educause computer and network security task force
DESCRIPTION
EDUCAUSE Computer and Network Security Task Force. Rodney J. Petersen Director, Policy and Planning Office of Information Technology University of Maryland. Service Provider Security. - PowerPoint PPT PresentationTRANSCRIPT
EDUCAUSE Computer and Network Security Task Force
Rodney J. PetersenDirector, Policy and Planning
Office of Information Technology
University of Maryland
Service Provider Security
According to Gartner, service providers must implement a solid set of security services to safeguard applications and data across the following areas:
Network Platform Applications Operations End Services
Headlines FBI Advises Windows XP Users On
Measures to Block Hackers AOL confirms security hold in AOL
Instant Messenger (AIM) GroupWise users grapple with
security bug Wireless security riddled with flaws Washtech.com Web Site Hacked
U.S. unprepared for IT warfare
Top computer security experts told a congressional committee in October that the U.S. isn’t producing the talent or the funding needed to confront the information warfare threats the country now faces.
Lieberman IT security fund
Senator Joseph Lieberman, chairman of the Senate Governmental Affairs Committee, has called for the creation of a $1 billion IT fund that would enhance homeland and information security while providing a much-needed boost to the sagging economy.
Billions needed for IT security
At least $10 billion in federal funding is needed to ensure adequate homeland cyberdefenses, according to the president of the Information Technology Association of America (ITAA), an industry group that represents more than 500 IT companies around the country.
IT Spending On Security 53 percent of IT managers said they
expect to devote a higher proportion of their total IT budgets to security compared with spending in 2001
59 percent of companies said they expect their 2002 IT budgets to decline or stay the same as their 2001 budgets
Consumers Security Concerns More than 70 percent of Americans are
at least “somewhat concerned” about Internet and computer security in the wake of the Sept. 11 attacks
Roughly 74 percent of Americans are worried that the information they give out online could be stolen or misused“Keeping the Faith: Government, Information Security and Homeland Cyber Defense” - Survey of the Information Technology Association of America
Future of Law and Technology
What sorts of Internet privacy measures, those to enhance and those to diminish or prevent privacy and anonymity, will be acceptable in the wake of September 11 terrorist attacks, and what will fly under the radar using prevention of terrorism as an excuse?
-Jessica Litman, Professor, Wayne State University Law School Congress will pass legislation to encourage companies to
share cyber-security data with the government, by exempting such data from disclosure under the Freedom of Information Act and by providing antitrust protection for companies that collaborate on cyber-security matters.
-Ivan Fong, Senior Counsel, General Electric
Discussion Question
What types of information security challenges does your organization face?
Justice Dept. To Hire More Computer Crime Attorneys
The U.S. Justice Department has begun soliciting hundreds of resumes from attorneys skilled in computer crime and intellectual property law in an effort to keep pace with a growing caseload of cybercrime prosecutions.
“We can and must do better”
“If we don’t do this, people simply won’t be willing – or able – to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. When we face a choice between adding features and resolving security issues, we need to choose security.”
Bill Gates, Microsoft Corporation
Cyberspace Security Czar Richard Clark, Special Advisor to
the President for Cyberspace Security
Expected to be included in efforts coordinated by the Office of Homeland Security
Chairman of a yet-to-be-appointed government-industry board on critical infrastructure systems
NIST New IT Security Effort
The Department of Commerce’s National Institute of Standards and Technology (NIST) awarded $5 million total in funding in October for nine research grants that will enhance security for critical infrastructures such as electrical grids and air traffic control systems.
NIPC and IT Security The interagency National Infrastructure
Protection Center (NIPC) at FBI Headquarters serves as a national critical infrastructure entity for threat assessment, warning, vulnerability, and criminal and national security investigation, and response.
See http://www.nipc.gov
NIPC Infragard Initiative Special agents are working with
community-based computer security professionals to determine how to better protect critical information systems in the public and private sectors.
Computer Crimes Task Force http://www.infragard.net
USA PATRIOT Act Electronic Surveillance, primarily
to prevent terrorist acts Computer Trespassers Electronic Crimes Task Force to be
coordinated by the U.S. Secret Service
State Computer Crime Initiatives
Critical Infrastructure Assurance Office Development of a National
Strategy to Secure Cyberspace Issues:
Home Users Enterprises Sectors National Global
Cyber-Security Preparedness Act
Senator John Edwards introduced legislation last week to promote stonger password protections and high-tech tools to block computer “worms.” The Act, which would cost about $350 million over five years, would apply at first to federal agencies, then expand to include government contractors.
Gartner Research Note
In the post-September 11 world, academic institutions will have to combine better security infrastructure with a more rigorous “social contract” that attaches responsibilities to user rights.
Discussion Question
What steps have you taken to address computer and network security challenges at your institution?
EDUCAUSE Computer and Network Security Task Force
To work with noted security experts and partner associations including Internet2 to identify short-term actions and long-term projects to address systems security problems in higher education. It will support activities such as, a technical toolkit to help Chief Information Officers get ahead of the security curve and a policy toolkit to help campuses properly address the associated legal and ethical issues.
Task Force Leadership
Dan Updegrove, co-chair
Vice President for Information Technology
University of Texas at Austin
Gordon Wishon, co-chair
Chief Information Officer
University of Notre Dame
Committee on Detection, Prevention and Response
Co-Chairs:
Steve Hansen, Computer Security Officer Stanford University Jack Suess, Chief Information OfficerUniversity of Maryland, Baltimore County
Committee on Policy and Legal Issues
Co-Chairs:
Mark Bruhn, University IT Policy OfficerIndiana University
Rodney Petersen, Director, IT Policy & Planning
University of Maryland
Committee on Education and Awareness
Co-Chairs:
Michelle Norin, Director for IT OutreachUniversity of Arizona Gordon Wishon, Chief Information OfficerUniversity of Notre Dame
Committee on Emerging Technologies
Co-Chairs
Clifford Collins, Chair I2 Security Working Group
OARnet Ken KlingensteinDirector, Middleware Initiative, Internet2Chief Technology, University of Colorado
Funding Proposal
Proposal for Identifying and Implementing
a Coordinated Strategy for Computer and Network Security
for Higher Education
Identify Problem and Develop Preliminary Plans Phase One (months 1-3)
Convene Meeting of Computer & Network Security Experts
Convene Meeting of Research, Security, and Policy Experts
Commission Papers, Reports, and Case Studies
Develop Plan and Implementation Strategy Phase Two (month 4)
Convene Summit on Computer & Network Security in Higher Education
Convene Meeting of Task Force on Computer and Network Security
Implement Plan and Strategies Phase Three (months 5-16)
Pursue Implementation Strategies Convene Quarterly Meetings of Task
Force on Computer and Network Security
Commission Additional Papers, Reports, and Case Studies
Outreach: Publications and Presentations
Evaluate Plan and Prepare for Next Steps Phase Four (months 17-18)
Convene Second Meeting of Computer & Network Security Experts
Convene Second Summit on Computer & Network Security
Discussion Question
How can the EDUCAUSE Computer and Network Security Task Force help you and your institution improve IT security?
Task Force Priorities Refine Organizational Structure Revitalize Volunteer Network Submit Grant Proposal Participate In Government Initiatives Coordinate Higher Education
Activities Outreach and Education
For more information:
Visit http://www.educause.edu/security
orContact Rodney Petersen Email: [email protected]
Phone: 301.405.7349