Privacy and Security Management

System trustworthiness is needed for security, reliability, survivability, safety, and for many application areas such as critical infrastructures, robust networking, and high-integrity elections. Trustworthiness ultimately requires many changes in the way systems are developed today. Being respectful of privacy needs requires further care. This talk considers a variety of approaches that can enhance system trustworthiness, sensible system development practices, and a system-oriented view toward achieving the desired changes.

On behalf of several higher education associations, the American Council on Education submitted comments on the Family Educational Rights and Privacy Act

Comments of the EDUCAUSE/Internet2 Computer and Network Security Task Force on the Family Educational Rights and Privacy Act; Proposed Rule, Federal Register, Vol. 73, No. 57, U.S. Department of Education, Office of Planning, Evaluation and Policy Development

This "Briefing to CSIS Commission on Cyber Security for the 44th Presidency" By Rodney Petersen and Jack Suess on behalf of the EDUCAUSE/Internet2 IT Security Task Force was presented to the Commission on Cyber Security for the 44th Presidency. The agenda was "Improving Cybersecurity: Recommendations from Private Sector Experts".

The following is an excerpt from an interview with Bruce Schneier. Matt Pasiewicz, EDUCAUSE content program manager, conducted the interview at the EDUCAUSE 2007 Annual Conference. The full podcast is available at <http://connect.educause.edu/blog/mpasiewicz/e07podcastaninterviewwith/45439>. In the interview, Schneier answers questions about security and privacy issues.

"When is higher education going to get serious about safeguarding the private information of students,
faculty, and staff?"

Colleges and universities possess an exceptional volume and variety of personal information. Our stewardship of such information has been inconsistent and inadequate, and we often implement new technologies and systems without considering systemic privacy and security implications. Although many publicly reported security breaches occur on campuses, we have been slow to provide training in privacy and security issues, rarely audit for compliance, and lag far behind industry and government in appointing privacy and security officers. This session will address the information policy challenges facing colleges and universities, today and in the future, and will offer practical steps for overcoming them.

Security offices have always had occasional interactions with law enforcement either in the course of an investigation or through the need to respond to legal instruments. With the professionalization of hacking and the increased attention electronic communications receive with regard to national security, many security professionals find themselves working regularly with the FBI and other law enforcement agencies. By having a positive and professional relationship with law enforcement, it is possible both to protect the privacy of your institution's community and to minimize the disruptive impact legally driven investigations can have. This presentation will offer practical recommendations based on experience.