Security Planning

EDUCAUSE Library Items for Security Planning

Podcast: Larry Conrad on IT Security Then and Now

July 17, 2012

Larry D. Conrad serves as the vice chancellor for information technology and chief information officer at UNC Chapel Hill. He has over 40 years experience in the field of information technolo…

Catch a clue from an EDU: Universities that get security right

May 20, 2011

In these days of consumer gadgets and mobile access, corporations can learn a lot from how universities deploy multiple layers of security. In these da…

PaIRS/Bayesian IDS: Finding Bad Actors Without Looking at Content

April 5, 2011 | A session at the Security Professionals Conference 2011

The Columbia PaIRS (point of contact and incident response system) IDS was developed to facilitate the protection of the network from compromised machines, taking into account the totally decentral…

Are You Paying Attention to the Character Behind the (Layer 7) Curtain?

January 12, 2011 | A session at the Mid-Atlantic Regional Conference 2011

Many bad guys revised their attack methodology during 2010. Roughly 80% of attacks are now initiated through the web application layer 7 vulnerabilities, yet most higher ed Institutions allocate le…

RFP Template for Information Security Projects

November 10, 2009

This Request For Proposal template was created to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations sho…

Improving Security Event Correlation and Analysis Using Intelligent Agents

April 22, 2009 | A session at the Security 2009

Attacks on computer resources are security events that are more complex and difficult to quickly and effectively collect, analyze, and respond to. This presentation will explain how the use of inte…

Growing Your Incident Response Toolbox

April 21, 2009 | A session at the Security 2009

These days, with washing machines on the network, incident response is different than it was 10 years ago. We used to block machines, users, or switch ports, then send an e-mail to whomever we hope…

2008 Data Breach Investigations Report

July 1, 2008

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data …

Final Report of the 2007 Cybersecurity Summit

November 30, 2007

This is the final report for the 2007 NSF Cybersecurity Summit, held February 22 & 23rd, 2007, in Arlington, VA. This is the final report fo…

Some Frontiers of Security Work

October 24, 2007 | A session at the EDUCAUSE 2007 Annual Conference

The higher education community faces increasingly difficult issues of security in a networked world, compounded by the demands of advanced applications. Performance requirements (high bandwidth, en…