An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,
Post on 23-Dec-2015
217 Views
Preview:
Transcript
An Introduction to EDUCAUSEand the
EDUCAUSE/Internet2Security Task Force
Steve WoronaDirector of Policy and Networking Programs
EDUCAUSE
CISSEWashington, D.C.
June 5, 2003
CISSE – Washington, D.C.
“I am your worst nightmare!”
Dr. Corey Schou,Idaho State
CISSE – Washington, D.C.
Today’s Highlights fromMary Ann and Dan “Write good code, not cool code” “Do research to solve the right
problem” “Seize all reasonable opportunities
to partner”
CISSE – Washington, D.C.
Today’s Highlights fromMary Ann and Dan “Write good code, not cool code” “Do research to solve the right
problem” “Seize all reasonable opportunities
to partner”
CISSE – Washington, D.C.
About EDUCAUSE Membership association to advance
information technology in higher education
1800 member institutions Colleges, universities, corporate
partners Publications, paper and electronic Annual national conference (~7,000) 6 Annual Regional conferences Public policy initiatives
CISSE – Washington, D.C.
EDUCAUSE:History and Legacy 1998: Merger of CAUSE and Educom
Educom b.1964 with Kellogg Foundation grants to encourage use of computing in higher education
CAUSE b.1971 from earlier group (1962) formed to exchange hardware/software expertise on compus
[Step]Children BITNET NTTF Internet2 CNI
CISSE – Washington, D.C.
EDUCAUSE Activities:Net@EDU Emerged from NTTF & FARNET Mission: “To advance the evolution of a global
networking environment that best supports the transformation of Higher Education through information technology.”
~100 member campuses Annual meeting Working groups
PKI Broadband Wireless ICS (VoIP)
CISSE – Washington, D.C.
EDUCAUSE Activities:.EDU DoC Cooperative Agreement Nov.
2001 Transition from VeriSign/NSI Registrar, Registry
Outsourced to VeriSign thru August, 2003 Limitations
Old names grandfathered New names limited to accredited inst’s
Regional accreditation vs DofEducation list One name/institution
Policy issues Systems; licensing; international; …
CISSE – Washington, D.C.
EDUCAUSE Activities:PKI PKI Working Group (Net@EDU) NSF Middleware Initiative (NMI)
Internet2/EDUCAUSE/SURA Common middleware for campus
infrastructure and GRIDS Shibboleth, eduperson, …
Higher-Ed Root Formerly CREN, now Internet2 Pre-loaded into browsers
HEBCA (Higher-Ed Bridge CA) Cloned from FBCA Pilots, old and new HEPKI Council
CISSE – Washington, D.C.
Other EDUCAUSE Activities EDUCAUSE/Cornell Institute for
Computer Policy and Law Annual seminar in Ithaca July 8-11
ANMSI NLII ECAR JCP2P (Higher Education+RIAA/MPAA) EDUCAUSE Live! EDUCAUSE/Internet2 Security TF
CISSE – Washington, D.C.
The Security TF and theNational Strategy Creation of EDUCAUSE/Internet2 Computer and Network
Security Task Force – July 2000See www.educause.edu/security
Framework for Action - April 2002See security.internet2.edu/ActionStatement.pdf
National Strategy to Secure Cyberspace Nat’l Strategy Questions - April 20, 2002
See www.gcn.com/cybersecurity Higher Education Contribution to National Strategy to Secure
Cyberspace (July 2002)See www.educause.edu/security/national-strategy
NSF-Funded Workshops – Summer/Fall 2002 DRAFT Released - September 18, 2002
See www.securecyberspace.gov Release of Nat’l Strategy – February 14, 2003
CISSE – Washington, D.C.
Framework for Action:April, 2002 Make IT security a higher and more visible priority in
higher education Do a better job with existing security tools, including
revision of institutional policies Design, develop and deploy improved security for future
research and education networks Raise the level of security collaboration among higher
education, industry and government Integrate higher education work on security into the
broader national effort to strengthen critical infrastructure
CISSE – Washington, D.C.
National Strategy Priorities A National Cyberspace Security
Response System A National Cyberspace Security
Threat and Vulnerability Reduction Program
A National Cyberspace Security Awareness and Training Program
Securing Governments’ Cyberspace National Security and International
Cyberspace Security Cooperation
CISSE – Washington, D.C.
Strategic Objectives of Nat’l Strategy
Prevent cyber attacks against America’s critical infrastructures
Reduce national vulnerability to cyber attacks; and
Minimize damage and recovery time from cyber attacks that do occur
CISSE – Washington, D.C.
Higher Ed and National StrategyNational Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate:
one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities;
an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks;
model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity;
one or more sets of best practices for IT security; and, model user awareness programs and materials.
CISSE – Washington, D.C.
NSF-Funded Workshops 2002 Higher Ed Values and Principles
August – Columbia University Security Architecture and Policy
August – Chicago Security in the Research Environment
October – Washington Higher Education IT Security Summit
November – Washington
CISSE – Washington, D.C.
Higher Ed IT Environments Technology Environment
Distributed computing and wide range of hardware and software from outdated to state-of-the-art
Increasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challenges
Leadership Environment Reactive rather than proactive Lack of clearly defined goals (what do we need to protect
and why) Academic Culture
Persistent belief that security & academic freedom are antithetical
Tolerance, experimentation, and anonymity highly valued
CISSE – Washington, D.C.
Action Agenda Organization and Information
Sharing Education and Awareness Policies, Procedures, and Standards Security Architecture and Tools Incident Response and Reporting Cybersecurity Research &
Development
CISSE – Washington, D.C.
Organization & Info SharingGoal: To create the capacity for a college or university to effectively deploy
a comprehensive security architecture (education, policy, and technology); and to leverage the collective wisdom and expertise of the higher education community.
Programs: EDUCAUSE/Internet2 Computer and Network Security Task Force
Security Resource for Higher Education Web Site Security Discussion Group
Higher Education Information Technology Alliance Research & Educational Networking Information Sharing and Analysis
Center (REN-ISAC)Initiatives: Empowering CIO’s and Establishing Authority/Responsibility at the
Cabinet Level Identifying 24x7 Campus Contacts for Emergencies and Law
Enforcement Requests EDUCAUSE Security Newsletter
CISSE – Washington, D.C.
Incident Response and ReportingGoal:
Improve the ability of higher education institutions to respond to computer incidents and develop appropriate reporting mechanisms for sharing information and measuring progress.
Programs: Computer Emergency Response Team/Coordination Center
(CERT/CC) Forum of Incident Response Teams (FIRST) Research and Educational Networking ISAC (REN-ISAC)Initiatives: Provide Education and Assistance in the Creation of Incident
Response Teams Develop Common Incident Categories Across Higher Education
(working with Industry and Government) Establish Incident Reporting Standards, Systems, and Mechanisms
CISSE – Washington, D.C.
ACE Letter to Presidents Set the tone: ensure that all campus stakeholders know
that you take Cybersecurity seriously. Insist on community-wide awareness and accountability.
Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment.
Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting.
Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks.
Security Professionals Workshop
April 22-23, 2003 Temecula, California
CISSE – Washington, D.C.
Key Players in Higher-Ed It Security:Important roles for all
Researchers Faculty System-admins Network-admins Software companies Hardware companies Students Campus auditors
CIO’s Presidents/Provosts Funding agencies Legislators Campus attorneys K-12 teachers Parents …
CISSE – Washington, D.C.
Opportunities to Collaborate Present at EDUCAUSE conferences Put material in EDUCAUSE library Publish in EDUCAUSE journals Joint conferences, meetings,
workshops Feedback loop with REN-ISAC Job opportunities for graduates Studies/surveys via ECAR Vendor communication Cross-link Web pages Your idea here…
CISSE – Washington, D.C.
For more information and collaboration www.educause.edu/security
Rodney Petersen, EDUCAUSE Michael Roberts, Internet2 Dan Updegrove, UT-Austin Gordon Wishon, Notre Dame
top related