Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Published byEzra Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This."— Presentation transcript:

1 Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Information Security Governance National CyberSecurity Summit, Dec 2003 Five Task Forces  Awareness for Home Users & Small Business  Cyber Security Early Warning  Corporate Governance  Technical Standards/Common Criteria  Security Across the Software Development Lifecycle

3 Corporate Governance Task Force Convened to “develop and promote a coherent governance framework to drive implementation of effective information security programs” in private sector organizations Five principal recommendations Adaptation of recommendations to education and non-profit institutions addressed in appendix

4 Corporate Governance Task Force Recommendation 1: Organizations should adopt the Information Security Governance Framework described in this report to embed cyber security into their corporate governance process. The ISG Framework addresses the following areas of governance:  Authority and functions of the Board of Directors/Trustees  Authority and functions of the Senior Executive  Authority and functions of the Executive Team members  Authority and functions of Senior Managers  Responsibilities of all employees and users  Organizational unit security program  Organizational unit reporting  Information Security Program evaluation

5 Corporate Governance Task Force Recommendation 2: Organizations should signal their commitment to information security governance by stating on their website that they intend to use these tools to assess their performance and report the results to their board of directors. 12 Core Principles:  CEOs should have an annual information security evaluation conducted, review the evaluation results with staff, and report on performance to the Board of Directors.  Periodic risk assessments of information assets should be conducted as part of a risk management program.  Policies and procedures should be implemented based on these risk assessments to secure information assets.  A security management structure should be established to assign explicit individual roles, responsibilities, authority, and accountability.

6 Corporate Governance Task Force  Organizations should develop plans and initiate actions to provide adequate information security for networks, facilities, systems and information.  Organizations should treat information security as an integral part of the system life-cycle.  Organizations should provide information security awareness, training and education to personnel.  Organizations should conduct periodic testing and evaluation of the effectiveness of information security policies and procedures.  Organizations should create and execute a plan for remedial action to address any information security deficiencies.  Organizations should develop and implement incident response procedures.  Organizations should establish plans, procedures and tests to provide continuity of operations.  Organizations should use security best practices guidance, such as ISO 17799, to measure information security performance.

7 Corporate Governance Task Force Recommendation 3: All organizations that are members of the Corporate Governance Task Force should voluntarily signal their commitment to information security governance by posting a statement on their website. In addition, the four trade associations (TechNet, BSA, ITAA and the Chamber of Commerce) involved in the National Cyber Security Summit should encourage their members to embrace information security governance and post statements on their websites. Furthermore, all Summit participants should embrace information security governance and post statements on their websites, and if applicable, encourage their members to do so as well. Recommendation 4: The Department of Homeland Security should endorse the Information Security Governance Framework and Core Set of Principles, and encourage the private sector to make cyber security part of its corporate governance efforts. Recommendation 5: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) should revise the Internal Controls- Integrated Framework so that it explicitly addresses information security governance.

8 Corporate Governance Task Force Application to Education and Non-Profit Institutions  Adaptation of Language to Fit Structures and Organizations of Education and Non-Profits Translation to “Dean” or “Director” instead of “senior company manager”, etc. Translation to “Board of Regents” or “Trustees” instead of “Board of Directors” “Impact of downtime on revenues” to “impact of downtime to instructional, research, service missions”  Verification and compliance recommendations seem to fit well

9 Information Security Governance in Higher Education Next Steps  Pilot recommendations at few higher ed institutions  Draft specific recommendations for higher ed  Promulgate through EDUCAUSE, NACUBO, other HEIT Alliance partners

Download ppt "Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, 2005. This work is the intellectual property.

Technology Across the Curriculum Programs Keys to Success Beth Secrist, TAC Coordinator Copyright Beth Secrist, This work is the intellectual property.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
The International Security Standard

The International Security Standard
More CMM Part Two : Details.

More CMM Part Two : Details.
Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional 2008 1 ISU Alert Carol McDonald Information Systems Leader Information Technology.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.
University of Notre Dame Office of Information Technologies March 26, 20031 Maintaining the Right Balance Using the Project Charter to Set IT Project Prioritization.

University of Notre Dame Office of Information Technologies March 26, Maintaining the Right Balance Using the Project Charter to Set IT Project Prioritization.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
Purdue University Calumet Enrollment Services Center Integrated Service Delivery In-person and on the Web Beth Pellicciotti Assistant Vice Chancellor Academic.

Purdue University Calumet Enrollment Services Center Integrated Service Delivery In-person and on the Web Beth Pellicciotti Assistant Vice Chancellor Academic.
TESL Ontario Conference October 28 & 29, 2011. Project Team Project Lead - Carolyn Cohen Research Lead - Antonella Valeo Research Consultants - Sheila.

TESL Ontario Conference October 28 & 29, Project Team Project Lead - Carolyn Cohen Research Lead - Antonella Valeo Research Consultants - Sheila.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Assessing the Effects of Virtual Communities of Practice on Professional Development 2003 AAHE Assessment Conference Darren Cambridge & Vicki Suter EDUCAUSE/NLII/AAHE.

Assessing the Effects of Virtual Communities of Practice on Professional Development 2003 AAHE Assessment Conference Darren Cambridge & Vicki Suter EDUCAUSE/NLII/AAHE.
CCSU’s E-portfolio Initiative and the IT Career Ladder Jo Kinnard, Ph.D. Clayton College and State University, Morrow, GA.

CCSU’s E-portfolio Initiative and the IT Career Ladder Jo Kinnard, Ph.D. Clayton College and State University, Morrow, GA.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, 2007. This work is the intellectual property of the author.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College Copyright Penn State University-2008. This work is the intellectual.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.
NLII - 2003 Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.

NLII Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.
Turning Information Into Action: Enterprise Reporting at Columbia University Maria E. Mosca, Director Student Information Systems Columbia University in.

Turning Information Into Action: Enterprise Reporting at Columbia University Maria E. Mosca, Director Student Information Systems Columbia University in.

Similar presentations

Ads by Google