Presentation is loading. Please wait.

Presentation is loading. Please wait.

Corporate Forum Presented by

Published byMarkus Nygaard Modified over 5 years ago

Similar presentations

Presentation on theme: "Corporate Forum Presented by"— Presentation transcript:

1 Corporate Forum Presented by
EDUCAUSE/Internet2 Computer and Network Security Task Force & EDUCAUSE Center for Applied Research (ECAR)

2 Introduction Background of the Security Task Force
Coordination with Higher Education IT Alliance ACE, AAU, NASULGC, AASCU, NAICU, AACC, etc. Summary of Accomplishments Framework for Action Higher Education Contribution to the National Strategy ACE Letter to Presidents White Paper on Legal Issues Leadership Strategies Book on Security Introduction of Task Force Leadership

3 Cyber Security Forum for Higher Education
The purpose of the Cyber Security Forum for Higher Education is to create a forum for the discussion of higher education computer and network security issues between the corporate community and the EDUCAUSE/Internet2 Computer and Network Security Task Force with the goal of improving higher education cyber security through mutual efforts.

4 Strategic Goals The Security Task Force received a grant from National Science Foundation to identify and implement a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified: Education and Awareness Standards, Policies, and Procedures Security Architecture and Tools Organization, Information Sharing, and Incident Response

5 Education and Awareness
To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end-users of technology (faculty, staff, and students), and to further the professional development of information technology staff.

6 Standards, Policies, & Procedures
To develop information technology standards, policies, and procedures that are appropriate, enforceable, and effective within the higher education community.

7 Security Architecture and Tools
To design, develop, and deploy infrastructures, systems, and services that incorporate security as a priority; and to employ technology to monitor resources and minimize adverse consequences of security incidents.

8 Organization, Information Sharing, and Incident Response
To create the capacity for a college or university to effectively deploy a comprehensive security architecture (education, policy, and technology), and to leverage the collective wisdom and expertise of the higher education community.

9 Projects and Initiatives
Education and Awareness Initiative Annual Security Professionals Workshop Legal Issues and Institutional Policies Risk Assessment Method and Tools Effective Security Practices Guide Research and Development Initiatives Vendor Engagement and Partnerships Research and Educational Networking Information Sharing & Analysis Center

10 The National Strategy to Secure Cyberspace
The National Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate: one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities; an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks; model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; one or more sets of best practices for IT security; and, model user awareness programs and materials.

11 Origins of ISACs The development of ISACs was encouraged by Presidential Decision Directive (Clinton PDD 63: Protecting America's Critical Infrastructures), to serve as the "mechanism for gathering of vulnerabilities, threats, intrusions, and anomalies" information from participating institutions, analyzing and developing a recommended response, and disseminating information so that the member institutions can better defend and secure their technology environment and operations.

12 The National Strategy on ISAC’s
“The National Cyberspace Security Response System is a public-private architecture, coordinated by the Department of Homeland Security, for analyzing and warning; managing incidents of national significance; promoting continuity in government systems and private sector infrastructures; and increasing information sharing across and between organizations to improve cyberspace security. The National Cyberspace Security Response System will include governmental entities and nongovernmental entities, such as private sector information sharing and analysis centers (ISACs)."

13 Research and Education Networking ISAC at Indiana U
The REN-ISAC acts as the security information collection, analysis, dissemination, and early-warning organization specifically designed to support the unique environment and needs of organizations connected to higher education and research networks. With various information inputs at its disposal, the REN-ISAC has a unique aggregate view of the current and near-future security situation in the higher education community. With these inputs and with appropriate synthesis and analytic tools, along with access to experienced incident response staff, the REN-ISAC is distinctively positioned to provide early warning about imminent threats, along with applicable response or self-defense advice, to the higher education and research networking community.

14 Receive and Analyze Operational Threat, Warning, and Attack Info
Received from the NIPC, other ISACs, and various other sources Received from ISAC member campuses related to incidents on local network backbones Received from network engineers related to incidents on national R&E network backbones Derived from network instrumentation Analysis would be performed by network and security engineers, and possibly by the Advanced Network Management Lab, related to: Unscheduled outages and degraded operations Security-related events such as DDoS attacks, virus alerts, systematic network vulnerabilities scanning, systematic spoofing Other anomalies that constitute or may constitute a serious threat to the networks and associated systems of the REN-ISAC membership

15 What the REN-ISAC Needs From The Corporate Community
Information Sharing Points of Contact Early Notification of Vulnerabilities Cooperative Agreements and Relationships (i.e., Partnerships) The National Strategy to Secure Cyberspace has called for “voluntary partnerships among government, industry, academia, and nongovernmental groups to secure and defend cyberspace.”

16 Higher Ed IT Environments
Technology Environment Distributed computing and wide range of hardware and software from outdated to state-of-the-art Increasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challenges Leadership Environment Reactive rather than proactive Lack of clearly defined goals (what do we need to protect and why) Academic Culture Persistent belief that security & academic freedom are antithetical Tolerance, experimentation, and anonymity highly valued

17 Campus Incidents “Damage Control: When Your Security Incident Hits the 6 O’Clock News” Georgia Tech University of Kansas The University of Texas, Austin Microsoft SQL Slammer Incident Cisco Router Vulnerability Microsoft RPC Vulnerability Worms and Viruses!!!

18 Security Research Initiatives
Objective: Develop metrics that both identify the cost of security, the cost of not securing assets, and measures to account for progress. Examples of Initiatives Incident Cost and Analysis Modeling Projects – ICAMP-I (1998) and ICAMP-II (2000) The Computer Incident Factor Analysis and Categorization Project or ICAMP-III Effective Security Practices Guide Risk Assessment Models and Tools ECAR Security Study Report

19 Conclusions Higher Education Cares About Security
Higher Education Security Is Extremely Complex Higher Education Has Been Hit Very Hard By Recent Events Higher Education Is Prepared To Make Tradeoffs Differently Today Than Previously Higher Education Needs Help From The Vendor Community

20 Discussion Question 1: What is the responsibility of the higher education community? Question 2: What is the responsibility of the vendor community? Question 3: How can we work together to improve security for higher education?

21 BREAK

22 Question 1 Are there practices that higher education could adopt on a more widespread basis to improve computer and network security for the enterprise?

23 Question 2 What are the challenges, obstacles, and barriers (real or perceived) for hardware/software vendors providing institutions with secure products “out-of-the-box”? What strategies or solutions could the corporate community or EDUCAUSE pursue to overcome those challenges?

24 Question 3 How can corporate partners and EDUCAUSE, and the EDUCAUSE membership, work together to improve computer and network security? What do you think of the Cyber Security Forum for Higher Education? What does it mean for your organization to participate? How would you imagine participating?

25 Summary of Discussions

Download ppt "Corporate Forum Presented by"

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
National Infrastructure Protection Plan

National Infrastructure Protection Plan
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.
Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

Similar presentations

Ads by Google