Information Security Guide

HEISC Town Hall Webinar:
2012-2013 Strategic Plan
Larry Conrad
CIO, UNC-Chapel Hill
& HEISC Co-Chair
Today’s Agenda
Information security changes in the past 10 years
 Ongoing challenges for security practitioners
 HEISC strategic plan (2012-2013)
Goals & objectives
HEISC working group updates
 What can you do?
Information Security Changes in the Past 10 Years
Threats: More serious – e.g., nation states,
organized crime
 Vulnerabilities: New technologies (e.g., social
media, cloud, mobility) introduce new
 Impact: Confidentiality, Integrity, Availability (CIA)
recognized as mission critical
On the Plus Side
Increased awareness
 Greater investments, including security staff
 Staff professional development and training
 Improved organization across higher ed
 Better tools
 More policies and standards
 More strategic, proactive outlook
 More “effective practices” are available
Ongoing Challenges for Security Practitioners
Executive awareness and support
 Technology changes: Mobility, outsourcing, cloud,
 Benchmarks and metrics
 Organizational dynamics: Centralized, distributed,
and affiliated centers
 Funding for IT security
 Staff resources and training
Ongoing Challenges (Cont’d)
Data standards, governance, and risk
 Data protection tools
 Student and employee awareness
 Academic continuity and disaster recovery
 Legislation and compliance
 Research data and process
 International collaboration
 Vendor relationships
HEISC Vision
Guide academic institutions in their quest to
safeguard data, information systems, and
 Protect the privacy of the higher education
 Ensure that information security is an integral
part of campus activities and business processes
HEISC Mission
Improve information security, data protection, and
privacy programs across the higher education sector
Develop and promote leadership; awareness and
understanding; effective practices and policies; and
solutions for the protection of critical data, IT assets,
and infrastructures
Accomplish activities through working groups of
volunteers and staff
Coordinate and collaborate with government,
industry, and other academic organizations
Establish the Information Security Guide as the premier
resource for security professionals.
Improve security-related interorganizational
collaboration with higher education stakeholders.
Inform and educate campus leaders on information
security issues by leveraging enterprise risk
management (ERM) processes.
Help institutions leverage their investments with regard
to all IT products and services.
Increase the effectiveness of communication efforts.
Objectives for Goal #1: Establish the Information Security
Guide as the premier resource for security professionals
Toolkits, primers, and templates
 Information security maturity model
 Security requirements
 Security practices in research environments
 CISO duties and reporting line
 Identity management (IdM) practices
Objectives for Goal #2: Improve security-related
collaboration with higher education stakeholders
EDUCAUSE, Internet2, and the REN-ISAC
 Core Data Service and EDUCAUSE Data,
Research, and Analytics staff
 Other higher education associations, industry
groups, and government
 Higher education information security
Objectives for Goal #3: Inform & educate campus leaders
on information security issues by leveraging ERM processes
ERM summit
 Messaging, talking points, and presentation
 Other higher ed association meetings and
conferences (e.g., URMIA, NACUBO, AAU)
Objectives for Goal #4: Help institutions leverage their
investments with regard to all IT products and services
Vendor community outreach
 Resources for IT products and services
 Information sharing
Objectives for Goal #5: Increase the effectiveness of
communication efforts
Higher ed security professionals, CIOs, IT
 Wealth of resources in the Information Security
 Issues and successes in the .edu domain
 HEISC volunteer opportunities
HEISC Goals and Objectives
HEISC Working Groups
Awareness & Training (A&T)
 Governance, Risk, & Compliance (GRC)
 Technologies, Operations, & Practices (TOP)
 Information Security Guide Editorial Board
 Security Professionals Conference Program
 Research and Education Networking Information
Sharing and Analysis Center (REN-ISAC)
Awareness & Training (A&T)
Co-Chairs: Nicole Kegler & Ben Woelk
Student Poster & Video Contest
National Cyber Security Awareness Month in October
Executive Awareness Communications
Partnering with the IT Communications Group New!
Data Privacy Month in January New!
Security Awareness Metrics
Outreach and Marketing
Governance, Risk, & Compliance (GRC)
Co-Chairs: Doug Markiewicz & David Escalante
Recent publications: Two-Factor Authentication, Data
Incident Notification Toolkit,
Shared Assessments Project Team
Sensitive Data Exposure Incident Checklist New!
GRC Systems FAQ New!
Information Security Maturity Model New!
Essential Security Metrics New!
Top Info Security Concerns for Researchers New!
Technologies, Operations, & Practices (TOP)
Co-Chairs: Jim Taylor & Marcos Vieyra
Recent publications: Mobile Internet Device Security
Guidelines, Dropbox Security & Privacy
Considerations, Full Disk Encryption Guide
Identify emerging technologies and their security
implications New!
With the REN-ISAC, develop partnerships with
vendors to improve information sharing
Facilitate state or local ISO gatherings New!
Information Security Guide Editorial Board
Co-Chairs: Ced Bennett & Mary Dunker
Fresh look and feel New!
 Emphasizing practical application of the Security
Guide via conference presentations New!
 Growing the content (nearly doubled in 2011)
 Extending the Guide's exposure and reach (even
beyond EDU) New!
Security Professionals Conference 2012
Program Chair: Jodi Ito & Vice Chair: Paul Howell
May 15-17, 2012 in Indianapolis, IN
 10th annual conference
 Focused on information security in higher ed
 Premier forum for networking with security
 Theme: Security Everywhere: Exploring the
Expanding World of Security
Technical Director: Doug Pearson
Membership growth
Growth in relationships
Involvement in strategic industry groups
Implementation of Security Event System
Community Security
Partnership with SANS
Engagement in international standards work
Handling of 0-day vulnerability communications
Increase in number of notifications
Additional staff
Contact: [email protected]
HEISC Working Groups
What Can You Do?
Join the Security Discussion Group:
 Volunteer: [email protected]
 Find resources:
 Attend Security 2012:
 Follow us: @HEISCouncil
 Contacts:
Valerie Vogel ([email protected])
Rodney Petersen ([email protected])
Look for These Hot Topics in 2012…
Metrics & Benchmarking
 Cloud Computing & Services
 Consumerization & Mobility
 Enterprise Risk Management
 IPv6
 Privacy
 Federated IdM
 Addressing the decentralized university from a
security perspective
Thank you for participating!
If you’d like to get in touch with our speakers,
please send an e-mail to
[email protected]
Related flashcards

Computer security

25 cards

Spyware removal

22 cards

Fictional hackers

61 cards

Authentication methods

31 cards

Create Flashcards