Announcements

A new section on Information Security Governance has been developed for the Information Security Guide. Effective institutional governance of the information security function is critical to a successful program. It can be both the "proof of the pudding..." with regard to management commitment and provide necessary guidance when deciding where to allocate scarce resources. This well researched section draws from experts in the field and provides useful background and advice which can be adapted to a wide variety of campus cultures. The topical outline included below reflects the broad array of subjects covered in this very deep Information Security Governance article:

The University of Pennsylvania's Information Systems and Computing (ISC) division recently announced its successful implementation institution-wide of Domain Name Security Extensions (DNSSEC) technology. The upenn.edu DNS zone was signed with DNSSEC in early August 2009. Penn is part of an Internet2 and EDUCAUSE community of early adopters of DNSSEC technology and is the first U.S. university to implement institution-wide.

EDUCAUSE announced today it has joined the InCommon Federation, the U.S. identity and access management federation. In an identity federation like InCommon, participating identity providers (such as colleges and universities) and resource providers (like EDUCAUSE) agree on a set of shared policies, processes, and technology standards. This greatly streamlines collaboration among multiple organizations because federation members agree on these policies and processes once, rather than each time they sign a contract with a new partner. Read more in the press release.

This year's National Cyber Security Awareness Month (NCSAM) is now over. We would like to thank you – and your institution – for your support throughout the month of October. The list of 2009 campus events, as well as the new resources that were recently submitted for the Cybersecurity Awareness Resource Library, illustrate the tremendous effort, creativity, and hard work that many of you contributed in support of this important initiative.

President Obama delivered a National Cyber Security Awareness Month video address explaining the importance of cybersecurity and how to protect yourself online.

DHS Secretary Janet Napolitano also addressed a live web audience to discuss our shared responsibility for online security. You can view the video or read the full transcript.

To learn more, visit OnGuardOnline.gov, DHS.gov/Cyber, or StaySafeOnline.org.

The Security 2010 conference, "The Shifting Landscape: Changing Mind-Sets" will focus on security topics that span the information assurance measures of people, process, and technology. Featured keynote speakers will be Annie Anton, professor of computer science and director of The Privacy Place, North Carolina State University, and Marcus Sachs, executive director, National Security and Cyber Policy, Verizon Communications.

SANS would like to invite the higher education community to participate in a complimentary vLive! training event on Thursday, November 19, 1:00-2:30 pm ET.

Special: State of the Hack
Delivery: SANS vLive! (broadcast using Java-based ElluminateLive!)
Date: Thursday, November 19, 2009
Time: 1:00 PM - 2:30 PM ET
Instructor: Rob Lee
Cost: Free to the EDU community (discount code is NOT required)
Course Value: $495.00
Registration & Information: https://www.sans.org/webcasts/state-of-hack-92908
Additional info about vLive!: http://www.sans.org/vlive/

The October edition of EDUCAUSE Now features Aimee Larsen-Kirkpatrick from the National Cyber Security Alliance talking about their new student outreach initiative and this year's National Cyber Security Awareness Month theme, "Our Shared Responsibility". Visit http://www.staysafeonline.org for more information or additional resources.

EDUCAUSE Now is a monthly podcast, focusing on the intelligent use of information technology in higher education. Subscribe to the EDUCAUSE Now RSS feed.

Cornell University has developed a computer security e-book for faculty and staff that is the cornerstone of their computer security awareness campaigns at Cornell. As part of National Cyber Security Awareness Month, other universities are invited to use Cornell's computer security book as a resource for the development of their own campus awareness and educational materials.

The book, Computer Security at Cornell: Secure Your Computer On and Off Campus, covers the philosophy/educational aspects of computer security topics that everyone should understand. All of the "how-to" info is linked to the Cornell Security website so it can be updated on the fly as needed.

A list of Security Incident Management Essentials was recently developed by the Computer Security Incidents - Internet2 (CSI2) working group. This document provides a starting point for IT security, offering:

The White House Office of Science and Technology Policy (OSTP) and the Federal Networking and Information Technology Research and Development (NITRD) Program created the Leap-Ahead Initiative in response to the President's call to secure the nation's cyberinfrastructure. The goal of this new initiative is to develop "the national cyber security leap-ahead research and development agenda".

Commercial and academic innovators recently attended the National Cyber Leap Year Summit in Arlington, Virginia, August 17-19, 2009, to discuss strategies for initiating and sustaining fundamental cyber security changes within the following five areas:

October is National Cyber Security Awareness Month. As we rely more on technology-based solutions in our everyday lives, cybersecurity becomes everyone's responsibility. Additionally, the largest group of victims of identity theft is between the ages of 18 and 29. Students need to understand the risks and how to protect their personal information, computer, and campus networks. Therefore, we encourage you to consider ways you can raise awareness among your faculty, staff, and students and invite you to help promote National Cyber Security Awareness Month (NCSAM).