Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues Cedric Bennett, Emeritus Director, Information Security.

Slides:



Advertisements
Similar presentations
User’s Guide.
Advertisements

The International Security Standard
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
DISPUTES & INVESTIGATIONS ECONOMICS FINANCIAL ADVISORY MANAGEMENT CONSULTING Joining LinkedIn How to Register, Follow Navigant & Join the Conversation.
DoW text: Task and WP leaders will prepare syntheses reports of the project progress, its results and its implications. These synthesis reports will be.
Overview of New Behind the Blackboard for Blackboard Customers APRIL 2012 TM.
Outlook 2007 Tips, Tricks, and Tools. Overview Main Screen Navigation Pane View Pane Reading Pane To–Do Bar Create a New Message Contacts Create a Signature.
Partner Network Portal Anna Jones :: July 2006 Partner Training Webinar Communications Sector.
MyiLibrary® ‘Search & View’ Website Training June 8, 2010.
Quick Reference Guide Welcome TEST USER Version_NSU_ HELP RETIREMENT MANAGER DEMO FEEDBACK.
Office 2013 and Windows 8: Essential Concepts and Skills Microsoft Access 2013.
Using the University of Northampton Library A student guide Please note: The slides are animated but you need to click to move on to each new slide.
Using the University of Northampton Library: an ‘EWO’ guide for students based at other locations Please note: The University’s official term for arrangements.
Learner and Manager Roles Module 2 1. SLMS Primary Administrator Training Learner Tasks 2.
0 eCPIC User Training: Resource Library These training materials are owned by the Federal Government. They can be used or modified only by FESCOM member.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
Evaluating & Maintaining a Site Domain 6. Conduct Technical Tests Dreamweaver provides many tools to assist in finalizing and testing your website for.
Hasan Siddiqui An overview on how to use the University of Louisiana at Monroe’s mobile application for the Android™ OS.
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
2004/051 >> Supply Chain Solutions That Deliver Users.
2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.
Overview Content Web Site Introduction NEXT BACK Introduction Welcome to the ASAE Global Opportunities Web Site Demonstration Kiosk!
1. Type in the web address in your URL search bar.
MAP-Works User Manual. Table of Contents Registering pg 3 -Loginpg 9 Profile Navigationpg 11 -Description of Student Dropbox Actionspg 18 Talking Pointspg.
GoToWebinar ® Attendee Controls Grab Tab Audio Pane Use Settings to configure and test audio and other preferences. Click arrow to hide or show control.
Introduction Training. Training contents Introduction What is LXRMTK? How can LXRMTK be used? Where can LXRMTK be used? Who can use LXRMTK? History of.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
Company Confidential Americas Aerospace Quality Standards Committee (AAQSC) Private Web Based on SAE Standard Works September 28, 2015 The.
Surf smart training.
Quantum Leap Project Management
Using the University of Northampton Library: a guide for Law students based at other locations Please note: The University’s official term for arrangements.
Higher Education Information Security Council
Delicious Social Bookmarking
Tutorial DynaMed Plus support.ebsco.com.
Tutorial DynaMed Plus support.ebsco.com.
Using the University of Northampton Library
My YCI User Guide Youth Career Initiative is an initiative of the International Tourism Partnership and Business in the Community.
Overview of the Information Security Guide:
Formal Training Survey Tutorial
Using the University of Northampton Library
ServiceNow Implementation Knowledge Management
How to Use Members Area of The Ninety-Nines Website
Inviting external viewers … so that they can comment
AARP Foundation Tax-Aide OneSupport Help Center
Viewing Admissions Data
Duke University Health System
Markle Site Map + Wireframes.
ICOTS Helpdesk Training
Information Technology Policy Institutional Data Policy
AARP Foundation Tax-Aide OneSupport Help Center
Welcome to the European Shoemaker e-learning platform introduction
Ethics Communication Channels
ESSA Monitoring: Existing Resources
MENA-HPF HTA Online Platform
How to Navigate MSA-U Need help?
EZ RECORDS STATE and AMERICAN DEGREE APPLICATIONS
ENDANGERED ANIMALS A RESEARCH PROJECT
community.afpnet.org/home
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
NEW INTERACTIVE FEATURES
Hands-On: FSA Assessments For Foreign Schools
Cases Admin Training.
Fiscal policy program Presented by Cindy Draper, Fiscal Policy Officer – Training Days 2018 Introduce myself This session is to provide an overview of.
SEARCH AND APPLY FOR A JOB
ADVANCED SEARCH ON WESTLAWNEXT
Kristen Edsall R.N., B.S.N., M.S.N. Manager, Payer Relations
MyASQ myASQ is a centralized, online community that provides timely, relevant, and personalized engagement for members of ASQ, allowing members to make.
References & Recommendations
Starfish Training Erie Community College
Presentation transcript:

Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues Cedric Bennett, Emeritus Director, Information Security Services, Stanford University Mary B. Dunker, Director, Secure Enterprise Technology Initiatives, Virginia Tech

Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues October 13, 2010 – 9:45 AM – 10:15 AM

Agenda Introduction Structure of the Guide Finding information in the Guide Contributing to the Guide Questions and Answers Here’s where you can find the Guide www.educause.edu/security/guide

Higher Education Information Security Council Established in 2002 by EDUCAUSE and Internet2 HEISC formerly called the Security Task Force Works to improve information security and privacy programs across the higher education sector through its community members and focused partnerships with government, industry, and other academic organizations Actively develops and promotes awareness and understanding, effective practices and policies, and solutions for the protection of critical IT assets and infrastructures

Information Security Guide A major initiative and key publication of HEISC A compendium of information providing guidance on effective approaches to the application of information security at institutions of higher education Content managed by the Editorial Board Represents a broad cross-section of higher education community Input comes from Editorial Board members Other HEISC working groups Conference presentations and published articles Information security practioners from a wide variety of institutions

Structure of the Guide Recently reorganized to follow ISO 27002 topics But it is NOT an implementation toolkit for ISO 27002 ISO 27002 was selected as the organizing principle of the Guide because it is a widely accepted international standard – and because… ISO 27002 is concerned with the security of information assets (i.e., the actual information) ISO 27002 focuses on information security controls within a framework of enterprise security topics

Structure of the Guide Every topic page includes: Linked Table of Contents Overview description of general intent of the ISO topic Cross-reference to other common standards Information Security categories appropriate to that ISO topic ISO objective for each category of the topic Explanations, links to articles, links to presentations, links to institutional examples, and other materials Linked references to other topic relevant materials “Bread-crumb” trail at the top of the page, (e.g.)

Table of Contents - Examples Access Control (ISO 11)

Table of Contents - Examples Access Control (ISO 11) Security Policy (ISO 5)

Standards - Example

Structure of the Guide The navigation pane links to important resources Home – announcements and featured resource links Overview to the Guide – similar to this Webinar Each of the twelve ISO Topics -- Risk Management (ISO 4) through Compliance (ISO 15) Toolkits – links to specifically developed resources Hot Topics – resources related to topics of current interest Contribute a Case Study – instructions and forms Glossary – list of terms and phrase definitions

Navigation Pane

Finding information in the Guide Two ways find information Link directly to the desired information via the Navigation Pane Look for the desired information using the Search tool Navigation Pane is the quickest and easiest When the topic name makes the location of the desired information obvious, e.g., Risk Management (ISO 4) Security Policy (ISO 5) Information Security Incident Management (ISO 13)

Finding information in the guide Navigation pane is not as effective if you don’t know where the desired topic is covered in ISO, e.g., Data Classification is in Asset Management (ISO 7) Awareness and Training is in Human Resources Security (ISO 8) Cryptographic Controls is in Information Systems Acquisition, Development, and Maintenance (ISO 12) For these sort of topics, use the Search Tool Or to ensure you find all information relevant to your interest

Finding information in the guide Searching is easy but not fully intuitive the first time Important note: The Guide is one of several “spaces” in a generalized wiki. To search effectively, we must restrict searching to just the Guide. Start searching by leaving the search box empty and pressing the search button… (on the bread crumb bar on the top of every page)

Finding information in the guide …which brings you to this expanded search page

Finding information in the guide …which brings you to this expanded search page where you click on the triangle on the “Where” box and scroll down to “Information Security…”

Finding information in the guide

Finding information in the guide To end up with…

Finding information in the guide To end up with… Note: Be sure to avoid the selection called “Old Security Guide”

Finding information in the guide Now enter your search term into the search box on the left side of the page (next to the Internet2 logo)

Finding information in the guide Now enter your search term into the search box on the left side of the page (next to the Internet2 logo) And ignore the search box on the bread crumb bar

Finding information in the guide Entering “awareness” returns this result…

Contributing to the guide The Editorial Board depends upon input from many sources There are two ways to provide input to the Guide Make a comment on any page The underlying platform is a wiki. All comments are monitored and suggestions are acted upon Submit a case study The chances are good that your institution is doing something that others will want to know about and possibly emulate

You can also make suggestions or ask questions by sending email to ced.bennett@stanford.edu dunker@vt.edu security-council@educause.edu Here’s where you can find the Guide www.educause.edu/security/guide

Questions and answers

Questions and answers Here are some questions from us… What do institutions and security officers need from the Guide?  What other materials would be useful? Are there Case Studies (i.e., campus effective practices and solutions) that you would like to see included?  Does your institution have an effective practice that you would be willing to share as a Case Study? What, in addition to the Guide, could HEISC do to support institutional information security?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.