EDUCAUSE | Security Task Force Announcements and Cybersecurity

National Cyber Security Awareness Month 2008 Wrap-Up

vvogel — Tue, 04 Nov 2008 16:15:42 -0600

This year's National Cyber Security Awareness Month (NCSAM) is now over and the list of 2008 campus events on the EDUCAUSE Security Task Force NCSAM Resource Kit website, demonstrates the tremendous effort, creativity and hard work that many of you contributed in support of this important initiative. THANK YOU to all of you for your support.

If your event is not yet listed on the website, please share the URL or brief description of your NCSAM-related initiatives, as well as the outcomes you realized, with the participants on this discussion list or send an email to Security-Task-Force@educause.edu.

Sincerely,

Awareness and Training Working Group Co-Chairs Cherry Delaney (Purdue University) and Jodi Ito (University of Hawaii)

Participate as a Presenter at the 2009 Security Professionals Conference

vvogel — Mon, 20 Oct 2008 15:25:56 -0500

The 2009 EDUCAUSE and Inernet2 Security Professionals Conference—featuring keynote speakers Joanne McNabb, Chief of the Office of Privacy Protection, State of California, and Edward Amoroso, Chief Information Security Officer, AT&T—will address privacy and security topics in the areas of management and operations, policy and compliance, and technology.

Participate as a presenter: Presenters help create an innovative and informative program, make valuable contacts, and gain recognition for their achievements and their organization's. Presentations will need to address one of the following categories:

Management and Operations
Policy and Compliance
Technology

Presentation proposals are being accepted through November 24, 2008. Submit a proposal online.

Free EDUCAUSE Webcast 10/22/08 on Identity Theft Rules

vvogel — Mon, 13 Oct 2008 10:50:04 -0500

New federal regulations to address identity theft go into effect November 1, 2008, and are likely to affect colleges and universities in nuanced ways. Compliance will require careful study and collaboration among business officers, human resources, legal counsel, student services, IT, and other affected campus units. The rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency. They also require that institutions develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts.

Who is subject to and must comply with the regulations on ID Theft Red Flags and Notices of Address Discrepancy? What business practices at colleges and universities are covered by the rules? What are some of the things that entities subject to the rules must do? What role does IT play in compliance with the rules? What are the penalties for failure to comply? On Wednesday, October 22, from 2-3 p.m. U.S. Eastern Time, EDUCAUSE will host a webcast featuring Naomi Lefkovitz from the Federal Trade Commission (FTC) to address many of these questions and more. For details and connection instructions, visit http://connect.educause.edu/term_view/ID+Theft+Red+Flags. This webcast is open to the public at no charge and no registration is required. It will also be archived and accessible to all.

Brought to you by EDUCAUSE, in cooperation with the American Council on Education (ACE), Coalition of Higher Education Assistance Organizations (COHEAO), College and University Professional Association for Human Resources (CUPA-HR), International Association of Privacy Professionals (IAPP), National Association of College and University Attorneys (NACUA), and the National Association of College and University Business Officers (NACUBO).

DNSSEC Notice of Inquiry

vvogel — Fri, 10 Oct 2008 09:41:12 -0500

The National Telecommunications and Information Administration (NTIA) is inviting comments regarding Domain Name and Addressing System Security Extensions (DNSSEC) implementation at the root zone. Comments are due on November 24, 2008. EDUCAUSE and Internet2 are planning to prepare joint comments so your input is welcome. Below are a few additional resources:

DHS Releases IT Security Essential Body of Knowledge

vvogel — Thu, 02 Oct 2008 10:42:24 -0500

The U.S. Department of Homeland Security (DHS) has published the IT Security Essential Body of Knowledge (EBK). A Glossary of Key Terms used in the EBK is also provided.

According to the overview on the US-CERT website:

The IT Security EBK conceptualizes IT security skill requirements in a new way to address evolving IT security challenges. The EBK characterizes the IT security workforce and provides a national baseline representing the essential knowledge and skills that IT security practitioners should have to perform specific roles and responsibilities.

The EBK was featured in a November 2007 EDUCAUSE Live! presentation when DHS was accepting comments on a draft version of the document.

National Cyber Security Awareness Month 2008 is HERE!

vvogel — Wed, 01 Oct 2008 16:07:08 -0500

October is National Cyber Security Awareness Month (NCSAM). As we rely more on technology-based solutions in our everyday lives, cybersecurity becomes everyone's responsibility. We encourage you to consider ways you can raise awareness among your faculty, staff, and students and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Additional EDUCAUSE resources include:

Additional National Cyber Security Alliance resources include:

NCSAM Web Banners, Events, Materials, and Endorsers

Many colleges and universities are planning events or developing awareness resources for NCSAM that we would like to highlight as part of higher education's ongoing efforts to increase awareness within our community. A list of institutions holding events in 2008 is currently available online. We would like to update this list with your events that will be held this October. Please share the URL or plans for your NCSAM-related initiatives with the participants on the Security Discussion list, or send an email to: Security-Task-Force@educause.edu.

There are also several exciting, cross-sector security awareness events in October. They are:

Rochester Security Summit (University of Rochester)
Who's Watching Charlottesville? (University of Virginia)

Security & Privacy-Related Sessions at EDUCAUSE 2008

vvogel — Wed, 24 Sep 2008 14:50:50 -0500

Explore the security and privacy-related conference sessions at EDUCAUSE 2008 (October 28-31 in Orlando, Florida). Register for the conference by September 29 to receive the low early-bird rates.

And don't forget to join the Security Task Force Open Meeting in Orlando on Thursday, October 30, 12:45-2:00 pm in Room W307AB. You will learn more about the initiatives of the Security Task Force, including progress in strategic areas such as executive commitment and action, data privacy and security, effective practices and solutions, information sharing mechanisms, and new tools and technologies. Attendees are invited to bring questions and suggestions regarding efforts to improve IT security in higher education. Volunteer opportunities will also be described.

Share Your Campus Plans to Observe National Cyber Security Awareness Month 2008

vvogel — Wed, 17 Sep 2008 17:05:20 -0500

October is National Cyber Security Awareness Month (NCSAM)...but it's never too soon to start planning your campus events!!! We encourage you to consider ways that you can raise awareness among your faculty, staff, and students, and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Many colleges and universities are already planning events or developing awareness resources for NCSAM that we would like to highlight as part of higher education's ongoing efforts to increase awareness within our community. We've already started a list of institutions that will be holding events in October 2008. Please share the URL or plans for your NCSAM-related initiatives with the Security Discussion Group or send us an e-mail so your institution's plans can be included.

Additional resources include:

Information Sharing for IT Security Professionals

vvogel — Wed, 13 Aug 2008 14:44:50 -0500

Learn how to develop a network of professional contacts in order to create an effective support system for information sharing within the IT Security community. Read the article "Information Sharing for IT Security Professionals" by EDUCAUSE Security Task Force Coordinator, Rodney Petersen in the latest EDUCAUSE Quarterly.

Security is Number One IT Issue According to 2008 Current Issues Survey Report

vvogel — Thu, 29 May 2008 18:02:05 -0500

EDUCAUSE has published the results of the 2008 Current Issues Survey, and this year Security edged out Funding IT as the top strategic challenge.

The latest EDUCAUSE Quarterly article, "Current Issues Survey Report, 2008", states:

It is no wonder that IT security has again emerged as the top strategic issue for colleges and universities given the increasing amount of critical data and new services that are available electronically and need to be protected. The persistence of security incidents and reported data breaches, and a growing number of compliance requirements including security-related state and federal regulations and contractual obligations, make this a central and acute concern of all IT organizations, no matter their institutions' sizes and missions. College and university personnel have a daunting task to ensure the security of information resources while operating within a culture of openness and decentralization. In addition, the changing nature of the threats continues to challenge IT organizations.

The article goes on to suggest security issues that institutions need to address. Security-related resources are available as part of the 2008 Current Issues Resources.