Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Published byDamon Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J."— Presentation transcript:

1 Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J. Petersen, 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 A Government View of Security Homeland Security Protection of “Critical Infrastructures” Cyberspace Security Fighting Cybercrime Protection of Content Protection of Personal Information

3 Executive Order on Critical Infrastructure Protection Issued October 16, 2001 Policy: protect against disruption of information systems for critical infrastructure Established President’s Critical Infrastructure Protection Board Chair of Board & Special Advisor to the President for Cyberspace Established National Infrastructure Advisory Council – critical infrastructures by sector

4 Critical Infrastructure Protection Board Priorities Delivering National Plan to President Establishing the Cyber Warning Information Network Focusing More on Research and Development Improving Education on Ethical Principles and Appropriate Computer Use

5 NIPC and IT Security The interagency National Infrastructure Protection Center (NIPC) at FBI Headquarters serves as a national critical infrastructure entity for threat assessment, warning, vulnerability, and criminal and national security investigation, and response. See http://www.nipc.gov

6 NIPC Infragard Initiative Special agents are working with community-based computer security professionals to determine how to better protect critical information systems in the public and private sectors. Computer Crimes Task Force http://www.infragard.net

7 Federal Legislation PATRIOT Act Identity Theft SSN Protection Anti-Spam Measures Security Standards Cyberspace Security Proposals

8 Cyber Security Enhancement Act – H.R. 3482 Section 102 – expands provisions of Patriot Act to permit service providers to disclose customers’ communications to any governmental entity if the provider believes in good faith that communications involve a danger of physical injury or death Implement Parts of Executive Order

9 Cybersecurity Research and Development Act - H.R. 3394 Authorizes funding for computer and network security research and development and research fellowship programs.

10 Cyberterrorism Preparedness Act – S. 1900 Directs the National Institute of Standards and Technology to award a grant to a qualifying nongovernmental entity to conduct a program to support the development of appropriate cybersecurity best practices, long-term cybersecurity research and development, and related activities. Grantee shall submit a report containing “an assessment of the advisability of requiring the contractors and grantees of the Federal Government to use appropriate cybersecurity best practices.”

11 State Government Issues Legislation Privacy Policies and Data Security Computer Crimes Statutes Unsolicited Commercial Email Policy and Regulations Executive Orders State IT Security Architectures, Plans, Standards, Policies, and Procedures

12 National Strategy to Secure Cyberspace Critical Infrastructure Assurance Office Development of a National Strategy Report to the President To be delivered this Summer Questions: www.gcn.com/cybersecurity Deadline for Comments - April 20th

13 National Strategy Questions Level 1 – The Home User and Small Business Level 2 – Major Enterprises Level 3 – Sectors of the National Information Infrastructure The Federal Government The Private Sector State and Local Government Higher Education Level 4 – National Level Institutions and Policies Level 5 - Global

14 National Strategy & Higher Ed Preventing attacks from Universities: How can academic freedom of inquiry be maintained while at the same time preventing the large scale computing power of universities from being hijacked for denial of service attacks and other malicious activity directed at other sites?

15 Public Comment When it comes to denial of service attacks, we see no indication that University networks are disproportionately used to originate DOS attacks.

16 Public Comment The threshold of pain has not been reached to make this a priority. (Unfortunately, the best way to capture the attention of the university provost or president is for someone to file a civil suit or to have the FBI shut down major systems as part of an investigation.)

17 National Strategy & Higher Ed Preventing attacks within Universities: What functions on a university system require high levels of IT security (e.g., medical records, research trials, patents) and how is that best achieved within the context of an academic setting?

18 Public Comment All universities should have a chief security officer reporting to the CIO and this officer needs to interact with other University systems.

19 Public Comment Best practices and standards need to be scalable to smaller colleges also.

20 National Strategy & Higher Ed Organization: How can universities best organize to address the IT security questions they face in common? Should best practices or standards be agreed on a national level? Should there be a mechanism for information sharing on threats and vulnerabilities among university CIOs and systems administrators?

21 Public Comment I see established national security standards for research computing as the only effective way to bring adequate attention to this issue and see progress made. Keep the Federal Government completely out of this matter; it is an academic matter, NOT a government matter; there is no need for “best practices or standards” to be agreed to on a “national level”. Again, keep the Federal Government OUT of this matter.

22 Public Comment Information security is not a technical matter; it is a policy and political matter. Sharing the responsibility of security with non-technical administrators is not effective. This is best left to the professional...

23 Public Comment Perhaps varying levels of implementation should be suggested as in secure, more secure, best practice.

Download ppt "Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J."

Similar presentations

Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.

Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
NEW REVENUES AND ACADEMIC VALUES: OLD AND NEW CHALLENGES IN HIGHER EDUCATION David Ward President American Council on Education Chancellor Emeritus, University.

NEW REVENUES AND ACADEMIC VALUES: OLD AND NEW CHALLENGES IN HIGHER EDUCATION David Ward President American Council on Education Chancellor Emeritus, University.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
InfraGard Update SSA John V. Gillies SA Matthew E. Morin.

InfraGard Update SSA John V. Gillies SA Matthew E. Morin.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.

Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.

Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
UNIFORM GUIDANCE OVERVIEW. OMB Circulars Before and After A-21 Cost principles for Educational Institutions A-21 Cost principles for Educational Institutions.

UNIFORM GUIDANCE OVERVIEW. OMB Circulars Before and After A-21 Cost principles for Educational Institutions A-21 Cost principles for Educational Institutions.
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
EDUCAUSE Computer and Network Security Task Force Rodney J. Petersen Director, Policy and Planning Office of Information Technology University of Maryland.

EDUCAUSE Computer and Network Security Task Force Rodney J. Petersen Director, Policy and Planning Office of Information Technology University of Maryland.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Similar presentations

Ads by Google