News for and about the Internet2 community

["Michelle Pollak" <>]

INFORMATION SECURITY GOVERNANCE REPORT ADDRESSES HIGHER EDUCATION

April 15, 2004 --
http://www.cyberpartnership.org/InfoSecGov4_04.pdf>"Information Security
Governance: A Call to Action" [PDF 477 KB] is a new report that urges
corporations, nonprofit organizations, and higher education institutions to
integrate effective information security governance (ISG) programs into
their organizational processes. The report details the findings and
recommendations of the Corporate Governance Task Force that was created by
the National Cyber Security Summit held in December 2003. The report was
unveiled earlier this week by the National Cyber Security Partnership and is
available from its Web site <www.cyberpartnership.org>.

Mark Luker, vice president of EDUCAUSE, chaired a subcommittee to examine
implementation of the ISG framework for educational institutions and
nonprofit organizations. He observed "Information security is of critical
importance for the conduct of both research and education in today's
networked environment. A successful security program will require that the
boards and executive leaders of our colleges and universities assume
appropriate, active roles in information security governance."  

"The report provides helpful guidance to governing boards of the private and
public and nonprofit sectors that have the fiduciary responsibility to
ensure privacy and security in their organizations," said Joy Hughes, vice
president for information technology at George Mason University, who also
participated in the subcommittee for educational and non-profit
organizations. "[The report] also provides a framework for CEOs who report
to these governing boards about the initial steps to take to create an
effective governance structure for privacy and security."

The <http://www.educause.edu/security/>EDUCAUSE/Internet2 Computer and
Network Security Task Force contributed to the report and will work to
facilitate college and university adoption of the management framework
described in the report. Working through presidential associations that are
members of the <http://www.heitalliance.org/>Higher Education Information
Technology Alliance, the Security Task Force will also encourage higher
education executives to respond to the report's call to action along with
their corporate CEO counterparts, who in many cases are already sitting on
institutional governing boards. 

The report on information security governance is the latest in a series of
task force reports resulting from the National Cyber Security Summit. The
reports contain recommendations designed to help implement the
<http://www.whitehouse.gov/pcipb/>National Strategy to Secure Cyberspace.
The <http://www.educause.edu/security/>EDUCAUSE/Internet2 Computer and
Network Security Task Force prepared the
<http://www.educause.edu/ir/library/pdf/NET0027.pdf>higher education
contribution to the National Strategy and actively participated in each of
the five summit task forces, assuming leadership roles by chairing three
subcommittees. Although the summit and task forces were originally created
with the needs of industry and the private sector in mind, the task force
deliberations were expanded to consider the pressing issues for cyber
security that affect educational institutions and nonprofit organizations. 

The other task force reports released in the past few days include:
"Awareness for Home Users and Small Businesses," "Cyber Security Early
Warning," and "Security Across the Software Development Lifecycle." The
remaining report on "Technical Standards and Common Criteria" is scheduled
for release on Monday, April 19. All of the reports are available at
<www.cyberpartnership.org>.

                                                        ###

About EDUCAUSE
EDUCAUSE is a nonprofit association whose mission is to advance higher
education by promoting the intelligent use of information technology. The
current membership comprises nearly 1,900 colleges, universities, and
education organizations, including 180 corporations. EDUCAUSE has offices in
Boulder, Colorado, and Washington, D.C. Learn more about EDUCAUSE at
<www.educause.edu/about/>. 

About INTERNET2R
Led by more than 200 U.S. universities working with industry and government,
Internet2 develops and deploys advanced network applications and
technologies for research and higher education, accelerating the creation of
tomorrow's Internet. Internet2 recreates the partnerships among academia,
industry, and government that helped foster today's Internet in its infancy.
For more information, visit <www.internet2.edu>.

CONTACTS:                       
Rodney Petersen 
Policy Analyst & Security Task Force Coordinator
EDUCAUSE

 
202-331-5368

Michelle Pollak
Media Relations Manager
Internet2

202-331-5345