Presentation is loading. Please wait.

Presentation is loading. Please wait.

VIRTUAL REALITY: CYBER SECURITY ISSUES

Published byStewart Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "VIRTUAL REALITY: CYBER SECURITY ISSUES"— Presentation transcript:

1 VIRTUAL REALITY: CYBER SECURITY ISSUES
Presented to: Legal Issues in Higher Education Conference October 7, 2003 Burlington, VT By: Rodney Peterson Computer & Network Security Task Force Coordinator EDUCAUSE Washington, D.C. Rogers Davis Assistant Vice Chancellor, Human Resources University of California, San Diego La Jolla, CA Rodney Peterson and Rogers Davis, Copyright 2003.

2 Fall 2003 – Welcome Back! Orientation: Academics, Drugs & Alcohol, Co-Curricular Activities, etc. Check-In: Keys, Meet Your RA, etc. In-Room: Goody Box, Instructions on Port-to-Pillow Connection, etc. Computer Security: CD’s with Patches and Anti-Virus Software, Computer Check-Up, and New Aggressive Policies

3 Threats, Vulnerabilities, & Risks
Threats - an adversary that is motivated to exploit a system vulnerability and is capable of doing so. Vulnerabilities - error or weakness in the design, implementation, or operation of a system. Risks - information loss or compromise, loss of research advantage, compromised or lost data, damage to reputation, legal liability, disruption of services, costs associated with recovery.

4 Policy of the United States
In the past few years, threats in cyberspace have risen dramatically. The policy of the United States is to protect against the debilitating disruption of the operation of information systems for critical infrastructures and, thereby, help to protect the people, economy, and national security of the United States. We must act to reduce our vulnerabilities to these threats before they can be exploited to damage the cyber systems supporting our Nation’s critical infrastructures and ensure that such disruptions of cyberspace are infrequent, of minimal duration, manageable, and cause the least damage possible. Letter from President George W. Bush to The American People, The National Strategy to Secure Cyberspace (February 2003)

5 National Strategy to Secure Cyberspace
Released February 2003 Available at Purpose: To engage and empower Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact. Implementation: National Cyber Security Division of the Information Assurance & Infrastructure Protection Directorate of the U.S. Department of Homeland Security

6 National Strategy & Higher Ed
The National Strategy to Secure Cyberspace encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate: one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities; an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks; model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; one or more sets of best practices for IT security; and, model user awareness programs and materials.

7 Coordinated Higher Ed Effort
EDUCAUSE – Use of IT in Higher Education Internet2 – Advanced Networking & Next Generation Higher Education Information Technology Alliance American Association of Community Colleges American Association of State Colleges and Universities American Council on Education Association of American Universities Association of Research Libraries EDUCAUSE Internet2 National Association of College and University Business Officers National Association of Independent Colleges and Universities National Association of State Universities and Land-Grant Colleges University Continuing Education Association

8 EDUCAUSE/Internet2 Computer and Network Security Task Force
Co-chairs: Dan Updegrove, University of Texas at Austin, & Gordon Wishon, University of Notre Dame Resource on Computer and Network Security for the Higher Education Community Initiatives Outreach and Awareness Effective Practices and Solutions Professional Development for Security Professionals Risk Assessment Methods and Tools Legal Issues and Institutional Policies Federal/State Public Policy Vendor Engagement

9 Message to Presidents (Feb 2003)
Set the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability. Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting. Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks. David Ward President, American Council on Education

10 Guiding Principles Civility and Community
Academic and Intellectual Freedom Privacy and Confidentiality Equity, Diversity, and Access Fairness and Process Ethics, Integrity, and Responsibility

11 Legal Issues “Negligent Security” & Privacy Torts
Federal Statutes – Security & Privacy USA PATRIOT Act of 2001 Gramm-Leach-Bliley Act of 1999 Health Information Portability and Accountability Act (HIPAA) of 1996 Electronic Communications Privacy Act (ECPA) of 1986 Family Educational Rights and Privacy Act (FERPA) of 1974 The Privacy Act of 1974 State Statutes Maryland: Data Security & Privacy Policies California: Disclosure of Security Breaches

12 Proposed Public Policy
Privacy Personally Identifiable Information (PII) Privacy Policies: Opt-In, Opt-Out, and Plain Language Use of Social Security Number Identity Theft Spam and Unsolicited Commercial Security Notice of Security Breaches Information Sharing and Public Information Limits EDUCAUSE Legislative Tracking Chart is available at

13 Emerging Public Policy Issues
Secure Software Development Market Pressure Liability, Licensing Terms, and Warranties Minimum Security Requirements Federal Information Security Management Act Requirements in Federal Contracts & Grants Allocation of Costs and Insurance

14 I. CRITICAL ISSUES Various Location of Data Systemwide systems of data
CASE STUDY I. CRITICAL ISSUES Various Location of Data Systemwide systems of data Campuswide systems of data Central office systems of data s Shadow systems Paper files

15 Impact of Shadow Systems
Identifying locations Self audit Ability to impose standards Knowing whether standards are being maintained

16 Decentralized Environment
Client server environment Repair of problems Skill set of those who manage computers Deciding who is involved in framing E-solutions Applicability of certain services

17 Multiple Levels of Access/Accessibility
to the Network Internet vs. intranet Firewalls Controls, access and security

18 Technology-based Business Needs and
Security The IT perspective The operational perspective

19 Addressing Security Violations
Faculty Staff Students

20 II. STATUTORY & POLICY REQUIREMENTS
CA Law SB-1386 CA Law SB-25 CA Law AB-46

21 UC & UCSD Policies UCSD Standards for developing and maintaining computer applications UC Electronic Communication Policy UCSD Policy

22 III. STRATEGY AND SOLUTIONS TO SECURITY & PRIVACY
Business Drivers Using technology as a tool to manage solutions Aligning efforts with the organization’s goals Identifying champions within the organization Determining standards of excellence Defining the architecture Complying with legal and regulatory requirements Managing risk

23 Business Strategy Develop an electronic commerce solution Implement a common solution for electronic procurement Implement the Employee Systems Initiative (ESI) Identify self-service application opportunities Adopt industry technology architectures and standards for Web-based applications, electronic data interchange and wireless and mobile technology Eliminate paper-based processes and forms Ensure adequate authentication and security

24 Raising Awareness Within the
Organization Training Accountability Information

25 Process Model for Assessment
Assessment strategy Culture change Substitute identifiers

26 Centralization vs. Decentralization
Internet vs. Intranet

27 IV. SECURITY GUIDELINES
Authentication and authorization Control Logging Backup Privacy

28 V. PHYSICAL SECURITY Inventory Physical issues Disaster planning
Decommissioned PCs

29 PRINCIPLES APPLICABLE TO NETWORK SECURITY
Security is everyone’s problem Manage data security Honor requests for central services Don’t steal software Apply patches Run anti-virus software Turn off unnecessary services Use strong passwords Don’t share your password

30 VIRTUAL REALITY: CYBER SECURITY ISSUES
Presented to: Legal Issues in Higher Education Conference October 7, 2003 Burlington, VT By: Rodney Peterson Computer & Network Security Task Force Coordinator EDUCAUSE Washington, D.C. Rogers Davis Assistant Vice Chancellor, Human Resources University of California, San Diego La Jolla, CA

31 EDUCAUSE2003 November 4-7, 2003 Anaheim, California
Pre-Conference Seminars Risk Evaluation, Incident Response and Forensics, Security Policy Development, Federal Policy Featured Sessions PR Dimensions and Management Response, P2P Filesharing Track Sessions Elimination of SSN’s as ID’s, Education and Awareness, Collaborations and Partnerships Featured Speaker Richard Clarke, former White House Cybersecurity Czar More information at

Download ppt "VIRTUAL REALITY: CYBER SECURITY ISSUES"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Similar presentations

Ads by Google