Security Management, Data Security, and Presented at EDUCAUSE Annual Conferences

Everyone within an institution of higher education has a responsibility to access, use, and disclose organizational information in a responsible manner, compliant with institutional policy and legal statutes. This responsibility extends to other parties granted access to institutional information. Improper maintenance, disposal, or release of institutional administrative information exposes the organization to significant risk. A comprehensive information management program will improve the information-handling and administrative processes, the security of private information, and the management of institutional records and will facilitate the preservation of the institutional memory. Explore from three different institutional perspectives the interplay of a variety of information management topics including building support and buy-in, developing records retention and disposition schedules, managing electronic records, effectively administering e-discovery and requests for release of records, handling inappropriate release of information, implementing data classification and security requirements, maintaining the privacy and security of information, and developing policies and educational requirements.

Authenticated Guest Wireless Access: Simplicity and Security
Christopher Keslar, University of Pittsburgh
The need for guest access is growing as more campuses provide wireless coverage. This presentation will explore a solution for on-demand guest wireless access through a user-friendly and secure process.

Automated Network Access Control at the Edge
Michael S. Hawkins, University of North Carolina at Chapel Hill
Hear how, with a small staff, we reliably manage, secure, prioritize, and deliver voice, video, and data services for over 30,000 people while complying with local, state, and federal regulations.

Caught in the Middle: Implementing University Security Policies at the College Level
Jamey Hansen, University of Minnesota
University security mandates are on one side; independent faculty on the other. Learn how our college IT office walked the fine line between security and service.

Discovering Network Usage Trends and Security Risks Through Network Information Analysis
Matt Tolbert, University of Pittsburgh
This session will share how the University of Pittsburgh successfully captures and visualizes network data to understand network traffic patterns and detect network-based security threats.

NEW! Not in your program!

Contract Themes for Data Protection
Michael A. Corn, University of Illinois at Urbana-Champaign
This session will provide a synthesis of data protection considerations when establishing contract relationships, and will introduce attendees to a comprehensive treatment of this topic that was recently completed by the EDUCAUSE/Internet2 Security Task Force.

Securing Data at Rest, Chandragupta Gudena, Bridgewater State College

As demanded by our ERP implementation schedule, PGCC created a comprehensive information classification scheme and the associated access rights and privileges in time for our president's cabinet and college attorney to approve and have implemented. Come hear our lessons learned and walk away with advice for your own effort.

An identity management system often becomes a critical source of information for electronic services. Demands for data can result in tension between those who collect and safeguard the data and those who leverage it. This presentation will discuss the role data governance plays at USC to both serve and protect.

Surveying current trends in information security, it’s clear that a myriad of forces are at work. But fundamentally, security is all about economics: both attacker and defender are trying to maximize the return on their investments. Economics can both explain why security fails so often and offer new solutions for its success. For example, often the people who could protect a system are not those who suffer the costs of failure. Changing these economic incentives will do more to improve security than will more technology.

Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined approach helps us leverage technology to develop a world-class ISMS that empowers users and improves processes. This session will discuss the importance of developing a comprehensive, risk-management based information security program.

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc initiatives driven by afterthought oversight, the university's focus on information security is maturing into a formalized, integrated business component and directive.