Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues Cedric Bennett, Emeritus Director, Information Security.

Published byAlban Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues Cedric Bennett, Emeritus Director, Information Security."— Presentation transcript:

1 Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues
Cedric Bennett, Emeritus Director, Information Security Services, Stanford University Mary B. Dunker, Director, Secure Enterprise Technology Initiatives, Virginia Tech

2

3 Overview of the Information Security Guide:
Leveraging the Knowledge and Skills of Your Colleagues October 13, 2010 – 9:45 AM – 10:15 AM

4 Agenda Introduction Structure of the Guide
Finding information in the Guide Contributing to the Guide Questions and Answers Here’s where you can find the Guide

5 Higher Education Information Security Council
Established in 2002 by EDUCAUSE and Internet2 HEISC formerly called the Security Task Force Works to improve information security and privacy programs across the higher education sector through its community members and focused partnerships with government, industry, and other academic organizations Actively develops and promotes awareness and understanding, effective practices and policies, and solutions for the protection of critical IT assets and infrastructures

6 Information Security Guide
A major initiative and key publication of HEISC A compendium of information providing guidance on effective approaches to the application of information security at institutions of higher education Content managed by the Editorial Board Represents a broad cross-section of higher education community Input comes from Editorial Board members Other HEISC working groups Conference presentations and published articles Information security practioners from a wide variety of institutions

7 Structure of the Guide Recently reorganized to follow ISO 27002 topics
But it is NOT an implementation toolkit for ISO 27002 ISO was selected as the organizing principle of the Guide because it is a widely accepted international standard – and because… ISO is concerned with the security of information assets (i.e., the actual information) ISO focuses on information security controls within a framework of enterprise security topics

8 Structure of the Guide Every topic page includes:
Linked Table of Contents Overview description of general intent of the ISO topic Cross-reference to other common standards Information Security categories appropriate to that ISO topic ISO objective for each category of the topic Explanations, links to articles, links to presentations, links to institutional examples, and other materials Linked references to other topic relevant materials “Bread-crumb” trail at the top of the page, (e.g.)

9 Table of Contents - Examples
Access Control (ISO 11)

10 Table of Contents - Examples
Access Control (ISO 11) Security Policy (ISO 5)

11 Standards - Example

12 Structure of the Guide The navigation pane links to important resources Home – announcements and featured resource links Overview to the Guide – similar to this Webinar Each of the twelve ISO Topics -- Risk Management (ISO 4) through Compliance (ISO 15) Toolkits – links to specifically developed resources Hot Topics – resources related to topics of current interest Contribute a Case Study – instructions and forms Glossary – list of terms and phrase definitions

13 Navigation Pane

14 Finding information in the Guide
Two ways find information Link directly to the desired information via the Navigation Pane Look for the desired information using the Search tool Navigation Pane is the quickest and easiest When the topic name makes the location of the desired information obvious, e.g., Risk Management (ISO 4) Security Policy (ISO 5) Information Security Incident Management (ISO 13)

15 Finding information in the guide
Navigation pane is not as effective if you don’t know where the desired topic is covered in ISO, e.g., Data Classification is in Asset Management (ISO 7) Awareness and Training is in Human Resources Security (ISO 8) Cryptographic Controls is in Information Systems Acquisition, Development, and Maintenance (ISO 12) For these sort of topics, use the Search Tool Or to ensure you find all information relevant to your interest

16 Finding information in the guide
Searching is easy but not fully intuitive the first time Important note: The Guide is one of several “spaces” in a generalized wiki. To search effectively, we must restrict searching to just the Guide. Start searching by leaving the search box empty and pressing the search button… (on the bread crumb bar on the top of every page)

17 Finding information in the guide
…which brings you to this expanded search page

18 Finding information in the guide
…which brings you to this expanded search page where you click on the triangle on the “Where” box and scroll down to “Information Security…”

19 Finding information in the guide

20 Finding information in the guide
To end up with…

21 Finding information in the guide
To end up with… Note: Be sure to avoid the selection called “Old Security Guide”

22 Finding information in the guide
Now enter your search term into the search box on the left side of the page (next to the Internet2 logo)

23 Finding information in the guide
Now enter your search term into the search box on the left side of the page (next to the Internet2 logo) And ignore the search box on the bread crumb bar

24 Finding information in the guide
Entering “awareness” returns this result…

25 Contributing to the guide
The Editorial Board depends upon input from many sources There are two ways to provide input to the Guide Make a comment on any page The underlying platform is a wiki. All comments are monitored and suggestions are acted upon Submit a case study The chances are good that your institution is doing something that others will want to know about and possibly emulate

26 You can also make suggestions or ask questions by sending email to
Here’s where you can find the Guide

27 Questions and answers

28 Questions and answers Here are some questions from us…
What do institutions and security officers need from the Guide?  What other materials would be useful? Are there Case Studies (i.e., campus effective practices and solutions) that you would like to see included?  Does your institution have an effective practice that you would be willing to share as a Case Study? What, in addition to the Guide, could HEISC do to support institutional information security?

Download ppt "Overview of the Information Security Guide: Leveraging the Knowledge and Skills of Your Colleagues Cedric Bennett, Emeritus Director, Information Security."

Similar presentations

User’s Guide.

User’s Guide.
The International Security Standard

The International Security Standard
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
DISPUTES & INVESTIGATIONS ECONOMICS FINANCIAL ADVISORY MANAGEMENT CONSULTING Joining LinkedIn How to Register, Follow Navigant & Join the Conversation.

DISPUTES & INVESTIGATIONS ECONOMICS FINANCIAL ADVISORY MANAGEMENT CONSULTING Joining LinkedIn How to Register, Follow Navigant & Join the Conversation.
DoW text: Task and WP leaders will prepare syntheses reports of the project progress, its results and its implications. These synthesis reports will be.

DoW text: Task and WP leaders will prepare syntheses reports of the project progress, its results and its implications. These synthesis reports will be.
Overview of New Behind the Blackboard for Blackboard Customers APRIL 2012 TM.

Overview of New Behind the Blackboard for Blackboard Customers APRIL 2012 TM.
Outlook 2007 Tips, Tricks, and Tools. Overview Main Screen Navigation Pane View Pane Reading Pane To–Do Bar Create a New Message Contacts Create a Signature.

Outlook 2007 Tips, Tricks, and Tools. Overview Main Screen Navigation Pane View Pane Reading Pane To–Do Bar Create a New Message Contacts Create a Signature.
Partner Network Portal Anna Jones :: July 2006 Partner Training Webinar Communications Sector.

Partner Network Portal Anna Jones :: July 2006 Partner Training Webinar Communications Sector.
MyiLibrary® ‘Search & View’ Website Training June 8, 2010.

MyiLibrary® ‘Search & View’ Website Training June 8, 2010.
Quick Reference Guide Welcome TEST USER Version_NSU_101111 HELP RETIREMENT MANAGER DEMO FEEDBACK.

Quick Reference Guide Welcome TEST USER Version_NSU_ HELP RETIREMENT MANAGER DEMO FEEDBACK.
Office 2013 and Windows 8: Essential Concepts and Skills Microsoft Access 2013.

Office 2013 and Windows 8: Essential Concepts and Skills Microsoft Access 2013.
Using the University of Northampton Library A student guide Please note: The slides are animated but you need to click to move on to each new slide.

Using the University of Northampton Library A student guide Please note: The slides are animated but you need to click to move on to each new slide.
Using the University of Northampton Library: an ‘EWO’ guide for students based at other locations Please note: The University’s official term for arrangements.

Using the University of Northampton Library: an ‘EWO’ guide for students based at other locations Please note: The University’s official term for arrangements.
Learner and Manager Roles Module 2 1. SLMS Primary Administrator Training Learner Tasks 2.

Learner and Manager Roles Module 2 1. SLMS Primary Administrator Training Learner Tasks 2.
0 eCPIC User Training: Resource Library These training materials are owned by the Federal Government. They can be used or modified only by FESCOM member.

0 eCPIC User Training: Resource Library These training materials are owned by the Federal Government. They can be used or modified only by FESCOM member.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.

Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
Evaluating & Maintaining a Site Domain 6. Conduct Technical Tests Dreamweaver provides many tools to assist in finalizing and testing your website for.

Evaluating & Maintaining a Site Domain 6. Conduct Technical Tests Dreamweaver provides many tools to assist in finalizing and testing your website for.
Hasan Siddiqui An overview on how to use the University of Louisiana at Monroe’s mobile application for the Android™ OS.

Hasan Siddiqui An overview on how to use the University of Louisiana at Monroe’s mobile application for the Android™ OS.
Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.
2004/051 >> Supply Chain Solutions That Deliver Users.

2004/051 >> Supply Chain Solutions That Deliver Users.

Similar presentations

Ads by Google