1. First-Time Attendees: How to Get the Most Out of the Conference Experience Tammy Clark Program Chair, Security 2007 Chief Information Security Officer Georgia State University

2. Navigating the Conference Hard Copy Program in your Tote Bag Presentation Slides on Conference Website Most Sessions are on the Ballroom Level Ask Questions of staff at Registration Desk Look for EDUCAUSE staff (maroon ribbon) Look for Program Committee (white ribbon) Look for Security Task Force Members (yellow ribbon)

3. Conference Program Overview Pre- and Post-Conference Seminars Birds-of-a-Feather Sessions  Affinity Groups (next)  Topical Interests (tomorrow evening) Opening and Closing Keynote Speakers  Ira Winkler, formerly NSA/author of Spies Among Us  Pamela Fusco, industry CISO 7 Concurrent Track Sessions Corporate Displays (AM & PM Break) Lunch Roundtable Discussions

4. 7 Concurrent Tracks 1.Forensics and Incident Handling 2.Policy, Law, and Compliance 3.Security Management and Operations – Effective Practices 4.Security Management and Operations – Strategic Planning 5.Technology Solutions – Emerging Trends 6.Technology Solutions – Sensitive Data Protection 7.Vendors & Partners of IT Products & Services

5. Corporate Participation Presentation Proposals as part of Track 7: Vendors & Partners of IT Products & Services Corporate Displays  16 During AM/PM Breaks Tomorrow Corporate Sponsorship  Food (breakfast, lunch, breaks, receptions)  Technology (computers, projectors, etc.)  Supplies (tote bags, notepads, etc.) What to Expect – Corporate Contacts

6. Birds-of-a-Feather Sessions Affinity Groups (Next!) Molly Brown Room  ACC Security Officers  California State University  CIC Security WG  Ivy-Plus Security Group  U of the Big 12  VA SCAN Other Groups Matchless Room  Commuter and 2-Year  Minority Serving Inst.  Research Universities  Small Colleges  State/Regional Networks Topical (Tomorrow at 8:30 p.m.) Colorado Ballroom E  E-Discovery/Electronically Stored Information (ESI)  EDU Partnership Series with SANS for InfoSec Training  Payment Card Industry Data Security Standard (PCIDSS)  Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)  Other Topics

7. Networking at the Conference Well, there’s wireless access by using SSID: EDUCAUSEAIR There are also Computer kiosks in Silverton Room But, Human Networking is MOST IMPORTANT  Registrations List Online – by name, institution, state, or dynamic search terms Copies available at registration desk  Food: Breakfasts, Breaks, Lunch, and Reception  Group Dinners – Sign Up at Bulletin Board in Lobby  Birds-of-a-Feather Sessions  Before/After Sessions

8. Making the Most of It 1.Review the program with colleagues to decide which sessions to cover. 2.Plan how you will disseminate new information when you return. 3.Attend sessions that will introduce you to new ideas rather than those where you might feel the most comfortable. 4.Understand the constraints on, and opportunities for, how much you’ll be able to do when you return. You’re not alone in feeling overwhelmed by the challenge of acting on the good ideas that you encounter. 5.Use your laptop or an e-mail kiosk to send yourself reminders about “to-do’s” when you return.

9. Making the Most (cont’d) 6.Talk to people at the sessions you attend to create a network of colleagues. 7.After returning home, set up an action plan with milestones and resolve to carve out the time to reflect on and assess what you have learned. 8.Write a summary of what you learned and think of audiences outside your own organization who might find the information useful. 9.Pass good ideas on, and off, to your staff. Commit to sharing with them, and decide together what makes sense to implement, transform, or aim for in your IT operation and institutional mission. 10.Realize that the effect on you of attending the conference could be as subtle as a change in attitude. Ideas to Action: Ten Hints for Getting the most from a Conference. By Joan Getman and Nikki Reynolds EDUCAUSE Quarterly, Number 3, 2002

10. Introduction to the Security Task Force Joy Hughes Co-Chair, EDUCAUSE/Internet2 Security Task Force Vice President and CIO, George Mason University

11. Intro to Security Task Force Established in July 2000 Leadership & Staff Support from EDUCAUSE & Internet2 Cooperation and Support of Higher Education Associations  American Council on Education  Association of American Universities  National Association of State Universities & Land-Grant Colleges  American Association of State Colleges and Universities  National Association of Independent Colleges and Universities  American Association of Community Colleges Higher Ed Sector Coordination with Government & Industry Computer & Network Security: A Resource for Higher Ed http://www.educause.edu/security

12. Security Task Force Goals The Security Task Force has identified and is implementing a coordinated strategy for computer and network security for higher education. The following strategic goals have been identified:  Education and Awareness  Standards, Policies, and Procedures  Security Architecture and Tools  Organization and Information Sharing

13. Education and Awareness Goal To increase the awareness of the associated risks of computer and network use and the corresponding responsibilities of higher education executives and end- users of technology (faculty, staff, and students), and to further the professional development of information technology staff. Programs  Awareness & Training Working Group  Annual Security Professionals Conference (2002-present)

14. Education & Awareness (cont’d) Accomplishments  Leadership Strategies Book on Security (2003)  ACE Letter to Presidents (2003)  National Cyber Security Awareness Month (annually in October)  Cybersecurity Awareness Resource CD (now online)  Cybersecurity on Campus Executive Awareness Video (2005)  Computer Security Student Video Contest (2006 and 2007)  Outreach to Higher Ed Associations and Beyond (2003-present) Partnerships  National Cyber Security Alliance (www.StaySafeOnline.info)  National Centers of Academic Excellence in Information Assurance Education  SANS EDU Training Partnership

15. Standards, Policies, & Procedures Goal To develop information technology standards, policies, and procedures that are appropriate, enforceable, and effective within the higher education community. Programs  Policy and Legal Issues Working Group  Risk Assessment Working Group  EDUCAUSE D.C. Office - Public Policy and Government Relations  EDUCAUSE/Cornell Institute for Computer Policy and Law

16. Standards, Policies, & Procedures (cont’d) Accomplishments  Principles to Guide Efforts to Improve Computer and Network Security in Higher Education (2003)  Publication of White Paper on “IT Security for Higher Education: A Legal Perspective” (2003)  Information Security Governance Assessment Tool (2004)  Risk Assessment Framework (2005)  Data Incident Notification Toolkit (2005)  Elements of Model Security Policy (2006)  Guidelines for Responding to Compulsory Legal Requests for Information (2006)  Guidelines for Data Sanitization (2006)  ERP Security Checklist (2007) Partnerships  National Association of College & University Attorneys (NACUA)  National Institute for Standards in Technology (NIST)

17. Security Architecture and Tools Goal To design, develop, and deploy infrastructures, systems, and services that incorporate security as a priority; and to employ technology to monitor resources and minimize adverse consequences of security incidents. Programs  Effective IT Security Practices Working Group  SALSA and Other Internet2 Working Groups  PKI, Middleware, and ID Management Initiatives

18. Security Architecture & Tools (cont’d) Accomplishments  Effective Security Practices Guide (2004 and 2006)  Effective Security Practices & Solutions Form (ongoing)  Whitepaper on Automating Network Policy Enforcement (2004)  Center for Internet Security Benchmarks (2004) Partnerships  The Center for Internet Security  DHS National Cyber Security Division  NSF Middleware Initiative – Enterprise and Desktop Integration Technologies (NMI-EDIT)

19. Organization and Information Sharing Goal To create the capacity for a college or university to effectively deploy a comprehensive security architecture (people, process, and technology), and to leverage the collective wisdom and expertise of the higher education community. Programs  Security Task Force Executive Committee & Leadership Team  Annual Security Professionals Conference  Research & Education Networking ISAC (REN-ISAC)

20. Organization & Info Sharing (cont’d) Accomplishments  Security Discussion Group  REN-ISAC Trusted Communication Network  Annual Security Professionals Conference Partnerships  U.S. Department of Homeland Security U.S. – Computer Emergency Readiness Team (US- CERT)

21. For More Information Visit:  Co-Chairs Joy Hughes and Peter Siegel at the STF Information Table in Lobby during Breaks  EDUCAUSE/Internet2 Security Task Force http://www.educause.edu/security Contact:  Joy Hughes, GMU, STF Co-Chair jhughes@gmu.edu  Peter Siegel, UC-Davis, STF Co-Chair pmsiegel@ucdavis.edu  Rodney Petersen, EDUCAUSE, STF Staff rpetersen@educause.edu

22. Questions/Concerns Do you have any questions or concerns?