Security Planning, Cybersecurity Policy, and Cybersecurity

This twenty-five minute podcast features a conversation recorded at the EDUCAUSE 2008 Annual Conference. The topic is Privacy and Security.

Privacy and Security. Privacy or Security. Privacy versus Security. What is the relationship? And how do the two effectively co-exist in a college and university environment? How does governance and executive commitment factor into the development and sustainability of an information security program? These questions and more are presented in this candid and lively roundtable conversation. Our discussion participants include:

In this EDUCAUSE Live! podcast, join host, Steve Worona, for the topic "What Price Insularity? Reflections About Computer Security Failings". Steve's guest is Fred Schneider, Professor of Computer Science at Cornell University.

Presentation slides for this audio can be found here.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

UCISA were at the 2006 JISC Conference, touting their Information Security Toolkit:

The UCISA Information Security Toolkit is intended to support UK Higher and Further Education Institutions in producing Information Security policies to address (and to demonstrate that they are addressing) threats to the confidentiality, integrity and availability of information systems for which they are responsible, and to help meet audit requirements. The sections draw heavily on British Standard BS 7799, not least by adopting its structure for control objectives and controls.

Unfortunately it's very much embedded in the UK legislative framework, so only the technical bits will be of much use to those outside the UK. Strangely enough, I spent three days in Blackpool last week at their big annual event and didn't catch up with the toolkit at all, presumably they were all too busy running the event to promote their own documents.