Security Task Force Announcements

EDUCAUSE has published the results of the 2008 Current Issues Survey, and this year Security edged out Funding IT as the top strategic challenge.

The latest EDUCAUSE Quarterly article, "Current Issues Survey Report, 2008", states:

The EDUCAUSE/Internet2 Computer and Network Security Task Force, in cooperation with the ResearchChannel, is conducting its third annual contest in search of computer security awareness posters and short videos developed by college students for college students. The contest, which is co-sponsored by the National Cyber Security Alliance (NCSA) and CyberWATCH, offers cash prizes ($1,000, $800 and $400) to the winners in each of the four categories. It also provides an opportunity for students to gain experience by developing creative and effective short videos or posters. The deadline for submission of entries is April 30, 2009.

Congratulations to Baker College (Flint, Michigan) on winning the third annual National Collegiate Cyber Defense Competition! After competing for the last three years, the Baker College team finally made it past the regional level to beat the 2007 winners from Texas A&M University.

The competition is a three day event hosted by the University of Texas at San Antonio's Center for Infrastructure Assurance and Security, a cybersecurity research and education center. Students have the opportunity to test their knowledge of network infrastructure management and protection in an operational environment. The competition also provides students with a chance to interact and discuss the security and operational challenges they will face upon entering the job market.

The EDUCAUSE/Internet Security Task Force provided a briefing to the CSIS Commission on Cyber Security for the 44th Presidency on March 12, 2008, during the event "Improving Cybersecurity: Recommendations from Private Sector Experts". A 1-page summary of the briefing is available, as well as the complete transcript.

FireEye, Inc., a leader in global anti-botnet protection, announced that it has joined Internet2 as a corporate member. FireEye plans to collaborate with the Internet2 community on advanced network security projects involving high-performance network security and next- generation malware analysis In addition, FireEye and Internet2 will host a joint webinar titled "Botnet Incident Response" on April 2, 2008. FireEye's chief security content officer Dr. Fengmin Gong will also present "Scaling Security Analysis vs. Next-Gen Botnet Malware Using VM-Based Analysis" at the Spring Internet2 Member Meeting on April 21-23 in Arlington, Va.

The Security Task Force Risk Assessment Working Group wishes to inform higher education information security practioners of a few recent resource updates which are now available from the Risk Management section of the IT Security Guide. 

The Information Security Risk Assessment Consultants list provides a listing of vendors known to have conducted some form of IS risk assessment for at least one higher education institution. The only way a vendor can get onto this list is to be placed there by an EDUCAUSE member institution that has engaged the consultant. Each entry on this list provides a link to the institution which has provided the vendor reference. The list can be a starting place for schools that are seeking a consultant; referencing institutions may be willing to provide additional information about the vendor and the consulting engagement when asked.

EDUCAUSE has joined with NACUBO and several other higher education associations to launch a national campus safety and security project. The project team will conduct an 18-month study that will examine threats of every nature facing colleges and universities and develop guidelines for campus emergency management plans for prevention, preparedness, response, and recovery. Mark Luker, vice president of EDUCAUSE, underscores the importance of addressing campus threats through a multi-organizational effort: "EDUCAUSE, for example, has investigated cyber security and assisted institutions in solving related problems. Expanding on our past efforts in the most meaningful way to colleges and universities requires more of an enterprise approach. We’re looking forward to this opportunity to integrate the concerns and work of EDUCAUSE with those of our partners in the higher education community who represent other components of campus life."

Related link: EDUCAUSE/Internet 2 Computer and Network Security Task Force

Watch the video or listen to the podcast of Bruce Schneier's recent keynote speech, "Bruce Schneier on Information Security: Ten Trends", which was delivered at the EDUCAUSE 2007 Annual Conference in Seattle, Washington on October 26, 2007.

You can also hear a 14 minute interview with Bruce Schneier. Listen in as he shares some insightful words about privacy along with interesting commentary about ethics, cybersecurity, and blogging.

A study of ERP security issues produced a checklist that shows institutions what to look for while letting vendors know what campuses consider important. Learn more about this in the recent EDUCAUSE Quarterly article, "A Security Checklist for ERP Implementations" by former Security Task Force co-chair Joy R. Hughes and co-author Robert Beer.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

We would like to thank Joy Hughes (CIO & Vice President, Information Technology, George Mason University) for her 3 years of service as a co-chair and 4 years of service as a member of the EDUCAUSE/Internet2 Computer and Network Security Task Force.

We would also like to welcome Mely Tynan (Vice President for IT and CIO, Tufts University), who begins her term as co-chair of the Security Task Force. She will serve alongside Pete Siegel (CIO & Vice Provost, Information & Educational Technology, University of California, Davis), a co-chair since 2006.

This year's National Cyber Security Awareness Month (NCSAM) is now over and the list of 2007 campus events on the EDUCAUSE Security Task Force Web site demonstrates the tremendous effort, creativity, and hard work that many of you contributed in support of this important initiative. Thank you to all of you for your support.

If your event is not yet listed on the website, please share the URL or brief description of your NCSAM-related initiatives, as well as the outcomes you realized, with the participants on the Security Discussion list or send an email to: Security-Task-Force@educause.edu.

Join us in Seattle at the EDUCAUSE 2007 Security Task Force Open Meeting, October 25, 12:45-2:15 p.m. (Grand Ballroom A, 2nd floor, Sheraton Hotel). You will learn more about the initiatives of the Security Task Force, including progress in strategic areas such as data protection, risk assessment, incident response, and business continuity. Attendees are invited to bring questions and suggestions regarding efforts to improve IT security in higher education. Volunteer opportunities will also be described. Explore other security-related conference sessions at EDUCAUSE 2007.

Please note: There will be NO walk-in registration on site in Seattle.

October is National Cyber Security Awareness Month (NCSAM). As we rely more on technology-based solutions in our everyday lives, cybersecurity becomes everyone’s responsibility. We encourage you to consider ways you can raise awareness among your faculty, staff, and students, and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Additional EDUCAUSE resources include: