Announcements

The Security Task Force Risk Assessment Working Group wishes to inform higher education information security practioners of a few recent resource updates which are now available from the Risk Management section of the IT Security Guide. 

The Information Security Risk Assessment Consultants list provides a listing of vendors known to have conducted some form of IS risk assessment for at least one higher education institution. The only way a vendor can get onto this list is to be placed there by an EDUCAUSE member institution that has engaged the consultant. Each entry on this list provides a link to the institution which has provided the vendor reference. The list can be a starting place for schools that are seeking a consultant; referencing institutions may be willing to provide additional information about the vendor and the consulting engagement when asked.

Watch the video or listen to the podcast of Bruce Schneier's recent keynote speech, "Bruce Schneier on Information Security: Ten Trends", which was delivered at the EDUCAUSE 2007 Annual Conference in Seattle, Washington on October 26, 2007.

You can also hear a 14 minute interview with Bruce Schneier. Listen in as he shares some insightful words about privacy along with interesting commentary about ethics, cybersecurity, and blogging.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

This year's National Cyber Security Awareness Month (NCSAM) is now over and the list of 2007 campus events on the EDUCAUSE Security Task Force Web site demonstrates the tremendous effort, creativity, and hard work that many of you contributed in support of this important initiative. Thank you to all of you for your support.

If your event is not yet listed on the website, please share the URL or brief description of your NCSAM-related initiatives, as well as the outcomes you realized, with the participants on the Security Discussion list or send an email to: Security-Task-Force@educause.edu.

October is National Cyber Security Awareness Month (NCSAM). As we rely more on technology-based solutions in our everyday lives, cybersecurity becomes everyone’s responsibility. We encourage you to consider ways you can raise awareness among your faculty, staff, and students, and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Additional EDUCAUSE resources include:

October is National Cyber Security Awareness Month (NCSAM)...but it's never too soon to start planning your campus events!!! We encourage you to consider ways that you can raise awareness among your faculty, staff, and students, and invite you to help promote NCSAM. For further suggestions, please consult the Resource Kit for National Cyber Security Awareness Month, developed by the EDUCAUSE/Internet2 Security Task Force.

Many colleges and universities are already planning events or developing awareness resources for NCSAM that we would like to highlight as part of higher education's ongoing efforts to increase awareness within our community. We've already started a list of institutions that will be holding events in October 2007. Please share the URL or plans for your NCSAM-related initiatives with the Security Discussion Group or send us an e-mail so your institution's plans can be included.

Explore the new PCI DSS Resource Page. View Community Resources (under the "Other" tab) or contribute your own resources.

The Center for Internet Security(CIS) is beginning work on several new benchmarks and would like to invite the members of the higher edducation community to participate in our consensus process.

For those of you new to CIS, we are a not-for-profit, end-user group that develops security guides, which we call benchmarks, by bringing together teams of experts who discuss security recommendations made in a draft.  These teams work via teleconference and email lists to reach consensus on the best security recommendations for a particular platform.  This process has proven very effective at creating detailed and useful benchmarks, while providing excellent opportunities for all involved to interact with their peers.

• Privacy & Security: An Overview by Rodney Petersen and Steve Worona
• The Privacy and Security Policy Vacuum in Higher Education by Fred H. Cate
• The Continuing Evolution of Effective IT Security Practices by John Voloudakis
• A Unified Approach to Information Security Compliance by M. Peter Adler
• Privacy Protection and Compliance in Higher Education: The Role of the CPO by Lauren Steinfeld and Kathleen Sutherland Archuleta
• Safeguarding Information Assets in Higher Education: The Role of the CSO by Rodney Petersen

• NCSAM Sample Kit
• Cybersecurity Awareness Resource Library
  
• EDUCAUSE Security Awareness Resource Center

• NCSAM Toolkit
• NCSAM Web Banners