Security Management and Data Security

The EDUCAUSE/Internet2 Computer and Network Security Task Force (STF) provides a focal point for the academic community to join together to strengthen the ability of the higher education sector to respond to growing threats to information security and to protect the privacy of our community members. This strategic plan is intended to set forth a vision for the higher education community and provide a concise roadmap to guide the efforts of the STF. This roadmap emphasizes continuous and evolutionary community investment in converting our understanding of risks and issues into solutions based on effective practices, as well as the urgent need to build the national capability across the higher education sector to respond quickly and effectively as a community to new threats and vulnerabilities.

Two of the entries on the long list of data breaches in higher education are Georgetown University and UCLA. Timothy Lance recently talked with the IT policy officers at these two institutions to identify some of the policy implications of handling data breaches.

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

Everyone wants to know how to "be secure." The myriad higher ed compliance requirements, coupled with a constantly dynamic attacker strategy, have made this question more difficult than ever to answer. Come talk with representatives from three institutions that managed to craft a rational, coherent strategy for standardizing security.

It's estimated that the black market trafficking of stolen electronic identities will increase to $1.6 billion in 2010. Finding personal information is an increasingly complex problem due the myriad places it can reside and forms it can take on computers. Learn not only how to find it but also how to easily and quickly protect it.

An identity management system often becomes a critical source of information for electronic services. Demands for data can result in tension between those who collect and safeguard the data and those who leverage it. This presentation will discuss the role that data governance plays at USC to both serve and protect.

Since instituting a mandatory review and approval process for all contracts involving IT, we've become aware of how few people know how to prepare a good contract and how few contracts truly protect our data. Whether the amount of data is minor or mind-blowing, processes and templates can help protect our data and our institutions.

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

The Rochester Institute of Technology provides security awareness online workshops on protecting your computer and yourself from outside online intruders, and other data security information handling.