Security Task Force Announcements and Security Planning

The 2009 EDUCAUSE and Inernet2 Security Professionals Conference—featuring keynote speakers Joanne McNabb, Chief of the Office of Privacy Protection, State of California, and Edward Amoroso, Chief Information Security Officer, AT&T—will address privacy and security topics in the areas of management and operations, policy and compliance, and technology.

Participate as a presenter: Presenters help create an innovative and informative program, make valuable contacts, and gain recognition for their achievements and their organization's. Presentations will need to address one of the following categories:

In "Security Metrics: A Solution in Search of a Problem", a recent EDUCAUSE Quarterly article, Joel Rosenblatt (Manager of Computer and Network Security, Columbia University) describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.

EDUCAUSE has published the results of the 2008 Current Issues Survey, and this year Security edged out Funding IT as the top strategic challenge.

The latest EDUCAUSE Quarterly article, "Current Issues Survey Report, 2008", states:

EDUCAUSE has joined with NACUBO and several other higher education associations to launch a national campus safety and security project. The project team will conduct an 18-month study that will examine threats of every nature facing colleges and universities and develop guidelines for campus emergency management plans for prevention, preparedness, response, and recovery. Mark Luker, vice president of EDUCAUSE, underscores the importance of addressing campus threats through a multi-organizational effort: "EDUCAUSE, for example, has investigated cyber security and assisted institutions in solving related problems. Expanding on our past efforts in the most meaningful way to colleges and universities requires more of an enterprise approach. We’re looking forward to this opportunity to integrate the concerns and work of EDUCAUSE with those of our partners in the higher education community who represent other components of campus life."

Related link: EDUCAUSE/Internet 2 Computer and Network Security Task Force

Watch the video or listen to the podcast of Bruce Schneier's recent keynote speech, "Bruce Schneier on Information Security: Ten Trends", which was delivered at the EDUCAUSE 2007 Annual Conference in Seattle, Washington on October 26, 2007.

You can also hear a 14 minute interview with Bruce Schneier. Listen in as he shares some insightful words about privacy along with interesting commentary about ethics, cybersecurity, and blogging.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

Explore the new PCI DSS Resource Page. View Community Resources (under the "Other" tab) or contribute your own resources.

Learn more about George Mason University's executive enterprise risk management approach in the September 2006 University Business article, "Business Continuity Planning", by Joy R. Hughes (Security Task Force Co-Chair), et al.

The EDUCAUSE/Internet2 Security Task Force Risk Assessment Working Group has released the Risk Assessment Framework, which provides a high-level overview of assessing information systems within higher education.

View additional Security Risk Assessment and Analysis resources available in the EDUCAUSE Resource Center.