Cyber-Security

In this hour and ten minute long podcast from the 2007 Seminars on Academic Computing, we hear from Fred H. Cate, Distinguished Professor at the School of Law and Director of the Center for Applied Cybersecurity Research at Indiana University, with a speech entitled, Privacy and Security in Higher Education: Filling the Policy Vacuum .

The EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and ResearchChannel are pleased to announce the winning entries for the 2007 Computer Security Awareness Video Contest conducted by the Security Task Force to raise awareness of and increase computer security at colleges and universities.

The contest sought videos that explain computer security problems and specific actions that college and university students can take to safeguard their computers or personal information, and had two categories of videos: two-minute-or-less training or instructional videos, and 30-second public service announcements. The videos can be used in campus security awareness campaigns during student orientation and throughout the year.

The September/October EDUCAUSE Review is now available, with a focus section on Privacy & Security featuring articles by Fred H. Cate on the privacy and security policy vacuum in higher education, John Voloudakis on the evolution of effective IT security practices, M. Peter Adler on a unified approach to information security compliance; Lauren Steinfeld and Kathleen Sutherland Archuleta on the role of the CPO, and Rodney Petersen on the role of the CSO. This issue also includes articles on “Making Knowledge Services Work” and on higher ed IT in Brazil and Latin America, along with a report by the 2006 EDUCAUSE Evolving Technologies Committee. EDUCAUSE Review is also available via RSS feed. Click the RSS icon on the EDUCUASE Review home page to

The US Department of Homeland Security (DHS) has issued guidance that everyone should install patch MS06-040 for Microsoft Windows systems. There doesn't appear to be any information released about what makes this patch any more significant than any of the others from Microsoft.

More comprehensive information about security issues is available, as always, from US-CERT. Their list of alerts also shows that it's not just the "usual suspects" of Microsoft and Internet Explorer that are causing problems, but the likes of Oracle, Mozilla, Apple and Sendmail.

In order to help campuses in their cybersecurity efforts, EDUCAUSE has made arrangements with an expanded number of vendors to offer special discounts to EDUCAUSE member institutions that subscribe to the Identity Management Services Program.

Help increase cybersecurity awareness among your students, faculty, and staff by bringing October's National Cyber Security Awareness Month activities to your institution. Browse the EDUCAUSE/Internet2 Security Task Force Resource Kit.

 

 

If you or your organisation are one of the many concerned with the number and scope of computer security breeches reported in the press and are keen to avoid being the focus of such events, you may be interested in ISO 27001: Information Security Management Systems.

The standard provides a framework for compliance with local requirements (such as the Sarbanes-Oxley Act (SOX) in the US) and for encouraging and developing best-practice in information security management. It is harmonised with other ISO management standards, to assist those organisations with a standards culture.

The IT Managers Journal is currently running an excellent article on ISO 27001

From the standard:

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

Join us August 2 to hear from Andrew J. Czyzewski and Vincent J. Rowe about trends in malicious code on the Internet during this free Web seminar. Unable to tune in? Listen later by visiting the archives.

Tune in July 20 to hear from Clair Goldsmith and William Weems about the development of theUniversity ofTexas identity management federation. The presentation will also cover the general process of creating a federation, the trade-offs involved, and the necessary elements for a functional federation. Unable to tune in? Listen later by visiting the archives.

The Guardian is carryingan article by Steve Boggan on how insecure airline passenger'sdetails are. He paints the US government as the principal underminerof the privacy and security of the individual's information, but Iimagine that a number of organisations on this side of the Atlanticfind access to the information very useful too.