Announcements

We would like to thank Mely Tynan (Vice President for IT and CIO, Tufts University) for her 2 years of service as a co-chair and member of the EDUCAUSE/Internet2 Computer and Network Security Task Force.

We would also like to welcome Brian Voss (Vice Chancellor for Information Technology & CIO, Louisiana State University), who begins his term as co-chair of the Security Task Force. He will serve alongside Pete Siegel (CIO & Vice Provost, Information & Educational Technology, University of California, Davis), a co-chair since 2006.

We are facing many challenges as a nation during this economic downturn. However, with a change of administration in Washington, D.C., increased threats to the security of our cyberinfrastructure, and reconsideration of campus priorities, it's clearly time to share, explore, and work together toward the common good. Attend the Security Professionals Conference 2009, "Safeguarding Our IT Assets, Protecting Our Community's Privacy," which will offer a unique setting to meet with fellow security practitioners and other IT professionals focused on data privacy and security, discuss similar problems, and learn about useful solutions.

The Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency has released its final report, "Securing Cyberspace for the 44th Presidency." The Commission’s three major findings are:

1. Cybersecurity is now one of the major national security problems facing the United States;
2. Decisions and actions must respect American values related to privacy and civil liberties; and
3. Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.

Recommendations include:

This year's National Cyber Security Awareness Month (NCSAM) is now over and the list of 2008 campus events on the EDUCAUSE Security Task Force NCSAM Resource Kit website, demonstrates the tremendous effort, creativity and hard work that many of you contributed in support of this important initiative. THANK YOU to all of you for your support.

If your event is not yet listed on the website, please share the URL or brief description of your NCSAM-related initiatives, as well as the outcomes you realized, with the participants on this discussion list or send an email to Security-Task-Force@educause.edu.

Sincerely,

Awareness and Training Working Group Co-Chairs Cherry Delaney (Purdue University) and Jodi Ito (University of Hawaii)

New federal regulations to address identity theft go into effect November 1, 2008, and are likely to affect colleges and universities in nuanced ways. Compliance will require careful study and collaboration among business officers, human resources, legal counsel, student services, IT, and other affected campus units. The rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency. They also require that institutions develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts.

The U.S. Department of Homeland Security (DHS) has published the IT Security Essential Body of Knowledge (EBK). A Glossary of Key Terms used in the EBK is also provided.

According to the overview on the US-CERT website:

The IT Security EBK conceptualizes IT security skill requirements in a new way to address evolving IT security challenges. The EBK characterizes the IT security workforce and provides a national baseline representing the essential knowledge and skills that IT security practitioners should have to perform specific roles and responsibilities.

The EBK was featured in a November 2007 EDUCAUSE Live! presentation when DHS was accepting comments on a draft version of the document.

Explore the security and privacy-related conference sessions at EDUCAUSE 2008 (October 28-31 in Orlando, Florida). Register for the conference by September 29 to receive the low early-bird rates.

The EDUCAUSE/Internet2 Computer and Network Security Task Force 2008-2009 Strategic Plan is now available online. The Security Task Force (STF) has adopted the theme of "Safeguarding Our IT Assets, Protecting Our Community's Privacy" for 2008-2009. The STF strategic planning process aims to anticipate higher education security issues, enabling campuses to forge joint efforts and solutions and recognizing that security challenges continue to evolve in our digital information world.

The following goals have been identified for 2008-2009 to help focus working group priorities in the near term (12-18 months):

In "Security Metrics: A Solution in Search of a Problem", a recent EDUCAUSE Quarterly article, Joel Rosenblatt (Manager of Computer and Network Security, Columbia University) describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.

EDUCAUSE has published the results of the 2008 Current Issues Survey, and this year Security edged out Funding IT as the top strategic challenge.

The latest EDUCAUSE Quarterly article, "Current Issues Survey Report, 2008", states:

The EDUCAUSE/Internet2 Computer and Network Security Task Force, in cooperation with the ResearchChannel, is conducting its third annual contest in search of computer security awareness posters and short videos developed by college students for college students. The contest, which is co-sponsored by the National Cyber Security Alliance (NCSA) and CyberWATCH, offers cash prizes ($1,000, $800 and $400) to the winners in each of the four categories. It also provides an opportunity for students to gain experience by developing creative and effective short videos or posters. The deadline for submission of entries is April 30, 2009.