Cybersecurity Program Director, EDUCAUSE
In today’s tech-centric world, higher education institutions are rapidly changing their digital environments. With the boundless intake of data and information, the need for extended security and privacy measures has never been more important in colleges and universities.
The world is becoming increasingly interconnected and access to information is more readily available, which can put students and institutions at risk.
One avenue of risk in particular is the rise of cloud service adoption across higher education. Colleges and universities are deploying cloud-based services that must be assessed for managing the risks to the confidentiality, integrity, and availability of sensitive institutional information, and the personally identifiable information of users.
Campus IT environments are continuously adapting to develop new security and privacy measures, but both cloud solution providers and campus administrators are wasting precious time creating, responding to, and reviewing such assessments.
The EDUCAUSE Cybersecurity Program, led by the Higher Education Information Security Council (HEISC), is one solution available to create a more secure campus. Together, they provide coordination and collaboration in information security, aimed at supporting higher education institutions by helping guide and improve information security governance, compliance, data protection, and privacy programs.
HEISC develops and promotes information security leadership, awareness, and understanding; effective practices and policies; and guidance for the protection of critical data, IT assets, and infrastructures.
Further assistance for campus security initiatives comes from the Higher Education Community Vendor Assessment Toolkit (HECVAT), which was created by the HECVAT Working Group, a collaboration between 26 higher education institutions with support from EDUCAUSE, Internet2, and the REN-ISAC. The HECVAT attempts to generalize higher ed information security and data protection questions and issues regarding cloud services for consistency and ease of use based on this matrix:
- Helps higher education institutions ensure cloud services are appropriately assessed for security and privacy needs, including some that are unique to higher education
- Allows a consistent, easily adopted methodology for campuses that wish to reduce costs through cloud services without increasing risks
- Reduces the burden that cloud service providers face in responding to requests for security assessments from higher education institutions
Understanding the “why”
Although we know data privacy and information security are important, many do not understand whythey are significant.
In order to improve awareness about the gravity of data privacy, the Campus Security Awareness Campaign, created by the HEISC Awareness and Training Community Group, is a framework that is designed to support security professionals and IT communicators year-round as they develop or enhance their own security awareness plans to better protect their campuses. Each year, the campaign includes 12 “Security Matters” blog posts on monthly topics with ready-made content for campus communication channels.
The annual EDUCAUSE Security Professionals Conference provides additional support for campus IT professionals. The conference is the only higher-education focused event that gives participants a chance to network, and discuss information security and privacy trends and issues with peers and corporate partners.
The 2020 conference will introduce future faces of the cybersecurity community — the students — and give them the opportunity to meet and mingle with participants while learning more about the profession.
The higher education cybersecurity, information security, and privacy communities are the epitomize the importance of working in collaboration. Each day we work toward a stronger and safer community, I am reminded of a quote by Helen Keller, which is one of my favorites: “Alone we can do so little; together we can do so much.”