Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 16, 20061 Network Planning Task Force Information Security Strategy.

Published byAlia Stein Modified over 9 years ago

Similar presentations

Presentation on theme: "October 16, 20061 Network Planning Task Force Information Security Strategy."— Presentation transcript:

1 October 16, 20061 Network Planning Task Force Information Security Strategy

2 2 NPTF FY ’07 Members ■ Mary Alice Annecharico/Rod MacNeil, SOM ■ Robin Beck, ISC ■ Chris Bradie/Dave Carrol, Business Services ■ Cathy DiBonaventura, School of Design ■ Geoff Filinuk, ISC ■ John Keane/ Grover McKenzie, Library ■ John Irwin, GSE ■ Marilyn Jost, ISC ■ Deke Kassabian /Melissa Muth, ISC ■ Doug Berger/ Manuel Pena, Housing and Conference Services ■ Mike Weaver, Budget Mgmt. Analysis ■ Dominic Pasqualino, OAC ■ James Kaylor, CCEB ■ Helen Anderson, SEAS ■ Kayann McDonnell, Law ■ Donna Milici, Nursing ■ Dave Millar, ISC ■ Michael Palladino, ISC (Chair) ■ Jeff Fahnoe, Dental ■ Mary Spada, VPUL ■ Marilyn Spicer, College Houses ■ Steve Stines / Joseph Shannon, Div. of Finance ■ Ira Winston, SEAS, SAS, School of Design ■ Mark Aseltine/ Mike Lazenka, ISC ■ Ken McCardle, Vet School ■ Brian Doherty, SAS ■ Richard Cardona, Annenberg ■ Deirdre Woods/Bob Zarazowski, Wharton

3 3 Meeting Schedule – FY ‘07 ■ Meetings 1:30-3:00pm, 3401 Walnut Street ■ Fall Meetings / Process ■ Intake and Current Status Review – August 21 ■ Agenda Setting & Focus Group Planning – September 18 ■ Strategy Discussions – October 2 ■ Security Strategy Discussions – October 16 (357A) ■ Strategy Discussions – October 30 ■ Prioritization – November 6 ■ Focus Group Feedback – November 20 ■ Rate Setting – December 04

4 4 Security Feedback from 8/21 ■ Review of what we are currently doing and where we are going and policy impact on LSPs. ■ Review of each step and our response/procedures including prevention, detection, escalation, impact of incidents and forensics. ■ Connecting the appropriate people – having a local security provider and a privacy security liaison. ■ A need for low probability / high catastrophe case studies with a playbook type response. (Business continuity type tabletop exercises) Brown bag lunch? ■ Encryption ■ Scan and Block

5 5 Other security concerns or priorities?

6 6 FY07 Information Security Initiatives ■ Achieve Full Payment Card Industry Standards Compliance ■ Scan and Block available for implementation in 5 or more University areas. ■ SPIA ■ Complete Early Adopters project ■ Implement Risk Management and Reporting ■ Pilot Campus Authorization Service ■ Evaluate Security Incident Tracking and Management ■ LSP Security Certification ■ 2007 SANS Windows Security Class

7 7 Possible Policy Directions Jul 1, 2007■ Scanned monthly ■ Password cracking twice/year ■ Accounts disabled when employees leave ■ Physically secure ■ Management overseen by full time IT ■ professional Jul 1, 2008■ Mandatory backup and recovery for ■ Operational Data ■ Firewall (or comparable) for confidential data Jul 1, 2009■ Intrusion detection for confidential data ■ Schools/Centers must identify Personal Computing Devices that pose a significant threat and employ encryption and personal firewall

8 8 Encryption ■ Pros ■ Encrypting disks or file systems are now widely available within operating systems of all supported platforms. ■ Offers considerable protection from some of our most likely threats: theft of portable computing devices, if used in conjunction with other methods. ■ Cons ■ Associated support cost and limited pilot experience ■ Risk of total loss of data requires backup of encrypting keys. ■ Will require additional spending on storage. ■ Not widely available as standard option in common PDAs.

9 9 Personal Computing Device Security ■Scope: Laptops, PDAs, Blackberries, Treos, USB storage, iPods, etc. ■Background/Issues ■Specifically included in “risk assessment” section of proposed critical host policy. ■PDAs not as mature a market as desktops/laptops w/r/t security. Solutions are many and varied. No silver bullets -- lots of point solutions for many and varied devices. Sometimes security can be achieved with configuration changes, but sometimes requires 3rd party products. ■Personal ownership and shared family use at home complicates matters.

10 10 Possible Personal Computing Device Security Strategy ■ Short-term ■ Require basic protections such as encryption, strong passwords, anti-virus (where available) and best practice configuration. ■ Long-term ■ Preference to keep confidential data off of personal computing devices. ■ Otherwise, waiver required with compensating controls. ■ Provide secure remote access to secure, decentralized servers ■ May require broad use of virtual private networks or comparable feature. ■ Standards apply irrespective of ownership ■ Devices are for exclusive use of employee

11 11 Possible Plans FY07FY08FY09Beyond ■ Create documentation for recommended security configurations for most common devices ■ Evaluate 3rd party mobile data security tools and services. ■ Develop a secure remote access strategy. ■ Develop a strategy for protecting mobile devices, poss. to include key recovery ■ Pilot a central file service (e.g. WebDav). ■ Pilot mobile data security tools as appropriate ■ Design and implement secure remote access pilot. ■ Develop decentralized IDS strategy. ■ In policy, require encryption of confidential data. ■ Roll out WebDav, secure remote access, mobile security tools as approp. ■ Design and pilot decentralized IDS. ■ In policy, forbid confidential data on portable devices without a waiver. ■ Universal access control: authentication, scan and block ■ Perimeter firewall

Download ppt "October 16, 20061 Network Planning Task Force Information Security Strategy."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Security for Mobile Devices

Security for Mobile Devices
The International Security Standard

The International Security Standard
1 NETWORK PLANNING TASK FORCE August 2, 2004 “SUMMER FOCUS GROUP SESSION ”

1 NETWORK PLANNING TASK FORCE August 2, 2004 “SUMMER FOCUS GROUP SESSION ”
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Security Controls – What Works

Security Controls – What Works
1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
1 NETWORK PLANNING TASK FORCE November 15, 2004 FALL FY 2005 MEETINGS “STRATEGIC DISCUSSIONS”

1 NETWORK PLANNING TASK FORCE November 15, 2004 FALL FY 2005 MEETINGS “STRATEGIC DISCUSSIONS”
11/29/20041 Network Planning Task Force “Consensus Building: Preliminary Rate Setting”

11/29/20041 Network Planning Task Force “Consensus Building: Preliminary Rate Setting”
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 NETWORK PLANNING TASK FORCE November 01, 2004 FALL FY 2005 MEETINGS “OPERATIONAL DISCUSSIONS”

1 NETWORK PLANNING TASK FORCE November 01, 2004 FALL FY 2005 MEETINGS “OPERATIONAL DISCUSSIONS”
1 NETWORK PLANNING TASK FORCE August 16, 2004 SUMMER FOCUS GROUP SESSIONS “SETTING THE AGENDA”

1 NETWORK PLANNING TASK FORCE August 16, 2004 SUMMER FOCUS GROUP SESSIONS “SETTING THE AGENDA”
1 NETWORK PLANNING TASK FORCE “ SUMMER PLANNING SESSIONS ” 8/01/05.

1 NETWORK PLANNING TASK FORCE “ SUMMER PLANNING SESSIONS ” 8/01/05.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Similar presentations

Ads by Google