Search| Browse| Contribute
Library| Blogs| Jobs| Podcasts| Wikis| Feeds
Page Location:
Home > Browse > Cybersecurity > Security Management > Information Assurance (19 records)
Alternate ViewsRSS

Information Assurance

Recent resources tagged with Information Assurance.

PKI and LOA: It's Probably Not What You Think
Added by the EDUCAUSE Librarian
Title:PKI and LOA: It's Probably Not What You Think (ID: PKI08006)
Author(s):Stefan Wahe (University of Wisconsin-Madison) and David L. Wasley (University of California Office of the President)
Origin:Presented at PKI Meetings (04/16/2008)
Type:Presentations/Speeches
Abstract:

A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner can assume a specific known physical person is associated with credentials issued by a registration authority, and (2) that physical person presented credentials before attempting to access the resource. The requirements for the level of certainty at both ends of that set of transactions should be driven by a risk assessment based on the value of the resources being protected. This session will describe the concept of LoA, outline its general components, and discuss how PKI can fit into a successful implementation of LoA.

View this resource:
http://www.educause.edu/ir/library/powerpoint/PKI08006A.ppsPKI and LOA: UW-Madison Case Study -
http://www.cio.wisc.edu/security/docs/CAF_Assmnt_Tool.pdfCAF Assessment Tool
[Off site]
http://www.educause.edu/ir/library/powerpoint/PKI08006B.ppsPKI & LOA
| | |
Send to a Friend  66 reads

Building and Maintaining a Successful Vulnerability Assessment and Patch Management Program
Added by the EDUCAUSE Librarian
Title:Building and Maintaining a Successful Vulnerability Assessment and Patch Management Program (ID: WRC08072)
Author(s):Terri Brutzman (Naval Postgraduate School) and Jason Cullum (Naval Postgraduate School)
Origin:Presented at Western Regional conferences (03/31/2008)
Type:Presentations/Speeches
Abstract:

The practice of information assurance in a university computing environment requires a well-established patch management system, balanced with a vulnerability assessment process to effectively protect institutional resources. This presentation will introduce a model that has proven successful at our institution.

View this resource:
http://www.educause.edu/ir/library/powerpoint/WRC08072.pps
| | | | | |
Send to a Friend  214 reads

Connecting the Academic Experience to the Operational Security Needs of Higher Education
Added by the EDUCAUSE Librarian
Title:Connecting the Academic Experience to the Operational Security Needs of Higher Education (ID: EPO0730)
Author(s):Rodney J. Petersen (EDUCAUSE) and Peter M. Siegel (University of California, Davis)
Origin:Contributed by the EDUCAUSE Policy Office (2007)
Type:Presentations/Speeches
Abstract:One of the criteria for becoming a National Center of Academic Excellence in Information Assurance Education is for "the academic program to demonstrate how the university encourages the practice of IA, not merely that IA is taught." There is a pressing need for institutions of higher education to secure their computer systems, campus networks, and protect information assets. The EDUCAUSE/Internet2 Computer and Network Security Task Force has identified several areas where students and faculty could gain valuable experience while at the same time performing a valuable service to the campus community. This session will challenge IA students, faculty, and administrators to leverage partnerships and collaborations with their college and university IT operations where practical insights can supplement the academic experience.
View this resource:
http://www.educause.edu/ir/library/powerpoint/EPO0730.pps
|
Login to post comments  Send to a Friend  1881 reads

Bringing it All Together: Charting Your Roadmap
Added by the EDUCAUSE Librarian
Title:Bringing it All Together: Charting Your Roadmap (ID: EAF07109)
Author(s):Andrea Beesing (Cornell University) and Paul Caskey (University of Texas System)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/08/2007)
Type:Presentations/Speeches
Abstract:From the previous exercise, participants may have determined that there is a gap between their current practice and what's required after doing the risk assessment and LoA determination. How does one figure out what to do next? This discussion and presentation session will provide some guidance and offer case studies on Roadmaps other schools have developed.
View this resource:
http://www.educause.edu/ir/library/pdf/EAF07109.pdf
http://www.educause.edu/ir/library/pdf/EAF07109B.pdfNotes from Bringing it All Together
http://www.educause.edu/ir/library/powerpoint/EAF07109A.ppsUT System Roadmap
| | |
Login to post comments  Send to a Friend  1619 reads

Levels of Assurance: Trust, Security, and Interoperability
Added by the EDUCAUSE Librarian
Title:Levels of Assurance: Trust, Security, and Interoperability (ID: EAF07115)
Author(s):Mark B. Jones (The University of Texas Health Science Center at Houston)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/07/2007)
Type:Presentations/Speeches
Abstract:The University of Texas Health Science Center at Houston give an overview of Levels of Assurance.
View this resource:
http://www.educause.edu/ir/library/pdf/EAF07115.pdf
Login to post comments  Send to a Friend  1518 reads

Technical Issues with Establishing LoA
Added by the EDUCAUSE Librarian
Title:Technical Issues with Establishing LoA (ID: EAF07116)
Author(s):Zephyr McLaughlin (University of Washington)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/08/2007)
Type:Presentations/Speeches
Abstract:To prepare the technology architects and implementers, this session will provide a chance to explore topics such as architecting an authentication system to support a given LoA used by the federal government and deciding on password and logging requirements.
View this resource:
http://www.educause.edu/ir/library/powerpoint/EAF07116.pps
http://www.educause.edu/ir/library/pdf/EAF07116A.pdfNotes from Technical Issues with Establishing LoA
| |
Login to post comments  Send to a Friend  1599 reads

The Importance of Establishing Levels of Assurance
Added by the EDUCAUSE Librarian
Title:The Importance of Establishing Levels of Assurance (ID: EAF07107)
Author(s):Andrea Beesing (Cornell University), Kevin M. Morooney (The Pennsylvania State University), and R.L. Morgan (University of Washington)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/08/2007)
Type:Presentations/Speeches
Abstract:Levels of assurance (LoA) describes the degree of certainty that the user has presented an identifier (a credential in this context) that refers to the user presenting it. This session will further explore the LoA concept by discussing key components such as identity proofing and credential issuing processes, identifying relevant risk assessment factors, and reflecting on where and why LoA is important and the impact on the institution.
View this resource:
http://www.educause.edu/ir/library/pdf/EAF07107.pdf
http://www.educause.edu/ir/library/pdf/EAF07107A.pdfEstablish LOA at Cornell
http://www.educause.edu/ir/library/pdf/EAF07107A.pdfLevels of Assurance and Federations
http://www.educause.edu/ir/library/pdf/EAF07107A.pdfNotes from Importance of Establishing LoA
| |
Login to post comments  Send to a Friend  1798 reads

Using LoA: Management Issues
Added by the EDUCAUSE Librarian
Title:Using LoA: Management Issues (ID: EAF07119)
Author(s):Renee Shuey (The Pennsylvania State University)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/08/2007)
Type:Presentations/Speeches
Abstract:After establishing the desired level(s) of assurance needed by the campus, what are the management issues to consider? What change procedures must be in place? What are the issues associated with establishing multifactor authentication? How do you add new user populations to the mix or proof the identity of remote users? What are the issues surrounding the addition of new applications to the authentication service? This session will explore the management issues associated with managing, adding to, and changing the authentication system and related LoA.
View this resource:
http://www.educause.edu/ir/library/powerpoint/EAF07119.ppsUsing LOA's
|
Login to post comments  Send to a Friend  1498 reads

Using LoA: Technical Issues
Added by the EDUCAUSE Librarian
Title:Using LoA: Technical Issues (ID: EAF07118)
Author(s):Mark Miller (The Pennsylvania State University)
Origin:Contributed by EDUCAUSE Grant Programs (CAMP) (02/08/2007)
Type:Presentations/Speeches
Abstract:After establishing the desired level(s) of assurance needed by the campus, what are the technology issues to consider? How do you manage password resets/changes? How should you approach adding new applications to the authentication service that have a different LoA requirement? This session will explore the technology issues involved in managing and using credentials with a specific LoA.
View this resource:
http://www.educause.edu/ir/library/powerpoint/EAF07118.ppsUsing LOA: Technical
| |
Login to post comments  Send to a Friend  1550 reads

ISO 27001: Information Security Management Systems
Created by Stuart Yeates (University of Oxford) on July 28, 2006

If you or your organisation are one of the many concerned with the number and scope of computer security breeches reported in the press and are keen to avoid being the focus of such events, you may be interested in ISO 27001: Information Security Management Systems.

The standard provides a framework for compliance with local requirements (such as the Sarbanes-Oxley Act (SOX) in the US) and for encouraging and developing best-practice in information security management. It is harmonised with other ISO management standards, to assist those organisations with a standards culture.

The IT Managers Journal is currently running an excellent article on ISO 27001

From the standard:

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

| | | | | |
StuartYeates's blog  1 comment  Read more  Send to Friend  7434 reads
12next ›last »