Security Planning

Colleges and universities are subject to all-hazards, ranging from natural disasters to man-made events.  Recent shootings at Virginia Tech and Northern Illinois University, coupled with the devastation of floods and hurricanes and the threat of domestic and international terrorism have created a new sense of urgency on our campuses as we continue to explore new practices and policies for security and emergency management, from preparedness through recovery. 

In February, EDUCAUSE joined NACUBO and several other higher education associations to launch a new initiative aimed at helping institutions of higher education to develop comprehensive, all-hazards emergency management plans. This month, EDUCAUSE will bring together campus and IT leaders to continue the dialogue.

In "Security Metrics: A Solution in Search of a Problem", a recent EDUCAUSE Quarterly article, Joel Rosenblatt (Manager of Computer and Network Security, Columbia University) describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.

EDUCAUSE has published the results of the 2008 Current Issues Survey, and this year Security edged out Funding IT as the top strategic challenge.

The latest EDUCAUSE Quarterly article, "Current Issues Survey Report, 2008", states:

This 38 minute podcast features a keynote address by Mary Beth Richards, Deputy Director of the Bureau of Consumer Protection for the Federal Trade Commission. Her speech, "The FTC as an Educational Partner in Improving Data Security and Privacy," was recorded at the EDUCAUSE 2008 Policy Conference in Arlington, Virgina.

EDUCAUSE has joined with NACUBO and several other higher education associations to launch a national campus safety and security project. The project team will conduct an 18-month study that will examine threats of every nature facing colleges and universities and develop guidelines for campus emergency management plans for prevention, preparedness, response, and recovery. Mark Luker, vice president of EDUCAUSE, underscores the importance of addressing campus threats through a multi-organizational effort: "EDUCAUSE, for example, has investigated cyber security and assisted institutions in solving related problems. Expanding on our past efforts in the most meaningful way to colleges and universities requires more of an enterprise approach. We’re looking forward to this opportunity to integrate the concerns and work of EDUCAUSE with those of our partners in the higher education community who represent other components of campus life."

Related link: EDUCAUSE/Internet 2 Computer and Network Security Task Force

Rebecca Whitener, vice president, enterprise risk management and chief risk officer, EDS, and Greg Garcia, assistant secretary for cyber security and communications, United States Department of Homeland Security, will present keynote sessions at the 2008 Security Professionals Conference, May 4–6 in Arlington, Virginia.

The conference program will cover these topic areas, with a focus on higher education:

In this EDUCAUSE Live! podcast, join host, Steve Worona, for the topic "What Price Insularity? Reflections About Computer Security Failings". Steve's guest is Fred Schneider, Professor of Computer Science at Cornell University.

Presentation slides for this audio can be found here.

Designed for both management and technical staff, the Campus Architecture and Middleware Planning (CAMP) workshop, "Bridging Security and Identity Management," February 13-15 in Tempe, Arizona, will address practical approaches for addressing issues surrounding three themes:

Watch the video or listen to the podcast of Bruce Schneier's recent keynote speech, "Bruce Schneier on Information Security: Ten Trends", which was delivered at the EDUCAUSE 2007 Annual Conference in Seattle, Washington on October 26, 2007.

You can also hear a 14 minute interview with Bruce Schneier. Listen in as he shares some insightful words about privacy along with interesting commentary about ethics, cybersecurity, and blogging.