Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative."— Presentation transcript:

1 Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative EDUCAUSE

2 Digital Infrastructure as a Strategic National Asset From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset... it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. President Barak Obama May 29, 2009

3 Cyberspace Policy Review  Subtitle: Assuring a Trusted and Resilient Information and Communications Infrastructure  60 Day Comprehensive Review  (Took 90 Days for President to Review and Announce)  6 Months Later, Major Recommendation Not Addressed:  Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities;  National Security and Economic Security Concern

4 Policy Recommendations  Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.  Prepare a cybersecurity incident response plan  Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.  Designate a privacy and civil liberties official to the NSC cybersecurity directorate.  Initiate a national public awareness and education campaign to promote cybersecurity.

5 Policy Recommendations (cont’d)  Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.  Develop a framework for research and development strategies that focus on game-changing technologies; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.  Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

6 Congressional Action  Health Information Technology Act (HI TECH Act)  FTC Enforcement of Red Flags Rule  Delayed until June 1, 2010  HEOA Regulation: Distance Education Verification  Positioning of Cybersecurity in Federal Government  Strengthening of FISMA  Role of NIST in Standards Development  National Security Breach Notification Law  Critical Infrastructure Protection and Cyber Assets

7 National Broadband Plan  What type of computer-based attacks against government or commercial computer systems or networks are occurring and what are other federal agencies, commercial, and other entities doing to prevent, detect and respond to cyber attacks?  How are other federal agencies of the United States and other governments collaborating with the communications segment to prevent, detect, and respond to cyber attacks?  What market incentives exist for commercial communications providers, large and small, to invest in secure infrastructure? (i.e., how do we avoid externalities?)  Do end-users have sufficient independent information to make good decisions between communications providers that may differ in the extent to which they implement cyber security measures?  How widely are cyber security best practices implemented by communications providers and what are these best practices?  What are the specific wireless network features and handset features and capabilities necessary to combat such attacks?

8

9 NCSAM Highlights  Kick-off Event in Washington, D.C.  Mid-October Event in Sacramento, CA  The White House  Proclamation declaring October as NCSAM  Obama 3 Minute Video Address  Department of Homeland Security  Napolitano address at kick-off event: 1,000 new hires  Napolitano web address  Congressional Resolutions

10 Organizational Alignment Cybersecurity Identity and Access Management Privacy

11  Policy: Comprehensive Privacy Framework  Practice: Fair Information Practices  Issues:  Protection of Personally Identifiable Information  Identity Theft  Data Retention and Disposal  Roles: Chief Privacy Officer  International Association of Privacy Professionals

12 Identity & Access Management  EDUCAUSE Identity & Access Management Working Group  Goals:  Awareness and advocacy—to help CIOs and IT leaders understand the strategic importance of IAM for their enterprise  Outreach and coordination—to work with other constituencies, including government and industry, to help enable the adoption of interoperable IAM  Partnerships and collaboration—to facilitate the utilization of centralized authentication and authorization services by business process owners, including student services, human resources, alumni and development, facilities management, and other groups  Implementation and training—to provide resources and tools, including IT staff training, to equip developers and implementers  Federated Identity Management & the InCommon Federation

13 Academia’s Role in Securing Cyberspace  Through its core mission of teaching and learning, it is the main source of our future leaders, innovators, and technical workforce.  Through research, it is the basic source of much of our new knowledge and subsequent technologies.  As complex institutions, colleges and universities operate some of the world’s largest collections of computers and high-speed networks.

14 Higher Education Information Security Council Hosts: EDUCAUSE and Internet2 History: Serving higher education since 2000 Mission: to improve information security and privacy across the higher education sector by actively developing and promoting effective practices and solutions for the protection of critical IT assets and infrastructures.

15 InfoSec Council Activities  Security Discussion Group  Working Groups  People: awareness and training  Process: compliance, policies, risk, governance  Technology: effective practices and solutions  Professional Development  Annual Security Professionals Conference  SANS-EDU Partner Series  Collaborations and Partnerships  Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)  Center for Internet Security ... and more

16 InfoSec Council Strategic Plan Theme:Safeguarding Our IT Assets, Protecting Our Community’s Privacy Goals: 1. Obtain Executive Commitment and Action 2. Manage Data to Enhance Privacy and Security Protections 3. Develop and Promote Effective Practices and Solutions 4. Explore New Tools and Technologies 5. Establish and Promote Information-Sharing Mechanisms

17 InfoSec Council Special Projects  Confidential Data Handling Blueprint  Guidelines for Data and Media Sanitization  Toolkit for Electronic Records Management, Data Retention, and e-Discovery  Information Security Governance  Risk Management Framework  Security Awareness Poster/Video Contest  National Cybersecurity Awareness Month  Security Metrics

18 Information Security Guide  Risk Management  Compliance  Security Policy  Organization of Information Security  Asset Management  Human Resources Security  Physical and Environmental Security  Communications and Operations Management  Access Controls  Information Systems Acquisition, Development, and Maintenance  Incident Management  Business Continuity Management

19 Confidential Data Handling Blueprint  Step 1: Create a security risk-aware culture that includes an information security risk management program Step 1  Step 2: Define institutional data types Step 2  Step 3: Clarify responsibilities and accountability for safeguarding confidential data Step 3  Step 4: Reduce access to confidential data not absolutely essential to institutional processes Step 4  Step 5: Establish and implement stricter controls for safeguarding confidential data Step 5  Step 6: Provide awareness and training Step 6  Step 7: Verify compliance routinely with your policies and procedures Step 7

20 Call to Action  Attend  Security Professionals Conference April 12-14, 2010, Atlanta, Georgia net.educause.edu/conference/security  Contribute  Submit an Effective Practice and Solution www.educause.edu/security/guide  Join  Discussion Group: www.educause.edu/groups/security  REN-ISAC: www.ren-isac.net  Volunteer  Send an email to security-volunteer@educause.edu

21 For More Information  Visit:  Higher Education Information Security Council http://www.educause.edu/security  Contact:  David Swartz, American University, HEISC Co-Chair dswartz@american.edu  Brian Voss, LSU, HEISC Co-Chair bvoss@lsu.edu  Rodney Petersen, EDUCAUSE, HEISC Staff rpetersen@educause.edu

22 THANK YOU

Download ppt "Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative."

Similar presentations

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.

Providence School Board September 10, 2012 Introductory Briefing Providence Public School District Comprehensive Information Technology Blueprint Center.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
Security Controls – What Works

Security Controls – What Works
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.

Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Alabama GIS Executive Council November 17, 2009. Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.

Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.

1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Similar presentations

Ads by Google