January 28, 2004
Computer and Network Security Task Force today announced the
release of the first-ever Effective Security Practices Guide
for the higher education community, providing practical approaches
to preventing, detecting, and responding to IT security problems
in a wide range of higher education environments. The guide
is the result of a collaborative effort involving college and
university information security professionals and includes contributions
from Bethune-Cookman College; Brown University; California State
University, San Bernardino; Georgia Institute of Technology;
Indiana University; University of Notre Dame; The Pennsylvania
State University; University of Maryland, Baltimore County;
Yale University; and many others.
Designed for colleges
and universities, the guide balances the need for security with
an open, collaborative networking environment and low-cost solutions.
"By addressing the
growing security challenges facing colleges and universities,
this guide helps ensure the higher education community can continue
to rely on networking to support its requirements for open communication,"
said Gary Bachula, Internet2 vice president of external relations.
"Security is increasingly critical to enabling students, faculty,
and staff to use information technologies to learn, work, and
According to Gordon
Wishon, chief information officer at the University of Notre
Dame and co-chair of the Security Task Force, "One of the most
frequent requests the Security Task Force has received over
the course of its existence is guidance on how to implement
security programs and security architectures in the extremely
demanding higher education environment. Our members want real-world
solutions that work in real-world situations. The Task Force
is happy to make this compilation of real-world solutions available
to all of our members and to all institutions who are struggling
to secure their campus borders."
As a primer to establishing
a comprehensive IT security program on campus, the guide contains
resources on "where to begin," including awareness, policies,
and risk assessment and detailed descriptions of tools for implementing
a security strategy. Topics covered include network and host
vulnerability assessment, security architecture design, network
and host security implementation, intrusion and virus detection,
incident response, and encryption and authentication. The guide
also links to more than 30 effective practices and solutions
contributed by members of the higher education community.
The guide fulfills
a recommendation from the National Strategy to Secure Cyberspace
for colleges and universities "...to secure their cyber systems
by establishing one or more sets of best practices for IT security."
Additionally, it meets the for Action, designed to improve information
technology security in higher education, that was issued in
April 2002 and endorsed by leading national higher education
associations committed to doing "a better job with existing
"The guide helps us
move beyond communicating why security is important to enabling
colleges and universities to utilize the most effective practices
and solutions known to work in their local environments," according
to Mark Luker, vice president of EDUCAUSE.
* Access the Effective
Security Practices Guide. http://www.educause.edu/security/guide
* View more information
about the higher education contribution to the National Strategy
to Secure Cyberspace and about the Framework for Action. http://www.educause.edu/security/national-strategy/