vvogel's blog

The Electronic Records Management Toolkit is now available in wiki format and addresses issues related to electronic records management, e-discovery, and records retention & disposition.

We all create and use information every day. Taking care of that information (in all its many forms) is an effort requiring shared responsibility by each member of a specific community. Just figuring out where to start and what needs to be done can be a time-consuming task.

A new section on Information Security Governance has been developed for the Information Security Guide. Effective institutional governance of the information security function is critical to a successful program. It can be both the "proof of the pudding..." with regard to management commitment and provide necessary guidance when deciding where to allocate scarce resources. This well researched section draws from experts in the field and provides useful background and advice which can be adapted to a wide variety of campus cultures. The topical outline included below reflects the broad array of subjects covered in this very deep Information Security Governance article:

Version 2 of the Confidential Data Handling Blueprint is now available as part of the Information Security Guide. The toolkit consolidates and organizates resources around the overarching themes related to information protection. This updated version defines confidential data, includes more detailed sub-steps, and highlights additional resources.

Please contact the council if you have any feedback on the blueprint.

The University of Pennsylvania's Information Systems and Computing (ISC) division recently announced its successful implementation institution-wide of Domain Name Security Extensions (DNSSEC) technology. The upenn.edu DNS zone was signed with DNSSEC in early August 2009. Penn is part of an Internet2 and EDUCAUSE community of early adopters of DNSSEC technology and is the first U.S. university to implement institution-wide.

We would like to welcome Dave Swartz (Assistant VP & CIO, American University), who begins his term as co-chair of the Higher Education Information Security Council. He will serve alongside Brian Voss (Vice Chancellor for Information Technology & CIO, Louisiana State University), a co-chair since January 2009.

We would also like to thank Pete Siegel (Vice Provost & CIO, University of California, Davis) for his 3 years of service as a co-chair and member of the EDUCAUSE/Internet2 Higher Education Information Security Council.

Learn more about the council or contact us.

EDUCAUSE announced today it has joined the InCommon Federation, the U.S. identity and access management federation. In an identity federation like InCommon, participating identity providers (such as colleges and universities) and resource providers (like EDUCAUSE) agree on a set of shared policies, processes, and technology standards. This greatly streamlines collaboration among multiple organizations because federation members agree on these policies and processes once, rather than each time they sign a contract with a new partner. Read more in the press release.

At the request of Members of Congress, the Federal Trade Commission will delay enforcement of the "Red Flags" Rule until June 1, 2010. For more information, see the EDUCAUSE Resource Center page on Identity Theft and Red Flags.