther, Policy Development Coordinator, phone: Gerry Sneeringer, Security Officer, phone: