Educause Security Discussion mailing list archives
HEISC Quarterly Update, September 2016
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Thu, 1 Sep 2016 14:43:05 +0000
In case you did not see this message on the CIO list, the HEISC working groups have developed lots of new content for the community since our last update in June. Thank you, Valerie Valerie Vogel Program Manager, Cybersecurity EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/> From: Cathy Bates Date: Thursday, September 1, 2016 at 5:10 AM Subject: [CIO] HEISC Quarterly Update, September 2016 Dear Colleagues, Here it is! The information security update you have all been waiting for! The summer went by quickly, but our Higher Education Information Security Council (HEISC) working groups have been busy creating new content for our community. Please pass along this email to your leadership team and encourage them to use these new resources for your campus. The HEISC Top 3 Strategic Information Security Issues <http://er.educause.edu/articles/2016/1/the-2016-top-3-strategic-information-security-issues> that were identified at the beginning of this year continue to be a clear focus in creating new resources especially for higher education. #1: Ensuring that members of the institutional community (students, faculty, staff) receive information security education and training. This quarter we took a deep-dive into exploring how institutions provide information security education and training, from the programs themselves to the professionals that provide the training. HEISC members contributed to two new ECAR resources in this area: * Higher Education Information Security Awareness Programs<https://library.educause.edu/resources/2016/8/higher-education-information-security-awareness-programs> (ECAR subscription required) * The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies <https://library.educause.edu/resources/2016/8/the-successful-security-awareness-professional-foundational-skills-and-continuing-ed-strategies> (ECAR subscription required) * We are also very pleased with the positive feedback that we have received over the summer regarding the 2016 Annual Campus Security Awareness Campaign<http://www.educause.edu/securityawareness>. Several members of the community have let us know how valuable these resources have been as they plan for awareness activities for National Cyber Security Awareness Month or as part of the institution’s broader awareness and training efforts. It’s time to look at this resource as you plan your NCSAM programming! #2: Developing an effective information security strategy that responds to institutional organization and culture and that elevates information security concerns to institutional leadership. Several resources were created and published this quarter that look at the state of higher education information security and privacy programs: * HEISC co-chair, Melissa Woo, shares her thoughts on leadership in The CIO Minute: CIO and CISO<http://er.educause.edu/multimedia/2016/6/the-cio-minute-cio-and-ciso> (video) * 2016 CDS Spotlight on Information Security<https://library.educause.edu/resources/2016/8/cds-spotlight-information-security> provides statistics on information security programs from the Core Data Service (ECAR subscription required) * The guest blog Anatomy of a Sustainable Information Security Program<http://er.educause.edu/blogs/2016/8/anatomy-of-a-sustainable-information-security-program> provides context and a high-level framework for building a new infosec program in higher ed * The newly published Higher Education CPO Primer, Part 1: A Welcome Kit for Chief Privacy Officers in Higher Education<https://library.educause.edu/resources/2016/8/the-higher-education-cpo-primer-part-1-a-welcome-kit-for-chief-privacy-officers-in-higher-education> provides an introduction to how privacy issues play out in higher education. Part 2, a roadmap to developing a higher education privacy program, will follow soon. * On September 20 we will be hosting our rescheduled webinar, Weathering the Storm: Business Continuity and Disaster Recovery in Higher Education<http://www.educause.edu/events/weathering-storm-business-continuity-and-disaster-recovery-higher-education>, to help surface the role of IT in institutional contingency planning. #3: Planning for and implementing next-generation security technologies to respond to evolving threats. Understanding the technologies used by information security professionals to improve campus security has also been a focus this quarter: * Published a Technology Spotlight on PKI<https://library.educause.edu/resources/2016/6/public-key-infrastructure-technology-spotlight> (ECAR subscription required), followed by a guest blog on PKI<http://er.educause.edu/blogs/2016/6/confused-about-pki-dont-worry-it-leaders-might-be-confused-too> describing some of the misconceptions about public key infrastructure * Published a new resource on the benefits and potential risks of using eduroam<https://library.educause.edu/resources/2016/7/eduroam> Since June, we have posted over a dozen guest blogs in the Security Matters column<http://er.educause.edu/columns/security-matters> in EDUCAUSE Review on various information security and privacy topics of interest. Please let us know if these resources have been of use to you. Your feedback is invaluable and we hope you will continue to let us know how we can provide useful and meaningful content that can help strengthen your programs and departments. Next quarter we look forward to the 2016 EDUCAUSE Annual Conference, where a number of HEISC members will be presenting on information security, privacy, risk management, and leadership topics. We hope to see you in Anaheim during EDUCAUSE 2016! Thank you, Melissa Woo and Cathy Bates, HEISC Co-Chairs www.educause.edu/security<http://www.educause.edu/security>
Current thread:
- HEISC Quarterly Update, September 2016 Valerie Vogel (Sep 01)