-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Subscribe
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Cybersecurity [x]
- Security Awareness [x]
- Security Risk Assessment and Analysis [x]
- Security Management (30)
- Policy and Law (10)
- Network Security and Applications (9)
- Data Security (8)
- Security Planning (7)
- Campus Policies (6)
- Campus Policy and Law (6)
- Incident Handling and Response (5)
- Information Technology Management and Leadership (5)
- Security Implementation (5)
- Security Policies (5)
- Federal Policy and Law (4)
- Information Systems and Services (4)
- Privacy (4)
- Identity and Access Management (3)
- Intellectual Property (3)
- Network Vulnerability Assessment (3)
Introduction
Awareness and training are critical at all stages and levels of information security. For example, upper management needs to learn about the institutional risks; users must be taught how to defend themselves against malicious code; system and network administrators require training to help them maintain and improve the security of the systems they oversee; and information security support staff must be well-versed in all of these areas and have a solid understanding of vulnerability assessment, intrusion detection, incident response, encryption, and authentication.
Resources Developed by the Higher Education Information Security Council (HEISC)
- Cybersecurity Awareness Resource Library
- Executive Security Awareness Resources
- Information Security Poster & Video Contest
- National Cybersecurity Awareness Month (NCSAM) Resource Kit
- National Cybersecurity Awareness Month (NCSAM) Sample Kit
- Security Awareness Quick Start Guide
- Security Awareness Detailed Instruction Manual
College and University Education and Awareness Programs and Resources
- Carnegie Mellon University Software Engineering Institute (SEI) CERT Coordination Center Resources for CSIRTs (Computer Security Incident Response Teams)
- George Mason University Security Awareness
- North Dakota State University ITS Training
- Rochester Institute of Technology Digital Self Defense Training
- Texas A&M University Security Awareness Training
- University of Arizona Information Security Awareness, Education, and Training
- University of Calgary Security Awareness Program
- University of Virginia Security Awareness
- Virginia Tech Awareness Training
Updated October 2012
Latest News
Find resources and see what other campuses are doing this October for NCSAM.
NCSAM article in the latest EDUCAUSE Review offers resources and suggestions for campuses to support security awareness efforts in October.
Library Items on this Topic
EDUCAUSE Library Items for Security Awareness
-
Software-as-a-Service Email Security: Risk vs. Trust
-
May 31, 2012
Many organizations would be interested in treating e-mail as a commodity —cutting costs and resource investments by outsourcing it to a software as a service (SaaS) provider. However, …
-
Raising Awareness of Website Vulnerability: How to Protect Your University's Site from Threats
-
April 5, 2011
|
A session at the Security Professionals Conference 2011
As universities make the complete transition to a web-based interface, they must be aware of the constantly evolving strategies and attacks of hackers looking to exploit vulnerable websites. The im…
-
Meeting Information Security Awareness Needs, and the Campus Likes It!
-
April 5, 2011
|
A session at the Security Professionals Conference 2011
The challenge: developing information security awareness and training programs that provide critical regulatory and institutional information and requirements in an interesting and accessible way. …
-
Ten Steps to Secure Your Copier or Multi-Function Device (MFD)
-
June 3, 2010
These resources have been gathered to specifically address concerns related to the security of sensitive information that may be stored on the hard drives of copiers, printers, or multi-function …
-
ISAAC (Information Security Awareness, Assessment, and Compliance): A Success Story
-
February 24, 2010
Risk assessment and mitigation are challenging in any environment, but especially in the open and decentralized world of higher education. Texas A&M University developed the ISAAC methodology…
-
RFP Template for Information Security Projects
-
November 10, 2009
This Request For Proposal template was created to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations sho…
-
Leveraging Resources in Building Your Information Security Program
-
April 22, 2009
|
A session at the Security 2009
This talk addresses key information security building blocks and how to leverage campus and other resources in developing and supporting these programs. Physical security, risk assessment and audit…
-
Georgia State University's IT Procurement Review Process--Practical Approach to Assessing Risks of IT Projects
-
March 17, 2011
In late 2005, the Security Review Policy was adopted by the University, which states "Where appropriate, information security personnel will conduct risk assessments of technologies/processe…
-
Lassoing the Beast: How a Large, Diverse University Is Wrapping Its Arms Around Confidential Data
-
October 26, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Penn designed the security and privacy impact assessment (SPIA) process and tool to raise awareness about where confidential data reside and to assess risks in seven major threat areas, which can b…
-
Committee Holds Hearing on Inadvertent File Sharing over Peer-to-Peer Networks
-
July 24, 2007
On Tuesday, July 24, 2007, the Committee held a hearing to examine recent developments regarding inadvertent file sharing over peer-to-peer (P2P) networks, the impact of such sharing on consumers…
