1 / 10

Breakout Session 2: Awareness and Training

Breakout Session 2: Awareness and Training. B2: Awareness and Education. Identification of constituencies Identification of challenge Inventory of existing programs and products Identification of gaps Identification of gap-fillers Recommendations. Methodology.

pandrea
Télécharger la présentation

Breakout Session 2: Awareness and Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Breakout Session 2:Awareness and Training

  2. B2: Awareness and Education • Identification of constituencies • Identification of challenge • Inventory of existing programs and products • Identification of gaps • Identification of gap-fillers • Recommendations

  3. Methodology • Enumerate and discuss constituencies • Association, contribution, state of affairs, challenges • For each constituency • Awareness vs Training • Identify needs • Problem areas, repeat issues • Identify and discuss solutions • Existing programs • Programs ideas

  4. Constituencies • Researchers • Scientists • Research Faculty • Research Assistants • Graduate students • Undergraduates • Institutional Review Boards/Human Subjects Committees • Visitors / affiliates • Faculty • Librarians • Students (resident versus non-resident) • Undergraduate • Graduate • Teaching Assistants

  5. Constituencies (cont) • Administrators • Senior executives, CIO -- decision makers • Policy/compliance officers • Staff, employees, email users, basic users • Power users (tinkers, meddlers) • Data custodians • Auditors • Archivists • Human resources • Student affairs • Technicians • Security Professionals • System administrators • Database administrators • Network administrators • Web administrators • Helpdesk/support staff • Programmers (Coding)

  6. Constituencies (cont) • Guests/Visitors/Transients • Collaborators • Onsite • Visiting • Members of existing community • Remote push/pull • Local • Regional • National • International • Private service partners • Contractors • Vendors • Consultants • Law enforcement • Internal • External • University services • Outreach • Alumni

  7. Opportunities for Training • EDUCAUSE/Internet2 TF Security Education/Awareness Working Group • CIOs / some IT Professionals • National CyberSecurity Alliance • General Student Body • CEIAE (60+) – variety of programs (e.g., NIATEC @ Idaho State) • Curriculum development • Self-paced training for IT Professionals • Self-paced training for Researchers? • CISSE • Faculty Bootcamp • SANS (SANS EDU) • Technicians • Certifications • Usenix • Graduate Students • Computer Science Faculty

  8. Opportunities for Training (cont) • IEEE • Graduate Students • Engineering Faculty • ACM / SIGSAC– online digital reference, journal • Computer Science Faculty • Students • Vendor • Certifications for IT staff • Free training for faculty • Open Courseware Initiative (give and take) • Source for Curriculum • Government online training (NIH, NSF, NOAA, etc.) • NSF Annual Security Awareness Training • Administrative staff • NSTISSC • Curriculum Standards • Etc (ISACA, ISSA, ACSE, …)

  9. Challenges • Reaching users, particularly researchers and scientists. • Independent, focused on their sciences • Increasingly untethered science • Fear barriers to goals • Conflicting / varying requirements between external funding bodies and local facilities and classified research sponsors • Lack of understanding / perception of broad impact of security events / benefits of security • On the one hand they are paranoid about integrity of research but on the other they decry the inconvenience of security measures • Incorporating security awareness into the culture • Limited access to trained IT support

  10. Fundamental Recommendations • Ensure that applicable aspects of security are considered at the institutional level – IRBs, job descriptions, orientation sessions, compliance training, etc. • Find and engage external organizations (higher education Presidential associations, professional organizations, academies, accreditation boards, NSF) that have the respect of and influence over these constituencies. • Promote and leverage existing opportunities. • Encourage NSF to be more aggressive in providing security awareness assistance (e.g., Guidelines for IT Security of NSF’s Large Facilities). • Encourage institutions to include technology support (IT Security) in grant proposals, especially graduate students (future researchers).

More Related