Web Seminars Contributed by EDUCAUSE and Security Risk Assessment and Analysis

The main campus of The George Washington University is located just a few blocks from the White House. The series of events surrounding 9/11 helped to accelerate advancement of a university-wide business continuity (BC) program years ahead of many other universities. Starting six years ago, the central IT program started the planning process for its disaster recovery program with a comprehensive risk assessment, something only about 11 percent of universities have completed to date. Over time the program has evolved from a focus on IT recovery from failure and disaster to a proactive program focused on fault-tolerant continuous modes of operations. In the last two years the focus has shifted and matured to university-wide emergency management and preparedness. Much has been learned over the past six years that will be shared during this presentation, including approaches to help facilitate reliable and continuous modes of operations, the importance of communications, and how to sell and pay for BC. GW will also share their departmental guides and templates for BC planning and assessment and answer questions about BC.

The presentation will identify the FBI's role in combating malicious code outbreaks and investigating computer intrusion incidents, as well as the objectives of malware analysis. The malicious code cycle of harvesting, harnessing, and executing will be explained and the status of universities as malware targets will be discussed. Finally, the presentation will offer synopses of successes, future challenges, and how organizations can assist with investigations.

The EDUCAUSE Center for Applied Research (ECAR) study of IT security in higher education portrays an industry that is struggling to secure a culturally open environment against the rising tide of threats posed both from within and without higher education. This session will summarize key survey findings regarding IT security technologies implemented by higher education institutions. It will also introduce a new Effective Security Practices Guide developed by the EDUCAUSE/Internet2 Computer and Network Security Task Force that contains resources on network and host vulnerability assessment, security architecture design, network and host security implementation, virus and intrusion detection, incident handling and response, and encryption and authentication.

Monitoring risks associated with IT is a shared institutional responsibility. Between operational responsibilities for promoting strong information systems and independent assessments throughout the campus, opportunities exist for IT and internal auditing to work collaboratively. This session will discuss successful models of collaboration between internal auditing and IT at Georgia Tech.