Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004.

Published byCathleen Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004."— Presentation transcript:

1 www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004

2 Jack@umbc.edu Sue 2 ….Interesting Gartner - > 70% have had a serious security incident ECAR - > Significant majority of institutions feel security is better now than 2 years ago … We can’t eliminate all incidents or know what incidents we avoided through improved practices

3 Jack@umbc.edu Sue 3 Task Force Strategic Goals Education and Awareness Standards, Policies, & Procedures Security Architecture and Tools Organization, Information Sharing, and Incident Response Collaborating with industry, government, and other parts of academia to achieve these goals

4 Jack@umbc.edu Sue 4 Dancing With the Devil: Vendor Engagement The Security Task Force established the Cyber Security Forum for Higher Education to develop linkages with the vendor community. Members include - Microsoft, IBM, Dell, HP, Datatel, Network Associates, PeopleSoft, Oracle, Cisco, Apple, Sun, SCT, VeriSign, and others. A delegation representing the Security Task Force visited Microsoft in September to explain the needs of higher education. Microsoft has been responsive to suggestions.

5 Jack@umbc.edu Sue 5 Dancing With the Devil: Nat’l Cyber Security Summit Organized by industry trade groups on behalf of DHS Unwritten goal: Take action so Congress doesn’t legislate solution Summit Task Forces –Information Security Governance –Awareness –Early Warning –Technical Standards/Common Criteria –Security Across S/W Development Lifecycle Result: Demonstration of understanding and commitment to improving security

6 Jack@umbc.edu Sue 6 Risk Assessment and Tools Risk assessment is a critical component in developing an IT Security Plan We have worked with the Carnegie Mellon Software Engineering Institute (SEI) to explore development of a derivative of the OCTAVE risk assessment process for Higher Education We continue to build partnerships with the auditing community. Rob Clark, Director of Internal Audit for Ga. Tech, has joined the Security Task Force and will be leading an initiative on risk management in higher ed CIFAC - Variables and factors that determine thresholds of risk are largely dependent upon perspective or role

7 Jack@umbc.edu Sue 7 Education and Awareness Initiative Security and awareness is consistently listed as a critical need. Less than 40% of institutions have active awareness programs Mark Bruhn of Indiana and Kelley Bogart of U. of Arizona are co-chairing our security awareness working group. Two weeks ago we held a 1.5 day workshop to identify how to make quick progress and what to focus on for long-term needs This working group is working closely with the National Cyber Security Summit task force on Awareness Finally, May 16-18 we will hold the 2nd Annual Security Professionals Workshop in Washington, D.C.

8 Jack@umbc.edu Sue 8 Effective Practices Initiative The goal of the initiative is to identify and publicize practical approaches to preventing, detecting, and responding to security problems. College & university security officers and supporting staff solicit, develop, and review submitted practices. Effective instead of best because higher education is too diverse for a one-size fits all approach that best implies. We hope to have multiple entries per topic from different institution types

9 Jack@umbc.edu Sue 9

10 10 Effective Security Practices Guide Focus Areas Online: www.educause.edu/security/guide Contents include Education, Training and Awareness Risk Analysis and Management Security Architecture Design Network and Host Vulnerability Assessment Network and Host Security Implementation Intrusion and Virus Detection Incident Response Encryption, Authentication & Authorization Presently we have 25 practices available

11 Jack@umbc.edu Sue 11 Resources and Events Resources www.educause.edu/security security.internet2.edu www.ren-isac.net Events 2nd Security Professionals Workshop May 16-18, 2004 in Washington, D.C.

Download ppt "Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004."

Similar presentations

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.
Security Controls – What Works

Security Controls – What Works
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.

Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 Effective Cybersecurity Practices for Higher Education Educause Southeast Regional Conference Seminar 1A June 6, 2005 Mary Dunker Virginia Tech Tammy.

1 Effective Cybersecurity Practices for Higher Education Educause Southeast Regional Conference Seminar 1A June 6, 2005 Mary Dunker Virginia Tech Tammy.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Similar presentations

Ads by Google