EDUCAUSE | Presented at EDUCAUSE Annual Conferences and Security Risk Assessment and Analysis

Lassoing the Beast: How a Large, Diverse University Is Wrapping Its Arms Around Confidential Data

drupal — Tue, 06 Nov 2007 11:04:19 -0600

Penn designed the security and privacy impact assessment (SPIA) process and tool to raise awareness about where confidential data reside and to assess risks in seven major threat areas, which can be mitigated by a list of safeguards. Learn about successful outcomes from our early SPIA adopters.

GSU's Roadmap for a World-Class Information Security Management System: ISO 27001:2005

drupal — Tue, 30 Oct 2007 13:42:38 -0500

Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined approach helps us leverage technology to develop a world-class ISMS that empowers users and improves processes. This session will discuss the importance of developing a comprehensive, risk-management based information security program.

Stop, Drop, and Roll: Prevent and Douse Cyber Incidents

drupal — Tue, 30 Oct 2007 13:42:36 -0500

Presenting two best-practice models for cyber incidents: To prevent cyber incidents, learn how to use an uncomplicated cyber risk assessment to help you focus your institution's limited resources. When an incident occurs, know how to douse the effect of breach events when notification is required.

Effective IT Security Practices

drupal — Wed, 18 Oct 2006 15:56:46 -0500

IT security is a critical issue in higher education. This seminar will focus on network security architectures, infrastructure, data security, incident detection, prevention, and response. A framework and set of tools that participants can take back to their institutions for handling IT security incidents will also be provided. Participants will learn how to bypass typical mistakes, develop incident-handling protocols and procedures, use shareware and open source tools, interpret logs, and leverage other forensic and investigative resources. The effective practices work of the EDUCAUSE/Internet2 Computer Network Security Task Force will also be discussed.

IT Security in Higher Education: A Sea Change

drupal — Wed, 18 Oct 2006 15:56:50 -0500

ECAR data from 2003 and 2005 make it possible to compare the state of IT security over a critical two-year period. The findings from this analysis are striking, revealing an organizational, technological, and behavioral sea change as U.S. and Canadian universities and colleges have significantly improved all aspects of their IT security.

A Successful Tool to Create Positive Change: Result of an IT Risk Assessment and Benchmark at Scandinavian Universities

drupal — Tue, 01 Nov 2005 12:34:34 -0600

Current cost pressures, technology changes, and new requirements meant that changes were needed in the way IT was managed at Scandinavian universities. This session will present results from an IT risk assessment and benchmark (costs, risk management, quality) at 26 Scandinavian universities and how those results have been used to improve IT management at our universities.

Security Assessments for Information Technology

drupal — Tue, 01 Nov 2005 12:34:32 -0600

Baylor University recently conducted a campus-wide information technology security assessment. The session will present the assessment process, from choosing a consultant to remediation of the assessment's discoveries. The result is a long-term strategy and metrics for information technology security within the university.

Systemic Barriers to IT Security

drupal — Mon, 23 Aug 2004 15:28:40 -0500

The University of Texas System chancellor's security initiative required the 15 academic and health institutions to evaluate IT security, both centrally and in all departments. A security group was charged with reviewing these assessments to identify systemic barriers to IT security. The systemic barriers and mitigation strategies will be discussed.

Centralizing IT Risk Assessment and Measuring Security Policy Compliance

drupal — Fri, 20 Aug 2004 11:34:35 -0500

In a decentralized environment, centralizing the periodic risk assessment process offers many advantages, including the ability to derive a composite view of the institutional risks and highlight security policy compliance issues. This session will focus on a centralized solution that Texas A&M University has implemented and share some of the outcomes.

Defining Risk and Fixing the Top 20: Security 101 for a Small School

drupal — Wed, 30 Jul 2003 14:17:54 -0500

What are the security issues for a small school with small budgets? Am I a target if I'm a small school with a low profile? Basic security rules and policies should be implemented at any school and home. What you have to address will vary depending on your risk assessment, not your budget.