Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.

Slides:



Advertisements
Similar presentations
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Advertisements

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
David A. Brown Chief Information Security Officer State of Ohio
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
The U.S. Coast Guard’s Role in Cybersecurity
Security Controls – What Works
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
August 2011Beyond the Border1 Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness CSG-ERC Canada-U.S. Relations Committee.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
Pennsylvania GTO 3-Year Strategic Plan NSGIC Annual Conference 2005 Rochester, NY Jim Knudson Stacey White
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Critical Infrastructure Protection: Program Overview
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.
Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.
Assessing The Development Needs of the Statistical System NSDS Workshop, Trinidad and Tobago, July 27-29, 2009 Presented by Barbados.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Welcome and Introduction to the Security Task Force Joy Hughes Co-Chair, Security Task Force Vice President and Chief Information Officer George Mason.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”
Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.
Advancing Government through Collaboration, Education and Action Priority Area Leaders Community Accomplishments Preview May 7, 2015.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
PERKINS IV AND THE WORKFORCE INNOVATION AND OPPORTUNITY ACT (WIOA): INTERSECTIONS AND OPPORTUNITIES.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.
Higher Education Information Security Council
Presenter: Mohammed Jalaluddin
Cybersecurity Education & Awareness Overview
Higher Education’s Role in the Identity Ecosystem
CDRH 2010 Strategic Priorities
8 Building Blocks of National Cyber Strategies
Cybersecurity ATD technical
The EDUCAUSE 2019 Top 10 IT Issues
The EDUCAUSE 2019 Top 10 IT Issues
Presentation transcript:

Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative EDUCAUSE

Digital Infrastructure as a Strategic National Asset From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset... it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. President Barak Obama May 29, 2009

Cyberspace Policy Review  Subtitle: Assuring a Trusted and Resilient Information and Communications Infrastructure  60 Day Comprehensive Review  (Took 90 Days for President to Review and Announce)  6 Months Later, Major Recommendation Not Addressed:  Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities;  National Security and Economic Security Concern

Policy Recommendations  Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.  Prepare a cybersecurity incident response plan  Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.  Designate a privacy and civil liberties official to the NSC cybersecurity directorate.  Initiate a national public awareness and education campaign to promote cybersecurity.

Policy Recommendations (cont’d)  Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.  Develop a framework for research and development strategies that focus on game-changing technologies; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.  Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

Congressional Action  Health Information Technology Act (HI TECH Act)  FTC Enforcement of Red Flags Rule  Delayed until June 1, 2010  HEOA Regulation: Distance Education Verification  Positioning of Cybersecurity in Federal Government  Strengthening of FISMA  Role of NIST in Standards Development  National Security Breach Notification Law  Critical Infrastructure Protection and Cyber Assets

National Broadband Plan  What type of computer-based attacks against government or commercial computer systems or networks are occurring and what are other federal agencies, commercial, and other entities doing to prevent, detect and respond to cyber attacks?  How are other federal agencies of the United States and other governments collaborating with the communications segment to prevent, detect, and respond to cyber attacks?  What market incentives exist for commercial communications providers, large and small, to invest in secure infrastructure? (i.e., how do we avoid externalities?)  Do end-users have sufficient independent information to make good decisions between communications providers that may differ in the extent to which they implement cyber security measures?  How widely are cyber security best practices implemented by communications providers and what are these best practices?  What are the specific wireless network features and handset features and capabilities necessary to combat such attacks?

NCSAM Highlights  Kick-off Event in Washington, D.C.  Mid-October Event in Sacramento, CA  The White House  Proclamation declaring October as NCSAM  Obama 3 Minute Video Address  Department of Homeland Security  Napolitano address at kick-off event: 1,000 new hires  Napolitano web address  Congressional Resolutions

Organizational Alignment Cybersecurity Identity and Access Management Privacy

 Policy: Comprehensive Privacy Framework  Practice: Fair Information Practices  Issues:  Protection of Personally Identifiable Information  Identity Theft  Data Retention and Disposal  Roles: Chief Privacy Officer  International Association of Privacy Professionals

Identity & Access Management  EDUCAUSE Identity & Access Management Working Group  Goals:  Awareness and advocacy—to help CIOs and IT leaders understand the strategic importance of IAM for their enterprise  Outreach and coordination—to work with other constituencies, including government and industry, to help enable the adoption of interoperable IAM  Partnerships and collaboration—to facilitate the utilization of centralized authentication and authorization services by business process owners, including student services, human resources, alumni and development, facilities management, and other groups  Implementation and training—to provide resources and tools, including IT staff training, to equip developers and implementers  Federated Identity Management & the InCommon Federation

Academia’s Role in Securing Cyberspace  Through its core mission of teaching and learning, it is the main source of our future leaders, innovators, and technical workforce.  Through research, it is the basic source of much of our new knowledge and subsequent technologies.  As complex institutions, colleges and universities operate some of the world’s largest collections of computers and high-speed networks.

Higher Education Information Security Council Hosts: EDUCAUSE and Internet2 History: Serving higher education since 2000 Mission: to improve information security and privacy across the higher education sector by actively developing and promoting effective practices and solutions for the protection of critical IT assets and infrastructures.

InfoSec Council Activities  Security Discussion Group  Working Groups  People: awareness and training  Process: compliance, policies, risk, governance  Technology: effective practices and solutions  Professional Development  Annual Security Professionals Conference  SANS-EDU Partner Series  Collaborations and Partnerships  Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)  Center for Internet Security ... and more

InfoSec Council Strategic Plan Theme:Safeguarding Our IT Assets, Protecting Our Community’s Privacy Goals: 1. Obtain Executive Commitment and Action 2. Manage Data to Enhance Privacy and Security Protections 3. Develop and Promote Effective Practices and Solutions 4. Explore New Tools and Technologies 5. Establish and Promote Information-Sharing Mechanisms

InfoSec Council Special Projects  Confidential Data Handling Blueprint  Guidelines for Data and Media Sanitization  Toolkit for Electronic Records Management, Data Retention, and e-Discovery  Information Security Governance  Risk Management Framework  Security Awareness Poster/Video Contest  National Cybersecurity Awareness Month  Security Metrics

Information Security Guide  Risk Management  Compliance  Security Policy  Organization of Information Security  Asset Management  Human Resources Security  Physical and Environmental Security  Communications and Operations Management  Access Controls  Information Systems Acquisition, Development, and Maintenance  Incident Management  Business Continuity Management

Confidential Data Handling Blueprint  Step 1: Create a security risk-aware culture that includes an information security risk management program Step 1  Step 2: Define institutional data types Step 2  Step 3: Clarify responsibilities and accountability for safeguarding confidential data Step 3  Step 4: Reduce access to confidential data not absolutely essential to institutional processes Step 4  Step 5: Establish and implement stricter controls for safeguarding confidential data Step 5  Step 6: Provide awareness and training Step 6  Step 7: Verify compliance routinely with your policies and procedures Step 7

Call to Action  Attend  Security Professionals Conference April 12-14, 2010, Atlanta, Georgia net.educause.edu/conference/security  Contribute  Submit an Effective Practice and Solution  Join  Discussion Group:  REN-ISAC:  Volunteer  Send an to

For More Information  Visit:  Higher Education Information Security Council  Contact:  David Swartz, American University, HEISC Co-Chair  Brian Voss, LSU, HEISC Co-Chair  Rodney Petersen, EDUCAUSE, HEISC Staff

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.