EDUCAUSE | Cyber-Security

Podcast: Privacy and Security in Higher Education: Filling the Policy Vacuum

gbayne — Mon, 13 Aug 2007 11:57:22 -0500

In this hour and ten minute long podcast from the 2007 Seminars on Academic Computing, we hear from Fred H. Cate, Distinguished Professor at the School of Law and Director of the Center for Applied Cybersecurity Research at Indiana University, with a speech entitled, Privacy and Security in Higher Education: Filling the Policy Vacuum .

Colleges and universities possess an exceptional volume and variety of personal information. Our stewardship of such information has been inconsistent and inadequate, and we often implement new technologies and systems without considering systemic privacy and security implications. Although many publicly reported security breaches occur on campuses, we have been slow to provide training in privacy and security issues, rarely audit for compliance, and lag far behind industry and government in appointing privacy and security officers. This session will address the information policy challenges facing colleges and universities, today and in the future, and will offer practical steps for overcoming them.

Winners of Student Computer Security Video Contest Announced

cluckett — Thu, 10 May 2007 17:16:30 -0500

The EDUCAUSE/Internet2 Computer and Network Security Task Force, the National Cyber Security Alliance, and ResearchChannel are pleased to announce the winning entries for the 2007 Computer Security Awareness Video Contest conducted by the Security Task Force to raise awareness of and increase computer security at colleges and universities.

The contest sought videos that explain computer security problems and specific actions that college and university students can take to safeguard their computers or personal information, and had two categories of videos: two-minute-or-less training or instructional videos, and 30-second public service announcements. The videos can be used in campus security awareness campaigns during student orientation and throughout the year. View or download the winning videos, as well as those receiving honorable mention.

September/October EDUCAUSE Review Now Available

cluckett — Wed, 04 Oct 2006 10:50:21 -0500

The September/October EDUCAUSE Review is now available, with a focus section on Privacy & Security featuring articles by Fred H. Cate on the privacy and security policy vacuum in higher education, John Voloudakis on the evolution of effective IT security practices, M. Peter Adler on a unified approach to information security compliance; Lauren Steinfeld and Kathleen Sutherland Archuleta on the role of the CPO, and Rodney Petersen on the role of the CSO. This issue also includes articles on “Making Knowledge Services Work” and on higher ed IT in Brazil and Latin America, along with a report by the 2006 EDUCAUSE Evolving Technologies Committee. EDUCAUSE Review is also available via RSS feed. Click the RSS icon on the EDUCUASE Review home page to access the XML required to subscribe

Department of Homeland Security tell everyone to patch Windows

StuartYeates — Fri, 11 Aug 2006 03:06:31 -0500

The US Department of Homeland Security (DHS) has issued guidance that everyone should install patch MS06-040 for Microsoft Windows systems. There doesn't appear to be any information released about what makes this patch any more significant than any of the others from Microsoft.

More comprehensive information about security issues is available, as always, from US-CERT. Their list of alerts also shows that it's not just the "usual suspects" of Microsoft and Internet Explorer that are causing problems, but the likes of Oracle, Mozilla, Apple and Sendmail.

ID Management Services Program: Discount Vendor Pricing Offered

cluckett — Tue, 08 Aug 2006 17:24:50 -0500

In order to help campuses in their cybersecurity efforts, EDUCAUSE has made arrangements with an expanded number of vendors to offer special discounts to EDUCAUSE member institutions that subscribe to the Identity Management Services Program.

October Is National Cyber Security Awareness Month

cluckett — Tue, 08 Aug 2006 17:33:37 -0500

Help increase cybersecurity awareness among your students, faculty, and staff by bringing October's National Cyber Security Awareness Month activities to your institution. Browse the EDUCAUSE/Internet2 Security Task Force Resource Kit.

ISO 27001: Information Security Management Systems

StuartYeates — Fri, 28 Jul 2006 04:49:36 -0500

If you or your organisation are one of the many concerned with the number and scope of computer security breeches reported in the press and are keen to avoid being the focus of such events, you may be interested in ISO 27001: Information Security Management Systems.

The standard provides a framework for compliance with local requirements (such as the Sarbanes-Oxley Act (SOX) in the US) and for encouraging and developing best-practice in information security management. It is harmonised with other ISO management standards, to assist those organisations with a standards culture.

The IT Managers Journal is currently running an excellent article on ISO 27001

From the standard:

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:

use within organizations to formulate security requirements and objectives;
use within organizations as a way to ensure that security risks are cost effectively managed;
use within organizations to ensure compliance with laws and regulations;
use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
definition of new information security management processes;
identification and clarification of existing information security management processes;
use by the management of organizations to determine the status of information security management activities;
use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
implementation of business-enabling information security;
use by organizations to provide relevant information about information security to customers.

Tune In August 2: Trends in Malicious Code on the Internet

cluckett — Wed, 26 Jul 2006 16:59:29 -0500

Join us August 2 to hear from Andrew J. Czyzewski and Vincent J. Rowe about trends in malicious code on the Internet during this free Web seminar. Unable to tune in? Listen later by visiting the archives.

Tune In July 20: Governance in Identity Management Federations

cluckett — Wed, 12 Jul 2006 18:25:39 -0500

Tune in July 20 to hear from Clair Goldsmith and William Weems about the development of theUniversity ofTexas identity management federation. The presentation will also cover the general process of creating a federation, the trade-offs involved, and the necessary elements for a functional federation. Unable to tune in? Listen later by visiting the archives.

Airline passenger's details insecure

StuartYeates — Thu, 04 May 2006 09:14:11 -0500

The Guardian is carryingan article by Steve Boggan on how insecure airline passenger'sdetails are. He paints the US government as the principal underminerof the privacy and security of the individual's information, but Iimagine that a number of organisations on this side of the Atlanticfind access to the information very useful too.