HEISC Quarterly Update, September 2016

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

In case you did not see this message on the CIO list, the HEISC working groups have developed lots of new content for 
the community since our last update in June.
Thank you,
Valerie

Valerie Vogel Program Manager, Cybersecurity

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>

From: Cathy Bates
Date: Thursday, September 1, 2016 at 5:10 AM
Subject: [CIO] HEISC Quarterly Update, September 2016


Dear Colleagues,


Here it is! The information security update you have all been waiting for! The summer went by quickly, but our Higher 
Education Information Security Council (HEISC) working groups have been busy creating new content for our community. 
Please pass along this email to your leadership team and encourage them to use these new resources for your campus.


The HEISC Top 3 Strategic Information Security Issues 
<http://er.educause.edu/articles/2016/1/the-2016-top-3-strategic-information-security-issues> that were identified at 
the beginning of this year continue to be a clear focus in creating new resources especially for higher education.


#1: Ensuring that members of the institutional community (students, faculty, staff) receive information security 
education and training. This quarter we took a deep-dive into exploring how institutions provide information security 
education and training, from the programs themselves to the professionals that provide the training. HEISC members 
contributed to two new ECAR resources in this area:

  *   Higher Education Information Security Awareness 
Programs<https://library.educause.edu/resources/2016/8/higher-education-information-security-awareness-programs> (ECAR 
subscription required)

  *   The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies 
<https://library.educause.edu/resources/2016/8/the-successful-security-awareness-professional-foundational-skills-and-continuing-ed-strategies>
 (ECAR subscription required)

  *   We are also very pleased with the positive feedback that we have received over the summer regarding the 2016 
Annual Campus Security Awareness Campaign<http://www.educause.edu/securityawareness>. Several members of the community 
have let us know how valuable these resources have been as they plan for awareness activities for National Cyber 
Security Awareness Month or as part of the institution’s broader awareness and training efforts. It’s time to look at 
this resource as you plan your NCSAM programming!


#2: Developing an effective information security strategy that responds to institutional organization and culture and 
that elevates information security concerns to institutional leadership. Several resources were created and published 
this quarter that look at the state of higher education information security and privacy programs:

  *   HEISC co-chair, Melissa Woo, shares her thoughts on leadership in The CIO Minute: CIO and 
CISO<http://er.educause.edu/multimedia/2016/6/the-cio-minute-cio-and-ciso> (video)

  *   2016 CDS Spotlight on Information 
Security<https://library.educause.edu/resources/2016/8/cds-spotlight-information-security> provides statistics on 
information security programs from the Core Data Service (ECAR subscription required)

  *   The guest blog Anatomy of a Sustainable Information Security 
Program<http://er.educause.edu/blogs/2016/8/anatomy-of-a-sustainable-information-security-program> provides context and 
a high-level framework for building a new infosec program in higher ed

  *   The newly published Higher Education CPO Primer, Part 1: A Welcome Kit for Chief Privacy Officers in Higher 
Education<https://library.educause.edu/resources/2016/8/the-higher-education-cpo-primer-part-1-a-welcome-kit-for-chief-privacy-officers-in-higher-education>
 provides an introduction to how privacy issues play out in higher education. Part 2, a roadmap to developing a higher 
education privacy program, will follow soon.

  *   On September 20 we will be hosting our rescheduled webinar, Weathering the Storm: Business Continuity and 
Disaster Recovery in Higher 
Education<http://www.educause.edu/events/weathering-storm-business-continuity-and-disaster-recovery-higher-education>, 
to help surface the role of IT in institutional contingency planning.


#3: Planning for and implementing next-generation security technologies to respond to evolving threats. Understanding 
the technologies used by information security professionals to improve campus security has also been a focus this 
quarter:


  *   Published a Technology Spotlight on 
PKI<https://library.educause.edu/resources/2016/6/public-key-infrastructure-technology-spotlight> (ECAR subscription 
required), followed by a guest blog on 
PKI<http://er.educause.edu/blogs/2016/6/confused-about-pki-dont-worry-it-leaders-might-be-confused-too> describing some 
of the misconceptions about public key infrastructure

  *   Published a new resource on the benefits and potential risks of using 
eduroam<https://library.educause.edu/resources/2016/7/eduroam>


Since June, we have posted over a dozen guest blogs in the Security Matters 
column<http://er.educause.edu/columns/security-matters> in EDUCAUSE Review on various information security and privacy 
topics of interest. Please let us know if these resources have been of use to you. Your feedback is invaluable and we 
hope you will continue to let us know how we can provide useful and meaningful content that can help strengthen your 
programs and departments.


Next quarter we look forward to the 2016 EDUCAUSE Annual Conference, where a number of HEISC members will be presenting 
on information security, privacy, risk management, and leadership topics. We hope to see you in Anaheim during EDUCAUSE 
2016!


Thank you,

Melissa Woo and Cathy Bates, HEISC Co-Chairs

www.educause.edu/security<http://www.educause.edu/security>