Security Planning

EDUCAUSE Library Items for Security Planning

IT Security Essential Body of Knowledge: A Competency and Functional Framework for IT Security Workforce Development

November 14, 2007

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework t…

Academic Freedom Versus Network Security

October 25, 2007 | A session at the EDUCAUSE 2007 Annual Conference

Can too much security be a bad thing? Tighter Air Force policies are conflicting with the Air Force Academy's academic mission. While most colleges are tightening security, we are trying to re…

GSU's Roadmap for a World-Class Information Security Management System: ISO 27001:2005

October 24, 2007 | A session at the EDUCAUSE 2007 Annual Conference

Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined appr…

Information Security: Zero to 60 in 10 Years

October 24, 2007 | A session at the EDUCAUSE 2007 Annual Conference

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc…

Bruce Schneier on Information Security: Ten Trends - Sponsored by AT&T, An EDUCAUSE Silver Partner

October 26, 2007 | A session at the EDUCAUSE 2007 Annual Conference

Surveying current trends in information security, it's clear that a myriad of forces are at work. But fundamentally, security is all about economics: both attacker and defender are trying to m…

How Ready Are IT Managers for a Crisis?

October 24, 2007

The annual Campus Computing Survey focuses on IT security and crisis management, finding gaps in preparation but fewer attacks on networks. The…

Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development

October 3, 2007

This federal register notice informs the public and interested stakeholders that the Department of Homeland Security (DHS) is making available for public review and comment ``Information Technolo…

A Few Good Metrics

July 21, 2005

Information security metrics don't have to rely on heavy-duty math to be effective, but they also don't have to be dumbed down to red, yellow, green. Here are five smart measurements—…

A Guide to Security Metrics

June 22, 2006

The pressure is on. Various surveys indicate that over the past several years computer security has risen in priority for many organizations. Spending on IT security has increased significantly i…

Guide for Developing Performance Metrics for Information Security: Recommendations of the National Institute of Standards and Technology

May 19, 2006

This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link informati…