Announcements

The EDUCAUSE Catalyst Award highlights IT-based innovations and initiatives that provide groundbreaking solutions to major challenges in higher education or change prevailing conditions in remarkable ways. In 2009, EDUCAUSE recognizes federated identity management systems with this award.

The Federal Trade Commission (FTC) has issued a final rule on Health Breach Notification, which "requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information". The rule provides additional details about the "timing, method, and content of notification" in the event of a breach, and requires companies to notify the FTC, as well as the media (in cases involving 500 or more people). This rule is effective September 24, 2009. Full compliance will be required by February 22, 2010.

For more information, please visit the FTC's Health Breach Notification Rule website or recent press release.

The EDUCAUSE/Internet2 Higher Education Information Security Council (formerly the Security Task Force), the National Cyber Security Alliance, CyberWATCH, and ResearchChannel are pleased to announce the availability of new security awareness posters and videos. The posters and videos are the winning entries in the 2009 Computer Security Awareness Poster and Video Contest, which was conducted to raise awareness of and increase computer security at colleges and universities.

The National Institute of Standards and Technology (NIST) recently announced that it is seeking nominations of individuals for appointment to its eight existing Federal Advisory Committees: Technology Innovation Program Advisory Board, Board of Overseers of the Malcolm Baldrige National Quality Award, Judges Panel of the Malcolm Baldrige National Quality Award, Information Security and Privacy Advisory Board, Manufacturing Extension Partnership Advisory Board, National Construction Safety Team Advisory Committee, Advisory Committee on Earthquake Hazards Reduction, and Visiting Committee on Advanced Technology. Nominations for all committees will be accepted on an ongoing basis and will be considered as and when vacancies arise.

Many higher education IT organizations are facing pressure to reduce spending due to the current economic situation. This recent EDUCAUSE Quarterly article, "Rationalizing IT Rationing: 10 Ways to Cut the IT Budget (and What Not to Cut)", demonstrates one institution’s quest to cut technology costs while maintaining a high level of service. Author Fred Miller (Furman University) provides a list of 10 cost-cutting tips. He also emphasizes the importance of 4 things a campus should not cut (when possible), including security.

Emergency preparedness is a priority for all colleges and universities, with a large majority reporting that they have instituted campus-wide emergency preparedness plans covering a wide spectrum of possible emergencies, according to results of the National Campus Safety and Security Project survey. The survey probed campus preparedness for all types of threats-natural disasters, acts of violence, and cyber disruptions. The project was funded in part by the Lilly Endowment. Responses to the lengthy survey, launched in August 2008, were received from 342 institutions.

In 2005 the University of Notre Dame suffered a serious incident that brought information security into the campus spotlight. In response, the university partnered with a Big Four consulting firm to conduct a comprehensive IT risk assessment. Three years later, they're almost done with a four-year risk management program.

In this free July 8 EDUCAUSE Live! Web Seminar, Information Security from the Ground Up, presenter David Seidl, Information Security Program Manager, University of Notre Dame, will discuss the reasons for the program, how it was designed, what went into it, and how they have succeeded, as well as what was learned during this ground-up security redesign.

NIST has published a final version of the Guide to Enterprise Telework and Remote Access Security (SP 800-46 Revision 1), which is intended to help organizations understand and mitigate the risks associated with the technologies used for telework.

Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Students and employees born between 1981 and 1994 are members of the Internet (Net) Generation. This generation has grown up with the Internet, World Wide Web, cell phones, instant messaging, blogs, and social networks.

A consortium of federal agencies and private organizations recently released Version 1.0 of the Consensus Audit Guidelines (CAG), which define the 20 most important controls and metrics for effective cyber defense and dontinuous FISMA compliance. The public review period for the draft will end on March 25, 2009 (send comments to cag@sans.edu).

The CAG initiative is part of a larger effort housed at the Center for Strategic and International Studies in Washington, DC, to advance key recommendations from the CSIS Commission report on Securing Cyberspace for the 44th Presidency.

The U.S. Government Accountability Office (GAO) released the report "National Cybersecurity Strategy: Key Improvements Are Needed to Strengthen the Nation's Posture" on March 10, 2009. View the full report or the highlights page.

Summary:

The Treasury Institute for Higher Education is sponsoring its fourth PCI DSS Workshop, May 4-6, 2009, in Indianapolis, IN.

• Learn what’s new in PCI version 1.2 and the FTC’s Red Flags Rule.
• Understand how the PCI Council’s Special Interest Groups’ recommendations and new Quality Assurance program will affect you.
• Get a briefing on the Federal Trade Commission’s Red Flags Rule to prevent identity theft.
• Benefit from the experience of other institutions that are working on PCI compliance and implementing Red Flags Rule on their campuses.
• Explore and share best practices with other education institutions.
• Have your questions answered by payment, banking, and security experts.

The agenda and registration are now available online.