Effective it Security Practices Guide for Higher Education Released by Educause/Internet2 Computer and Network Security Task Force

January 28, 2004

The EDUCAUSE/Internet2 Computer and Network Security Task Force today announced the release of the first-ever Effective Security Practices Guide for the higher education community, providing practical approaches to preventing, detecting, and responding to IT security problems in a wide range of higher education environments. The guide is the result of a collaborative effort involving college and university information security professionals and includes contributions from Bethune-Cookman College; Brown University; California State University, San Bernardino; Georgia Institute of Technology; Indiana University; University of Notre Dame; The Pennsylvania State University; University of Maryland, Baltimore County; Yale University; and many others.

Designed for colleges and universities, the guide balances the need for security with an open, collaborative networking environment and low-cost solutions.

"By addressing the growing security challenges facing colleges and universities, this guide helps ensure the higher education community can continue to rely on networking to support its requirements for open communication," said Gary Bachula, Internet2 vice president of external relations. "Security is increasingly critical to enabling students, faculty, and staff to use information technologies to learn, work, and collaborate."

According to Gordon Wishon, chief information officer at the University of Notre Dame and co-chair of the Security Task Force, "One of the most frequent requests the Security Task Force has received over the course of its existence is guidance on how to implement security programs and security architectures in the extremely demanding higher education environment. Our members want real-world solutions that work in real-world situations. The Task Force is happy to make this compilation of real-world solutions available to all of our members and to all institutions who are struggling to secure their campus borders."

As a primer to establishing a comprehensive IT security program on campus, the guide contains resources on "where to begin," including awareness, policies, and risk assessment and detailed descriptions of tools for implementing a security strategy. Topics covered include network and host vulnerability assessment, security architecture design, network and host security implementation, intrusion and virus detection, incident response, and encryption and authentication. The guide also links to more than 30 effective practices and solutions contributed by members of the higher education community.

The guide fulfills a recommendation from the National Strategy to Secure Cyberspace for colleges and universities "...to secure their cyber systems by establishing one or more sets of best practices for IT security." Additionally, it meets the for Action, designed to improve information technology security in higher education, that was issued in April 2002 and endorsed by leading national higher education associations committed to doing "a better job with existing tools."

"The guide helps us move beyond communicating why security is important to enabling colleges and universities to utilize the most effective practices and solutions known to work in their local environments," according to Mark Luker, vice president of EDUCAUSE.

* Access the Effective Security Practices Guide. http://www.educause.edu/security/guide

* View more information about the higher education contribution to the National Strategy to Secure Cyberspace and about the Framework for Action. http://www.educause.edu/security/national-strategy/