Security Task Force Announcements, Cybersecurity, and Cybersecurity Policy

New federal regulations to address identity theft go into effect November 1, 2008, and are likely to affect colleges and universities in nuanced ways. Compliance will require careful study and collaboration among business officers, human resources, legal counsel, student services, IT, and other affected campus units. The rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency. They also require that institutions develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts.

The National Telecommunications and Information Administration (NTIA) is inviting comments regarding Domain Name and Addressing System Security Extensions (DNSSEC) implementation at the root zone. Comments are due on November 24, 2008. EDUCAUSE and Internet2 are planning to prepare joint comments so your input is welcome. Below are a few additional resources:

• EDUCAUSE Washington Update Blog
• NTIA Press Release
• Federal Register Notice
• DNSSEC Supporting Materials and Comments Received

The U.S. Department of Homeland Security (DHS) has published the IT Security Essential Body of Knowledge (EBK). A Glossary of Key Terms used in the EBK is also provided.

According to the overview on the US-CERT website:

The IT Security EBK conceptualizes IT security skill requirements in a new way to address evolving IT security challenges. The EBK characterizes the IT security workforce and provides a national baseline representing the essential knowledge and skills that IT security practitioners should have to perform specific roles and responsibilities.

The EBK was featured in a November 2007 EDUCAUSE Live! presentation when DHS was accepting comments on a draft version of the document.

The EDUCAUSE/Internet Security Task Force provided a briefing to the CSIS Commission on Cyber Security for the 44th Presidency on March 12, 2008, during the event "Improving Cybersecurity: Recommendations from Private Sector Experts". A 1-page summary of the briefing is available, as well as the complete transcript.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.