Www.umbc.edu EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess January 21, 2004.

Slides:

Advertisements

Similar presentations

The University of Best Practices American Society of Civil Engineers Student Chapter.

Advertisements

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

David A. Brown Chief Information Security Officer State of Ohio

Campus Approaches to Improving Cyber Security Awareness Presented by: Krizi Trivisani, Chief Security Officer The George Washington University EDUCAUSE.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

1 Effective Cybersecurity Practices for Higher Education Educause Southeast Regional Conference Seminar 1A June 6, 2005 Mary Dunker Virginia Tech Tammy.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Broader Impacts in Proposal Writing Sally Bond Assistant Director of Research Development Services Proposal Coordination Office of the Vice President for.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Incident Handling and Response Breakout Overview.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

A First Course in Information Security

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

Security Professionals Conference May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

Federal Cyber Policy and Assurance Issues Dwayne Ramsey Computer Protection Program Manager Berkeley Lab Cyber Security Summit September 27, 2004.

Implementing the Global Strategic Plan for Democracy Education A Proposed Plan of Action for the Community of Democracies Working Group on Democracy Education.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Creating a Culture of Student Affairs Assessment Katie Busby, Ph.D. Jessica Simmons Office of Student Affairs Assessment & Planning University of Alabama.

NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.

WATER, WATER EVERYWHERE? The Water Resources Management Committee of the American Public Works Association.

Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Policy and IT Security Awareness Amy Ginther Policy Develoment Coordinator University of Maryland Information Technology Security Workshop April 2, 2004.

Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.

Welcome and Introduction to the Security Task Force Joy Hughes Co-Chair, Security Task Force Vice President and Chief Information Officer George Mason.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

Before you begin In order to remain in good standing, every Student Chapter must submit an annual report and pay annual dues. – Your faculty advisor will.

Enhancing Networking Expertise Across the Great Plains Greg Monaco, Ph.D. Director for Research & Cyberinfrastructure Initiatives Great Plains Network.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.

Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.

Mark Luker, Vice President, EDUCAUSE EDUCAUSE Cyberinfrastructure.

About ITE Core Purpose To advance transportation knowledge and practices for the benefit of society.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

Educational Strategies Presented by: Christina Worrall Vice President, The Lewin Group, Inc PHDSC Annual Meeting March 18, 2004.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

NMI-EDIT AND Small College Security & ID Management Issues Discussion John Bruggeman, Director of Information Systems, Hebrew Union College-Jewish Institute.

EDUCAUSE/Internet2 Computer & Network Security Task Force Update Dan Updegrove VP for IT, University of Texas at Austin Task Force Co-chair Tempe,

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

Health IT Policy Committee Meeting Lygeia Ricciardi, Acting Director, Office of Consumer eHealth Update: ONC’s Consumer eHealth Program July 10, 2012.

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

Network Architecture and Security Ten Years Out Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

EDUCAUSE/Internet2 Computer & Network Security Task Force

NYSICA 2016Membership survey

Educause/Internet 2 Computer and Network Security Task Force

Compliance with hardening standards

Higher Education’s Role in the Identity Ecosystem

4th Annual Conference on Technology and Standards Washington

Corporate Forum Presented by

Presentation transcript:

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004

2 Security Task Force The web site provides information on the task force members, activities, initiatives, and links to a number of security resources. Today I will briefly discuss a few of the initiatives underway that we hope are responding to the needs of higher education.

3 REN-ISAC at Indiana University Indiana’s Global NOC has a unique view of network connections among universities on Internet2 (e.g. Slammer or Nachi traffic) The REN-ISAC has 7x24 network and security expertise on site. They have access to DHS and the other 12 industry ISAC’s for early warning information The REN-ISAC is working on ways to summarize and disseminate findings Visit

4 Vendor Engagement Vendor practices have a significant impact on higher education security EDUCAUSE established the Cyber Security Forum to develop linkages with the vendor community. Members include - Microsoft, IBM, Dell, HP, Datatel, PeopleSoft, Oracle, Cisco, Apple, Sun, and SCT Members of the task force visited Microsoft in September to explain the needs of higher education. Microsoft has been very responsive to suggestions.

5 Legal Issues and Institutional Policies Commissioned a white paper on higher education legal issues related to IT Security We are working closely with other higher education groups to make security a priority throughout higher education This fall we released the EDUCAUSE book - Computer and Network Security in Higher Education NSF Workshop resulted in Principles to Guide Efforts to Improve Computer and Network Security in Higher Education We continue to make connections with the federal government agencies -- NIST, DHS, and NSA regarding security –Task force is actively participating in National Cyber Security Forum task forces

6 Risk Assessment and Tools Risk assessment is a critical component in developing a campus IT Security Plan We have worked with the CMU Software Engineering Institute (SEI) to learn the SEI OCTAVE risk assessment process and are working to streamline this for Higher Education We continue to build partnerships with the auditing community. Rob Clark, Director of Internal Audit for Ga. Tech. Has joined the task force and will be leading an initiative on risk management in higher ed

7 Research and Development Initiatives Members of the task force are participating in two R&D activities: Ken Klingenstein of U. of Colorado and Internet2 is leading a group named Line Speed The purpose: How does higher education balance security and performance in advanced networks Computer Incident and Factor Analysis Categorization (CIFAC) project led by Dr. Virginia Rezmierski of U. of Michigan is looking at incident classification.

8 Education and Awareness Initiative Security and awareness is consistently listed as a critical need. Less 40% of institutions have active awareness programs Mark Bruhn of Indiana and Kelley Bogart of U. of Arizona are co-chairing our security awareness working group. Last week we held a 1.5 day workshop to identify how to make quick progress and what to focus on for long-term needs This working group is working closely with the National Cyber Security Summit sub- committee on Awareness Finally, May we will hold the 2nd Annual Security Professionals Workshop in Washington, D.C.

9 Effective Practices Initiative The goal of the initiative is to identify and publicize practical approaches to preventing, detecting, and responding to security problems University security officers and supporting staff solicit, develop, and review the submitted practices. Effective instead of best because higher education is too diverse for a one-size fits all approach that best implies. We hope to have multiple entries per topic from different institution types

10

11 Effective Security Practices Guide Focus Areas Online at the Contents include Education, Training and Awareness Risk Analysis and Management Security Architecture Design Network and Host Vulnerability Assessment Network and Host Security Implementation Intrusion and Virus Detection Incident Response Encryption, Authentication & Authorization Presently we have 25 practices available

Evolution of Security Practices

13 Resources and Events Resources security.internet2.edu Events 2nd Security Professionals Workshop May 16-18, 2004 in Washington, D.C.