Incident Handling and Response and Security Management

As with many institutional endeavors, successful practice in cybersecurity requires that the players (individuals and teams) operate in the context of a community that faces similar challenges, objectives, and goals. Several community-based organizations support higher education and research institutions in their cybersecurity endeavors.

The EDUCAUSE/Internet2 Security Task Force coordinates community work in the areas of governance, policy, data privacy and security, effective practice, awareness, and professional development. As an independent organization aligned closely with EDUCAUSE and Internet2, the REN-ISAC has primary focus on supporting situational awareness and operational protection and response, through the sharing of actionable information. This presentation will highlight the value of institutional participation in security communities and describe in detail the REN-ISAC organization and community.

Two of the entries on the long list of data breaches in higher education are Georgetown University and UCLA. Timothy Lance recently talked with the IT policy officers at these two institutions to identify some of the policy implications of handling data breaches.

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

With a mixture of centralized and local IT service providers, higher ed presents unique challenges to effective incident response. The University at Albany has developed a web-based incident management and reporting tool that provides immediate sharing of incident information with local responders and real-time incident response functionality (e.g., switch port control).

Recognizing that an incident response policy is only as good as the procedures that support it, Dartmouth College developed its approach to incident response from the bottom up. This session will highlight the advantages of establishing procedures first and policy second when it comes to incident response planning.

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

"When is higher education going to get serious about safeguarding the private information of students,
faculty, and staff?"

This is the final report for the 2007 NSF Cybersecurity Summit, held February 22 & 23rd, 2007, in Arlington, VA.

The higher education community faces increasingly difficult issues of security in a networked world, compounded by the demands of advanced applications. Performance requirements (high bandwidth, end-to-end transparency, new protocols) are essential for the academic mission and innovation, but are not easily accommodated in current approaches to network security. The Salsa group is forging new frontiers to address these issues.