Building a Standards-Based Information Security Program

Safeguarding IT assets and protecting community members' privacy is an important goal for colleges and universities. IT organizations play an important leadership role as information is increasingly part of an institution's cyberassets. This session will describe institutional models for building information security programs that are based on proven industry and international frameworks and standards. The EDUCAUSE/Internet2 Computer and Network Security Task Force is leveraging ISO 27002 for information security management and cross-referencing other standards and frameworks (e.g., NIST guidance, PCI DSS, COBIT, etc.) in the Effective IT Security Practices Guide developed for institutions of higher education.