Rodney's blog

EDUCAUSE submitted comments on behalf of the Higher Education Information Security Council (HEISC) to address several questions raised by a NIST Request for Information concerning standards, guidelines, or best practices that promote the protection of information and information systems.  You can also review all of the comments received.  The Request For Information (RFI) issued by the National Institute for Standards and Technology (N

The National Institute for Standards in Technology (NIST) has announced a Cybersecurity Framework Workshop to be held on April 3rd at its headquarters in Gaithersburg, Maryland.  According to the announcement, "NIST is interested in collecting information about current risk management practices; use of frameworks, standards, guidelines and best practices; and specific industry practices."  The workshop is being held in response to a directive from the recent Cybersecurity Executive Order issued by President Obama that charges NIST to work with the public and private sectors to develop a framework for securing critical infrastructures.  NIST has also issued a Re

As a follow-up to our recently reported Policy Update blog entitled "Copyright Alert System Goes into Effect," the Congressional Internet Caucus held a briefing on Capitol Hill on "Combating Piracy online:  The Copyright Alert System, A Voluntary Approach."  The briefing was covered by C-SPAN and is accessible here.

. . .

President Obama has issued a Presidential Policy Directive (PPD-21) on Critical Infrastructure Security and Relience to "advance a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure."  The Directive accompanies the Executive Order on Improving Critical Infrastructure Security. 

The following announcement from the National Institute of Standards and Technology (NIST) concerns the pilots funded as part of the President's National Strategy for Trusted Identities in Cyberspace (NSTIC).  Among the funded pilots that will be featured at RSA Conference is the Internet2 Piloting Mobile Device Multifactor Authentication on University Campuses.  For more information about the Internet2 Scalable Privacy Pilot, see https://spaces.internet2.edu/display/scalepriv/Scalable+Privacy

Beyond User Names and Passwords: Meet the NSTIC Pilots at RSA

America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people's identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets.

The Annual State of the Net Conference is held every January in Washington, D.C.  Organized by the Congressional Internet Caucus Advisory Committee, it brings together policymakers and advocates, including EDUCAUSE Policy staff, to highlight the most pressing Internet and technology policy issues in the year ahead.  While there is widespread enthusiasm and optimism from both the technology industry and user community about the future of IT, there is growing skepticism that the Congress will play any significant role in shaping policy due to its recent record of inaction.

Adopters of cloud technologies recognize that it requires business decisions, risk management, and policy choices.  At the Annual State of the Net Conference, EDUCAUSE Policy attempted to demystify the cloud for policy makers.

Sourcing IT (business decision)

The White House has released a new National Strategy for Information Sharing and Safeguarding intended to strike the proper balance between sharing information with those who need it to keep our country safe and safeguarding it from those who would do us harm.  Because of the delicate balance between “sharing information” and “safeguarding” the intelligence from bad actors this Strategy emphasizes how strengthening the protection of classified and sensitive information can help to build confidence and trust so that such information can be shared with authorized users.