Educause Security Discussion mailing list archives

Re: future of cybersecurity in Higher Ed

From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Mon, 2 Oct 2006 08:46:08 -0600

I think there are a set of strategic security items that any given
institution is at a different point in dealing with.  Most of these tend
to be cyclical in nature and will be revisited every few years as
business needs and/or technology change.
 
Some of the major strategic topics:
 
Policy and procedure statements 
Authentication services (centralized auth, web auth)
Network security (net authN, firewalls, packet shaping)
Data/PII security (data inventory, encryption, etc)
Host security (patching, training, etc)
Malware (viruses, spyware, phishing)
Risk assessment/management
Web application security/content management
Regulation compliance (FERPA, HIPPA, GLB, etc)
 
As for IT security trends within the higher ed industry, I expect that
many of us have recently gone through, or are going through, a cycle of
data/PII security focus due to the data breaches of the past couple of
years and the buzz on identity theft in the press.  As for future items,
look for the topic of authentication services to resurface for a lot of
us as things like CardSpace get out to the end-user and we'll have to
take a look at how our authentication services fit into a user-centric
model.
 
I couldn't say what's important to your campus - it depends on your
business needs and what you've already addressed.  One should avoid
playing "follow the leader" with security (or strategic decisions in
general) and evaluate the needs of your institution.  Also, be careful
not to think of more tactical security items as being strategic - it's a
common trap of strategic planning that seems to be especially common in
the IT security realm for some reason.
 
Brad Judy
 
IT Security Office
Information Technology Services
University of Colorado at Boulder


  _____  

From: Bret R Blackman [mailto:bblackma () MAIL UNOMAHA EDU] 
Sent: Sunday, October 01, 2006 9:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] future of cybersecurity in Higher Ed



All, 

What do you see as strategic issues and serious threats in regards to
cybersecurity for Higher Education over the next 2 years?   

------------------------------------------------------------------
Bret R. Blackman
University of Nebraska at Omaha
Director of Administrative Information Services
Information Technology Services 
bblackma () mail unomaha edu

Current thread:

future of cybersecurity in Higher Ed Bret R Blackman (Oct 01)
- <Possible follow-ups>
- Re: future of cybersecurity in Higher Ed John C. A. Bambenek (Oct 01)
- Re: future of cybersecurity in Higher Ed Michael McLaughlin (Oct 02)
- Re: future of cybersecurity in Higher Ed Steve Brukbacher (Oct 02)
- Re: future of cybersecurity in Higher Ed Valdis Kletnieks (Oct 02)
- Re: future of cybersecurity in Higher Ed Brad Judy (Oct 02)
- Re: future of cybersecurity in Higher Ed Joe St Sauver (Oct 02)
- Re: future of cybersecurity in Higher Ed Jere Retzer (Oct 02)