Information Security in Higher Education


Published on

Issues in information security at educational institutions.

  • Be the first to comment

  • Be the first to like this

Information Security in Higher Education

  1. 1. INFORMATION SECURITY IN HIGHER EDUCATION Mansur Hasib – CISSP® Denison University, Granville, OH – May 12, 2011
  2. 2. OUTLINE <ul><li>The New Technology Driven World Order </li></ul><ul><li>The Future of Work </li></ul><ul><li>Security Challenges </li></ul><ul><li>Security Responsibility </li></ul><ul><li>Suggested Factors to Consider </li></ul>
  3. 3. THE NEW WORLD ORDER <ul><li>Technology Impacts Almost Every Aspect of a Community </li></ul><ul><li>Technology Connects the World and Enhances Access </li></ul><ul><li>Technology Enables Independent Research and Collaboration </li></ul><ul><li>Technology Facilitates Interdisciplinary and Interactive Learning </li></ul><ul><li>Technology Enhances Human Potential and Creativity </li></ul>
  4. 4. DEMOCRATIZATION OF TECHNOLOGY <ul><li>ENABLING EVERYONE TO PARTICIPATE </li></ul><ul><li>-FREE OR MINIMAL COST AND EFFORT- </li></ul><ul><li>Social Media </li></ul><ul><li>Social Bookmarking </li></ul><ul><li>Wikis </li></ul><ul><li>Blogs </li></ul><ul><li>Cloud Computing </li></ul><ul><li>Open Source </li></ul><ul><li>Mobile Everything </li></ul><ul><li>Virtual Everything </li></ul><ul><li>Unprecedented Rate of Change </li></ul><ul><li>Unprecedented Amount of Knowledge and Sharing </li></ul>
  5. 5. THE FUTURE IS HERE <ul><li>CHANGING NATURE OF WORK </li></ul><ul><li>-Gartner Prediction for the Next 10 Years- </li></ul><ul><li>De-routinization of Work </li></ul><ul><li>Work Swarms </li></ul><ul><li>Weak Links </li></ul><ul><li>Working with the Collective </li></ul><ul><li>Work Sketch-Ups </li></ul><ul><li>Spontaneous Work </li></ul><ul><li>Simulation and Experimentation </li></ul><ul><li>Pattern Sensitivity </li></ul><ul><li>Hyperconnected </li></ul><ul><li>My Place Source: Content and Collaboration Summit 2010, London, UK Sept 15-16, 2010 </li></ul>
  6. 6. SECURITY CHALLENGES: AVAILABILITY, INTEGRITY, CONFIDENTIALITY <ul><li>Data Distributed </li></ul><ul><li>Data in Motion </li></ul><ul><li>Sophisticated Cyber Threats </li></ul><ul><li>Exponential Costs </li></ul><ul><li>Rapid Pace of Technology Change </li></ul><ul><li>Rapid Rise of Human Factors </li></ul>
  7. 7. ADDITIONAL CHALLENGES IN ACADEMIA <ul><li>Students not Employees </li></ul><ul><li>Establish Relationship during Recruitment </li></ul><ul><li>Maintain Relationship after Graduation </li></ul><ul><li>Relationship with Parents/Community/Supporters </li></ul><ul><li>Connections to Many Internal and External Systems </li></ul><ul><li>Exact Replication of Private Sector Model Not Recommended </li></ul>
  8. 8. WHO IS RESPONSIBLE FOR INFORMATION SECURITY? <ul><li>Information Owners? </li></ul><ul><li>Information Custodians? </li></ul><ul><li>Information Security Officer? </li></ul><ul><li>Institutional Leadership? </li></ul>
  9. 9. APPROACH TO SECURITY? <ul><li>Home Security Model </li></ul><ul><li>Institutional Security Model </li></ul><ul><li>Risk Management </li></ul>
  10. 10. ROLE OF THE SECURITY OFFICER? <ul><li>Trusted Partner </li></ul><ul><li>Security Strategy Aligned with Mission and Goals </li></ul><ul><li>Help Develop Optimal Risk Strategy – “Rational Choice” </li></ul>
  11. 11. FACTORS TO CONSIDER IN ADDRESSING THE CHALLENGES <ul><li>Security Layers/Dimensions </li></ul><ul><li>Widespread Institutional Support </li></ul><ul><li>Institutional Appetite for Risk </li></ul><ul><li>Sensitivity/Ownership of Data </li></ul><ul><li>Technical Solutions Address a Small Portion </li></ul><ul><li>May Have to Rethink How Data Stored and Moved </li></ul><ul><li>Continuous Human Awareness and Education </li></ul>
  12. 12. QUESTIONS Appreciate the Opportunity to Share Some Ideas Happy to Respond to Questions [email_address] Copyright Mansur Hasib 2011. This work is the intellectual property of the author. Anyone may share and use this material for non-commercial, educational purposes provided this copyright statement is on the reproduced materials. For other use, written permission from the author required.