EDUCAUSE | Cybersecurity Initiative Announcements Blog Feed

Feature the Information Security Guide's New Graphic on Your Institution's Website

Thu, 26 Apr 2012 17:05:28 +0000

Indiana University recently linked to the Information Security Guide: Effectives Practices and Solutions for Higher Education from their Information Security and Privacy Program page. We invite other institutions of higher education to feature the guide's new graphic and a link to this valuable community resource on their information security website. Two files are included with this announcement. If you would like to request a copy of the Photoshop file created by IU, please contact security-council@educause.edu.

UploadsAttachments:

InfoSecurityGraphic.png

InfoSecurityGraphic(IUsite).png

Secretary Napolitano Announces Homeland Security Academic Advisory Council (HSAAC)

Mon, 12 Mar 2012 15:54:56 +0000

U.S. Department of Homeland Security (DHS) Secretary Janet Napolitano recently announced the formation of the Homeland Security Academic Advisory Council (HSAAC), comprised of prominent university presidents and academic leaders charged with advising the Secretary and senior leadership at the Department on several key issues. The new council underscores the Department’s commitment to working with the academic community. Secretary Napolitano has asked the group, which will be chaired by Dr. Wallace Loh of the University of Maryland, to provide advice and recommendations on issues related to student and recent graduate recruitment; international students; academic research; campus and community resiliency, security and preparedness; and faculty exchanges.

Higher Education Associations Launch New Online Compliance Resource

Mon, 05 Mar 2012 15:43:19 +0000

EDUCAUSE, the National Association of College and University Attorneys (NACUA), and a partnership of 20 higher education associations recently launched the Higher Education Compliance Alliance, a new online resource devoted to helping the higher education community with federal law and regulation compliance.

Federal regulations touch every facet of college and university operations, from employment law to export controls, from international programs to student affairs, from tax issues to accreditation. Dozens of national higher education associations monitor these regulations and produce valuable resources to help their members achieve compliance.

DHS on the Administration's Cybersecurity Legislative Proposal

Mon, 13 Feb 2012 18:15:33 +0000

U.S. Department of Homeland Security (DHS) Deputy Secretary Jane Holl Lute recently addressed the administration's Cybersecurity Legislative Proposal in a blog post, stating that "President Obama has proposed legislation that would give [DHS] the tools to execute [their] cybersecurity mission more effectively. This legislative proposal focuses on clarifying authorities, collaborating with the private sector, and driving measurable progress and outcomes. The President’s proposal would establish national standards, protect federal networks, and allow DHS to provide enhanced voluntary assistance to [their] private sector and state, local, tribal, and territorial government partners. At the same time, it includes important safeguards to protect the privacy and civil liberties of the American public."

Data Privacy Month Campus Activities, January 2012 - What's Your Campus Doing?

Wed, 11 Jan 2012 17:09:02 +0000

Many institutions are celebrating Data Privacy Month in January. Here are just a few examples. We hope that you will be able to adapt these materials for use at your institution or that the creativity behind these activities will inspire you to host your own events or develop your own original resources! If you would like to share your efforts, please contact us.

UploadsAttachments:

Sample Data Privacy Month CIO Email.pdf

PrivacyDPAd.pdf

In Honor of Data Privacy Month, Download Matt Ivester's Book at No Charge (Jan. 27-30)

Wed, 11 Jan 2012 00:09:55 +0000

In honor of Data Privacy Month, you can download Matt Ivester’s book “lol...OMG!” at no charge. The giveaway starts at 12:01 a.m. on January 27, 2012, and expires at 11:59 p.m. on January 30, 2012. Then be sure to join us on Monday, January 30 at 1 p.m. Eastern Time for a webinar with Matt Ivester (author and founder of JuicyCampus).

“lol...OMG!” provides a cautionary look at the many ways that today's students are experiencing the unanticipated negative consequences of their digital decisions from lost job opportunities and denied college and graduate school admissions to full-blown national scandals.
read more

Make Cybersecurity Part of Your 2012 Resolutions

Tue, 10 Jan 2012 18:28:06 +0000

If you’re still looking for a New Year’s resolution, it’s not too late to join the Stop.Think.Connect.™ Campaign in setting online safety resolutions for 2012. Follow these simple steps from the United States Computer Emergency Readiness Team (US-CERT) to enhance increase your devices’ cybersecurity:

Higher Education Information Security Council Releases 2012-13 Strategic Plan

Wed, 04 Jan 2012 23:18:08 +0000

The Higher Education Information Security Council 2012-13 Strategic Plan is now available online. This strategic plan is intended to set forth a vision for the higher education information security community and provide a concise roadmap to guide the efforts of the HEISC in 2012 and 2013. If you missed the Town Hall webinar on January 9, where we discussed the council's vision, mission, goals, objectives, and current working group activities, an archived recording is now available.

Federal Cybersecurity R&D Strategic Plan Released, December 2011

Mon, 19 Dec 2011 17:05:11 +0000

The Office of Science and Technology Policy (OSTP) recently released Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, which defines a set of interrelated priorities for the agencies of the United States government that conduct or sponsor research and development (R&D) in cybersecurity.

History of Data Privacy Day

Fri, 09 Dec 2011 22:23:37 +0000

Data Privacy Day, which will be celebrated in January 2012 for the fifth year, provides an excellent opportunity for universities to raise awareness and promote education about privacy among students, faculties, and administrators. (Several ideas are provided below, but you can also learn more about the free webinars being planned for January 2012.)

HEISC Town Hall Webinar (1/9/12 archived recording available)

Thu, 08 Dec 2011 20:43:39 +0000

Now available: A recording of the Higher Education Information Security Council (HEISC) Town Hall webinar held on January 9, 2012. Council co-chair Larry Conrad presented the 2012-2013 HEISC strategic plan to the higher ed community. Participants had a chance to share feedback regarding the goals and objectives. Access the recording or download the presentation slides.

UploadsAttachments:

HEISC Town Hall Jan2012 slides.pdf

January is Data Privacy Month: Free Webinars and Easy Ways to Increase Awareness

Wed, 07 Dec 2011 15:37:27 +0000

You know the importance of protecting personal identities and the effects social media can have on privacy, but does everyone on your campus? During the month of January, EDUCAUSE is expanding on Data Privacy Day to provide an entire month’s worth of activities and resources to help raise data privacy awareness. You can participate by attending the upcoming webinars and creating a plan to increase awareness on your campus with the easy-to-implement suggestions listed below. You can also visit the EDUCAUSE Data Privacy Month page for additional resources and information or read more about the history of Data Privacy Day.

January 2012 Webinars

EDUCAUSE hosted several webinars on data privacy throughout the month of January:

UploadsAttachments:

dataPrivacyMonth.png

HEISC Supports Computer Science Education Week

Mon, 05 Dec 2011 23:13:02 +0000

Computer Science Education Week (CSEdWeek) – December 4-10, 2011 – is a call to action to share information and offer activities that will advocate for computing and elevate computer science education for students at all levels. The Higher Education Information Security Council is supporting CSEdWeek because computer science is an important part of IT, the mechanism our community uses to support the advancement of higher education.

Everyone can participate, and as members of the higher education IT community, we invite you to help lead the charge. Below are a few easy ways to participate.

FTC to Host Facial Recognition Technology Workshop on December 8

Wed, 30 Nov 2011 19:16:02 +0000

The Federal Trade Commission will host a workshop in Washington, DC on December 8, 2011, exploring facial recognition technology and the privacy and security implications raised by its increasing use. Facial recognition technology has been adopted in a variety of new contexts, ranging from online social networks to digital signs and mobile apps. The FTC workshop will gather consumer protection organizations, academics, business and industry representatives, privacy professionals, and others to examine the use of facial recognition technology and related privacy and security concerns. The workshop is free and open to the public. View the agenda now. A webcast of the proceedings will also be available.

Deadline to Purchase SANS NetWars Discounted Purchase Offer is January 20

Tue, 29 Nov 2011 16:58:30 +0000

The window for registering to purchase SANS NetWars Continuous Play at a highly discounted aggregate-buy price has been extended through Friday, January 20, 2012. NetWars CP is a collection (five levels) of computer and network security challenges designed to represent real-world security issues, flaws, and resolutions. Challenges include analyzing and exploiting security flaws, forensics, vulnerability assessment, penetration tests, and attack/defense. Each player follows an independent path based on individual problem solving skills, technical skills, aptitude, and creativity. NetWars provides hands-on experiences that develop the player's understanding of computer and network vulnerabilities, attacks and defenses. Players have four months to complete the five levels of the program.

UploadsAttachments:

EDU - SANS NetWars Continuous Play - Partnership Offering. v2011.12.16.pdf

FCC Launches the Small Biz Cyber Planner

Fri, 18 Nov 2011 17:08:00 +0000

The FCC is launching the Small Biz Cyber Planner, an online resource to help small businesses create customized cybersecurity plans, in conjunction with DHS, NCSA, NIST, The U.S. Chamber of Commerce, The Chertoff Group, Symantec, Sophos, Visa, Microsoft, HP, McAfee, The Identity Theft Council, ADP and others. The online tool is available at FCC.gov/cyberplanner.

PCI v2.0 Comment Period Now Open!

Thu, 10 Nov 2011 17:07:24 +0000

The PCI Council is requesting feedback on the PCI v2.0 standards -- both the PCI DSS (Payment Card Industry Data Security Standard) and the PA-DSS (Payment Application Data Security Standard). We invite the higher education community to share your thoughts, experiences, and feedback on PCI v2.0. Details on this open comment period, as well as instructions on how to provide feedback to the Council, can be found on the Treasury Institute's blog. The comment period closes on March 31, 2012.

Security Conference 2012 CFP Now Open! Proposals Due 12/16

Thu, 03 Nov 2011 18:54:15 +0000

As the breadth of technology expands globally, so do the boundaries of information security. The 10th annual Security Professionals Conference will attempt to recalibrate security during a paradigm shift.

The conference, "Security Everywhere: Exploring the Expanding World of Security," will address our goal as information security professionals of supporting our constituents’ ability to take advantage of modern computing in safe and secure ways. And, as the definition of “security” grows to include privacy, identity management, physical security, information assurance, and more, it is imperative to share information and experiences with peers.

Share your experience, stories, and lessons learned—submit a proposal to present at the Security Professionals Conference.

Selecting Topics For Your Awareness Program

Thu, 03 Nov 2011 17:14:39 +0000

A common challenge most organizations face when building an effective security awareness program is determining which topics to communicate. Too often organizations try to teach too much, with little if any effort in identifying which topics have the greatest impact. Keep in mind you most likely face several limitations. The first is many organizations are limited to thirty minutes or less in their initial training. Every minute of lost work quickly adds up as a result management may put restrictions on how long the training can be. In addition you will be competing for time against other types of training (sexual harassment, ethics, etc). Also keep in mind people can only remember so much. The fewer topics you focus on, the more you can reinforce those topics and the more likely you will change behaviors. If you try to cram too much information people will simply become overwhelmed and most likely forget it all.

REN-ISAC Sponsors SANS NetWars at a 65% Discount for Higher Ed!

Wed, 02 Nov 2011 16:59:59 +0000

REN-ISAC has teamed up with SANS to make the NetWars Continuous Play program available at a special discounted price of $700, available to faculty, staff, and undergraduate students at higher education instititutions, K-12 teachers and students, and state and local government employees. The discounted price is a substantial saving over the $1999 list.

NCSAM 2011 Has Concluded...What's Next?

Tue, 01 Nov 2011 17:11:52 +0000

National Cyber Security Awareness Month (NCSAM) 2011 has just concluded. So, what’s next?

First, we would like to say thank you to the higher education community for another successful celebration of NCSAM! It was wonderful to hear about the fun activities and events taking place on campuses around the world.

Although NCSAM ended yesterday, we hope that campuses will continue to educate and train students, staff, and faculty on the importance of security awareness throughout the year. We heard from many institutions about their plans during the month of October. See what events took place by visiting our NCSAM Resource Kit.

In Case You Missed It: Top InfoSec Stories, Oct. 24-28

Fri, 28 Oct 2011 20:26:00 +0000

Here are 5 articles or announcements you might have missed this week (October 24-28, 2011):

University of Arizona CIO Michele Norin Selected as New HEISC Co-Chair

Wed, 26 Oct 2011 16:07:55 +0000

We would like to welcome Michele Norin (CIO, The University of Arizona), who begins her term as co-chair of the EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC). She will serve alongside Larry Conrad (Vice Chancellor for IT & CIO, University of North Carolina at Chapel Hill), a co-chair since February 2010.

We would also like to thank Dave Swartz (CIO & AVP, American University) for his two years of service as a co-chair and member of HEISC.

Learn more about the council or contact us.

Information Security Solutions: Which Ones are Right for Your Campus?

Tue, 25 Oct 2011 15:07:49 +0000

There are a multitude of information security solutions available for universities and colleges looking to protect their data and computers. The solutions can be technical or social in nature. The type of solution that you choose for your campus depends on the needs of your community and where your vulnerabilities lie. Maybe you need a data center to centralize where you maintain and protect your data, or better training to equip your faculty and staff with the right knowledge to protect the data they work with daily, or maybe your CIO needs to establish a stronger partnership with your campus' senior leaders in order to establish their role in information security and strengthen support for initiatives. Whatever your campus requires, a combination of technical and social solutions will be needed.

Where To Start When Building an Awareness Program

Tue, 18 Oct 2011 15:43:29 +0000

When it comes to security awareness, a common challenge I find is organizations have focused so much on getting management support, budget and materials that when they are ready to start they have not yet thought of how to begin. One of the best places to start is building your team, a steering committee if you like. The purpose of this team is to help guide your program in the years to come. Not only can members provide input, but they can also become owners and champions for your program. Keep the team simple, you are not required to regular meetings or even be physically together, perhaps something as simple as quarterly Skype conferences. Also, keep the team small, I suggest no more then 5-7 people. Anything larger and consensus building becomes almost impossible. Some key departments I recommend are