Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | thomas-lester |
View: | 215 times |
Download: | 0 times |
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business
Rodney J. PetersenUniversity of Maryland
&Educause/Internet2 Security Task
Force
E-Risks Threats vs. Vulnerabilities Legal Liabilities Risk Management
Identifying the Risks Calculating the Costs Mitigating the Risks Outsourcing the Risks Managing the Risks
Availability Computers, systems and networks
must be available on a timely basis to meet mission requirements or to avoid substantial losses.
Integrity Computers, systems, and networks
that contain information must be protected from unauthorized, unanticipated, or unintentional modification.
Confidentiality Computers, systems, and networks
that contain information require protection from unauthorized use or disclosure.
Asset/System Identification Human Resources/Payroll Systems Student Information Patient Records Financial Systems Course Information Intellectual Property/Research Data Facilities Management Systems Alumni and Donor Records
Improving Higher Education IT Security for 2002 - Gartner Business continuity – to recover after an
incident or avoid the consequences of an outage
Improved responsiveness to security incidents, which promotes an environment of continual risk management
Improved user authentication across multiple systems, including a single sign-on that uses robust directory services.
Security Improvement - Cont’d Improved security for remote users,
including the use of VPN clients and antiviral software.
Improved directory services to ensure the institution has current information about the location and contact information for every user.
Strengthened policies to achieve a better balance between user freedom and systems integrity.
Top 10 Info-Security PoliciesPentaSafe Security Technologies, Inc.
Background Checks Maintaining a low Profile ID Badges Update and Test Contingency Plans Store Critical Data Off-Site Install Latest Patches Use Intrusion Detection Systems Minimum Levels of Monitoring and Logging Assign Explicit Responsibilities for Security Periodic Risk Assessments of Critical Systems
Establishing A Security Policy Plans Strategies Decisions IT Architecture – Standards Policies, Procedures, and Practices Guidelines
Policy Development Resource Association of College and
University Policy Administrators (ACUPA)
ACUPA2003, Spring Meeting in April hosted by the University of Minnesota, Minneapolis, MN
For more information, see:http://www.umd.edu/acupa
Framework for Action Make IT security a higher and more visible
priority in higher education Do a better job with existing security tools,
including revision of institutional policies Design, develop, and deploy improved
security for future research and education networks
Raise the level of security collaboration among higher education, industry, and government
Integrate higher education work on security into the broader national effort to strengthen critical infrastructure
Educause/Internet2 Computer & Network Security Task Force Co-Chairs
Dan Updegrove, University of Texas, Austin Gordon Wishon, University of Notre Dame
Former Task Force Committees Education and Awareness Policy and Legal Issues Detection, Prevention, and Response Emerging Technologies
See http://www.educause.edu/security See http://security.internet2.edu
Invitational Workshops Vision and Principles IT Security/Policy Professionals User Community Higher Ed IT Security Summit
National Strategy to Secure Cyberspace Development of a National Strategy Report to the President To be delivered this Summer President's Special Advisor for Cyber
Security Critical Infrastructure Assurance Office Questions: www.gcn.com/cybersecurity
National Strategy Questions Level 1 – The Home User and Small Business Level 2 – Major Enterprises Level 3 – Sectors of the National Information
Infrastructure The Federal Government The Private Sector State and Local Government Higher Education
Level 4 – National Level Institutions and Policies
Level 5 - Global
National Strategy & Higher Ed
Preventing attacks from Universities: How can academic freedom of inquiry be maintained while at the same time preventing the large scale computing power of universities from being hijacked for denial of service attacks and other malicious activity directed at other sites?
National Strategy & Higher Ed
Preventing attacks within Universities: What functions on a university system require high levels of IT security (e.g., medical records, research trials, patents) and how is that best achieved within the context of an academic setting?
National Strategy & Higher Ed
Organization: How can universities best organize to address the IT security questions they face in common? Should best practices or standards be agreed on a national level? Should there be a mechanism for information sharing on threats and vulnerabilities among university CIOs and systems administrators?
Publications About Security Higher Education Contribution to National
Strategy To Secure Cyberspace EDUCAUSE Center for Applied Research Report Commissioned Works for Invitational Workshops Jossey-Bass Security Monograph
IT Security and Academic Values Creating and Implementing An IT Security Plan Conducting a Business Impact Analysis Education and Awareness Legal Issues, Risk Assessment, and Insurance Security Policies, Procedures, and Guidelines Incident Prevention, Detection and Response
Letter to the President Is the letter to the president the right
place to start? What would it say? What is the
message? CIO: What is your response if president
offers $1 million to address security? How will you spend it?
CFO: What is your response if president requests to allocate $1 million to IT security? How will you fund it?
For more information:
Visit http://www.educause.edu/security
orContact Rodney Petersen
Email: [email protected]: 301.405.7349