The Denver Marriott City Center was filled with information security professionals from around the world on April 10-12 to attend the 2006 Educause & Internet2 Security Professionals Conference. Julia Emko, IT security public relations coordinator, was there to represent the University of Florida IT Security Team.

A few of the sessions attended by Emko were: Establishing an Information Security Program, Effective Implementation of a Security Program and Security Plan, an Awareness and Training round table discussion, Information Sharing the MOREnet Way: How Not to Keep Secrets, and Security Awareness Day: How It Can Work for You!.

"It was great to meet so many people with so many of the same problems and still come away feeling that the UF security team is a frontrunner in its field," said Emko.

Emko's favorite session was the full-day session, Establishing an Information Security Program. Cedric Bennett, Emeritus director of Information Security Service at Stanford University and Carol Myers, director of College Technology at Paradise Community College, co-presented. Group activities during the presentation required attendees to talk about security issues and trends at their schools. Training, awareness, data security and commitment from upper-management were common concerns among attendees.

One of the longer group activities required reading a mock scenario of a current popular trend in which a school experienced a major security breech that required notifications to individuals whose private data might have been exposed. Communications, both internal and external, was also a main concern of the mock scenario.

Emko felt she contributed most to this activity since she recently developed a crisis communication plan for the UF IT Security Team. She said that no other person in her group had a communications plan and only a few in the session had one. Bennett and Myers emphasized the importance of a communications plan and that the plan should also have a test-run every year to keep it updated and relevant.

The round table discussion for awareness and training was also a favorite of Emko's. About eight to ten people, from varied backgrounds, discussed their training and awareness efforts. Emko said everyone agreed that creating the message, getting it out, changing behaviors and reaching the target audience is a struggle not yet conquered.

Other things Emko learned throughout the conference was that forming faculty, staff and student advisory committees can be beneficial to support and solutions, security awareness messages should be delivered with humor and repetition, and that measuring the outcome of security efforts is difficult so sometimes an annual report can aid in this endeavor. These, among other learned things, are concerns Emko hopes to address at UF.

"I am very proud of our security team and believe we have a lot to offer other schools," said Emko, "I hope we can send a speaker to the event next year."

Additional information about the Educause conference can be found at http://www.educause.edu/sec06 .