Download presentation
Presentation is loading. Please wait.
1
Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative EDUCAUSE
2
Digital Infrastructure as a Strategic National Asset From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset... it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. President Barak Obama May 29, 2009
3
Cyberspace Policy Review Subtitle: Assuring a Trusted and Resilient Information and Communications Infrastructure 60 Day Comprehensive Review (Took 90 Days for President to Review and Announce) 6 Months Later, Major Recommendation Not Addressed: Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; National Security and Economic Security Concern
4
Policy Recommendations Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. Prepare a cybersecurity incident response plan Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. Initiate a national public awareness and education campaign to promote cybersecurity.
5
Policy Recommendations (cont’d) Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity. Develop a framework for research and development strategies that focus on game-changing technologies; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.
6
Congressional Action Health Information Technology Act (HI TECH Act) FTC Enforcement of Red Flags Rule Delayed until June 1, 2010 HEOA Regulation: Distance Education Verification Positioning of Cybersecurity in Federal Government Strengthening of FISMA Role of NIST in Standards Development National Security Breach Notification Law Critical Infrastructure Protection and Cyber Assets
7
National Broadband Plan What type of computer-based attacks against government or commercial computer systems or networks are occurring and what are other federal agencies, commercial, and other entities doing to prevent, detect and respond to cyber attacks? How are other federal agencies of the United States and other governments collaborating with the communications segment to prevent, detect, and respond to cyber attacks? What market incentives exist for commercial communications providers, large and small, to invest in secure infrastructure? (i.e., how do we avoid externalities?) Do end-users have sufficient independent information to make good decisions between communications providers that may differ in the extent to which they implement cyber security measures? How widely are cyber security best practices implemented by communications providers and what are these best practices? What are the specific wireless network features and handset features and capabilities necessary to combat such attacks?
9
NCSAM Highlights Kick-off Event in Washington, D.C. Mid-October Event in Sacramento, CA The White House Proclamation declaring October as NCSAM Obama 3 Minute Video Address Department of Homeland Security Napolitano address at kick-off event: 1,000 new hires Napolitano web address Congressional Resolutions
10
Organizational Alignment Cybersecurity Identity and Access Management Privacy
11
Policy: Comprehensive Privacy Framework Practice: Fair Information Practices Issues: Protection of Personally Identifiable Information Identity Theft Data Retention and Disposal Roles: Chief Privacy Officer International Association of Privacy Professionals
12
Identity & Access Management EDUCAUSE Identity & Access Management Working Group Goals: Awareness and advocacy—to help CIOs and IT leaders understand the strategic importance of IAM for their enterprise Outreach and coordination—to work with other constituencies, including government and industry, to help enable the adoption of interoperable IAM Partnerships and collaboration—to facilitate the utilization of centralized authentication and authorization services by business process owners, including student services, human resources, alumni and development, facilities management, and other groups Implementation and training—to provide resources and tools, including IT staff training, to equip developers and implementers Federated Identity Management & the InCommon Federation
13
Academia’s Role in Securing Cyberspace Through its core mission of teaching and learning, it is the main source of our future leaders, innovators, and technical workforce. Through research, it is the basic source of much of our new knowledge and subsequent technologies. As complex institutions, colleges and universities operate some of the world’s largest collections of computers and high-speed networks.
14
Higher Education Information Security Council Hosts: EDUCAUSE and Internet2 History: Serving higher education since 2000 Mission: to improve information security and privacy across the higher education sector by actively developing and promoting effective practices and solutions for the protection of critical IT assets and infrastructures.
15
InfoSec Council Activities Security Discussion Group Working Groups People: awareness and training Process: compliance, policies, risk, governance Technology: effective practices and solutions Professional Development Annual Security Professionals Conference SANS-EDU Partner Series Collaborations and Partnerships Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) Center for Internet Security ... and more
16
InfoSec Council Strategic Plan Theme:Safeguarding Our IT Assets, Protecting Our Community’s Privacy Goals: 1. Obtain Executive Commitment and Action 2. Manage Data to Enhance Privacy and Security Protections 3. Develop and Promote Effective Practices and Solutions 4. Explore New Tools and Technologies 5. Establish and Promote Information-Sharing Mechanisms
17
InfoSec Council Special Projects Confidential Data Handling Blueprint Guidelines for Data and Media Sanitization Toolkit for Electronic Records Management, Data Retention, and e-Discovery Information Security Governance Risk Management Framework Security Awareness Poster/Video Contest National Cybersecurity Awareness Month Security Metrics
18
Information Security Guide Risk Management Compliance Security Policy Organization of Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Controls Information Systems Acquisition, Development, and Maintenance Incident Management Business Continuity Management
19
Confidential Data Handling Blueprint Step 1: Create a security risk-aware culture that includes an information security risk management program Step 1 Step 2: Define institutional data types Step 2 Step 3: Clarify responsibilities and accountability for safeguarding confidential data Step 3 Step 4: Reduce access to confidential data not absolutely essential to institutional processes Step 4 Step 5: Establish and implement stricter controls for safeguarding confidential data Step 5 Step 6: Provide awareness and training Step 6 Step 7: Verify compliance routinely with your policies and procedures Step 7
20
Call to Action Attend Security Professionals Conference April 12-14, 2010, Atlanta, Georgia net.educause.edu/conference/security Contribute Submit an Effective Practice and Solution www.educause.edu/security/guide Join Discussion Group: www.educause.edu/groups/security REN-ISAC: www.ren-isac.net Volunteer Send an email to security-volunteer@educause.edu
21
For More Information Visit: Higher Education Information Security Council http://www.educause.edu/security Contact: David Swartz, American University, HEISC Co-Chair dswartz@american.edu Brian Voss, LSU, HEISC Co-Chair bvoss@lsu.edu Rodney Petersen, EDUCAUSE, HEISC Staff rpetersen@educause.edu
22
THANK YOU
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.