Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Similar presentations


Presentation on theme: "Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD."— Presentation transcript:

1 Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD

2 Purpose To bring together representatives from schools and institutions of higher education (K-20) to create partnerships, strategies, and implementation plans to increase cyber security awareness among our constituencies.

3 Workshop Outcomes Conduct an Inventory of Related Work Programs and Products Identify Key Stakeholders and Interdependencies Provide Recommendations for Integrating Related Work Programs Provide Recommendations for New Initiatives

4 Schools & Higher Education Working Group Action Items Action Plan and Milestones Outline of Programs March 1 st 6 months (August) 12 months (January 2005) Beyond

5 Agenda Information Assurance Tools and the Learning Continuum Welcome and Introductions Inventory and Demonstration of Security Awareness Initiatives Security Awareness Strategy and Implementation Plan

6 EDUCAUSE/Internet2 Computer and Network Security Task Force Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security Task Force Coordinator

7 Strategic Goals The Security Task Force received a grant from National Science Foundation to identify and implement a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified: Education and Awareness Standards, Policies, and Procedures Security Architecture and Tools Organization, Information Sharing, and Incident Response

8 Education and Awareness To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end- users of technology (faculty, staff, and students), and to further the professional development of information technology staff.

9 Awareness Programs Only one-third of our institutions have a formal awareness program for students, faculty, or staff – ECAR Study (2003) The National Strategy recommends that institutions of higher education identify and adopt model user awareness programs and materials

10 Accomplishments – Web Site A Resource on Computer and Network Security for the Higher Education Community at Collection of "Education and Awareness Programs and Resources" at urces/awareness.asp

11 Accomplishments - Publications Leadership Book: Computer and Network Security in Higher Education Effective Security Practices Guide Articles in EDUCAUSE Review, EDUCAUSE Quarterly, & University Business Magazine White Paper on “IT Security in Higher Education: A Legal Perspective”

12 Accomplishments - Outreach Conference Presentations EDUCAUSE National, Regionals, and Other Events Internet2 Member Meetings Higher Education IT Alliance Higher Education Associations Annual EDUCAUSE/Internet2 Security Professionals Workshop Letter to Presidents from the American Council on Education

13 Message to Presidents (Feb 2003) Set the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability. Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting. Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks. David Ward President, American Council on Education

14 New Awareness Campaign

15 Recommendations Campus-wide security awareness campaigns Develop how to and best practices security guides Make training for sys admin in securing machines and devices a requirement Share training and educational materials across our campuses Develop security training and education courses for staff students and faculty NSF Workshop Results – Fall 2002

16 For more information: EDUCAUSE/Internet2 Computer and Network Security Task Force

17 Recommendations Key Deliverables with Timelines Metrics Lead Organizations Responsible Resource Requirements and Recommended/Committed Resource

18 Moving from Strategy to Action Why? National Strategy! What? Nat’l Strategy – Strategic Level What? Tactical How? Operational When? Timeframes and Metrics Who? Audience and Assignment

19 Elements of Implementation Plan Provide Recommendations for Integrating Related Work Programs Provide Recommendations for New Initiatives Identify Key Stakeholders and Interdependencies

20 Organizing Implementation Plan Brainstorm Evaluate Ideas Sort and Combine Similar Ideas Prioritize Ideas March 1 st 6 months (August) 12 months (January 2005) Beyond Resource Requirements Lead Organization(s) Responsible

21 Evaluation 1.What were the most significant outcomes of the workshop for you? 2.What aspects were least helpful? 3.Rate the quality and organization of the workshop (10 =excellent) Why did you mark it where you did? 4.My advice on next steps


Download ppt "Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD."

Similar presentations


Ads by Google