Presentation is loading. Please wait.

Presentation is loading. Please wait.

Top IT Threats Facing UH Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services X.

Published byLeo Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "Top IT Threats Facing UH Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services X."— Presentation transcript:

1 Top IT Threats Facing UH Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services jodi@hawaii.edu X

2 FBI Honolulu Contact Special Agent Jimmy Chen Ph: (808) 566-4294 jimmy.chen@ic.fbi.gov Report: Suspected child pornography Intrusions/hacking attacks on systems w/ sensitive information (not just sensitive, personal information, but also intellectual property)

3 Child Pornography On a computer that DID NOT HAVE ANY PASSWORD! No accountability Could be installed by anyone Everyone could be a suspect

4 Top Security Issues at UH Copyright Violations (DMCA violations) Protecting Sensitive Info & UH Data Breaches Protecting Users, Computers & Networks WE (people) are the weakest link!

5 What ITS is seeing… Phishing Compromised accounts Increase reports of bot-infected computers Increase in DMCA notices Increase in breaches

6 Targeted Attacks Subject of phishing attacks are specifically selected Such as senior administrators & management Uses social engineering techniques Very convincing messages and images: North Carolina State University: http://www.ncsu.edu/it/security/webmail- phishing.html

7 Targeting CFOs http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/

8 Compromised UH Usernames Used to send spam & phishes 87 compromised this year <20 before July Most often victims responded to phishing emails Account used almost immediately to send spam

9 Increase in Bot Traffic ITS receiving more reports of “bot” infected machines on UH network Most Torpig & Mebroot Torpig uses fast flux DNS to change name of C&C and malware-infected sites Uses java and Twitter API to generate &register new hostnames Designed to harvest sensitive information such as credit card & bank account information

10 Copyright Violations HEOA 2008 - All universities must have: An annual disclosure to students describing copyright law and campus policies related to violating copyright law.annual disclosure A plan to “effectively combat the unauthorized distribution of copyrighted materials” by users of its network, including "the use of one or more technology-based deterrents".effectively combat A plan to "offer alternatives to illegal downloading".offer alternatives

11 Annual Disclosure

12 HEOA Compliance Compliance by July 1, 2010 Failure to do so: lose all federal financial aid!

13 UH Statistics: 2007-2010 As of 9/2010

14 DMCA Statistics As of 9/2010

15 ITS Procedures Identify and Notify If no response, block Currently, infringers are “counseled” and must sign Copyright Notification http://www.hawaii.edu/itsdocs/gen/sample_copyright_notification.pdf Failure to do so, blocked & reported to Dean of Students (or supervisor/Dean/Director) for action www.hawaii.edu/its/filesharing

16 UH Policies Executive Policy E2.210: Use and Management of Information Technology Resources http://www.hawaii.edu/svpa/ep/e2/e2210.pdf Executive Policy E2.214: Security and Protection of Sensitive Information http://www.hawaii.edu/apis/ep/e2/e2214.pdf

17 More UH Policies UH Form 92: UH General Confidentiality Notice http://www.hawaii.edu/ohr/docs/forms/uh92.pdf System-wide Student Conduct Code http://www.hawaii.edu/apis/ep/e7/e7208.pdf

18 Protecting Sensitive Info Hawaii Revised Statutes: HRS 487J - SSN Protection http://www.capitol.hawaii.gov/hrscurrent/Vol11_Ch0 476-0490/HRS0487J/ HRS 487N - Breach Disclosure http://www.capitol.hawaii.gov/hrscurrent/Vol11_Ch0 476-0490/HRS0487N/ HRS 487R - Destruction of PI Records http://www.capitol.hawaii.gov/hrscurrent/Vol11_Ch0 476-0490/HRS0487R/

19 UH Breaches RECAP 2009 April: Kapiolani CC 2010 March: Honolulu CC 2010 July: UH Manoa 2010 October (now!) OVER 100,000 exposed records!

20 October Breach Still under investigation NOT PUBLIC YET! Google indexes ftp: Check all UH public websites for sensitive information!

21 Open Source Tools Find_SSN: http://security.vt.edu/Find_SSNs/index.html Spider: http://www.cit.cornell.edu/services/spider/howto/index.cfm SENF: https://senf.security.utexas.edu/wiki/

22 Breach Notification Determined that pursuant to HRS 487N, UH required to do a “Breach Notification”: Written notification to all affected individuals Legislative Report due 20 days after discovery of breach Press Release/website

23 UNC Incident http://www.newsobserver.com/2010/10/14/739551/unc-cancer-scientist-appeals-her.html

24 Personal Information Protection POC

25 Key Items Campus designee: “Personal Information Protection” Point of Contact Limiting storage and retention of personal information to what is absolutely essential and required by law Review and strengthen internal controls over personal information

26 Annual Personal Information Survey Information Privacy & Security Council Just completed 2010 ALL systems (electronic or paper) needs to be reported http://www.hawaii.edu/its/information/survey

27 Policies and Compliance Enforce laws, regulations, policies FERPA, HIPAA, FTC Red Flags, PCI DSS, FISMA, State & Federal laws & regulations, etc. Legal Issues E-Discovery & Litigation holds Subpoenas & National Security Letters Internal Investigations

28 Protecting Users Increase in compromised UH usernames Used to send spam/phish Increase because: Responding to PHISHES! Weak passwords Using unsecured computers and/or networks

29 Other Unsafe Behaviors Respond to “phishes” Do not update operating systems and applications on a routine basis Do not use or update anti-virus/anti-spyware software Visit unsafe websites Share accounts/passwords Use unsecured wi-fi for sensitive transactions

30 Firesheep http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing- app-lets-you-hack-into-twitter-facebook-accounts-easily/

31 2011 Threat Forecast http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf

32 Thank You! Questions? jodi@hawaii.edu (808) 956-2400

Download ppt "Top IT Threats Facing UH Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services X."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Information Security Awareness Training

Information Security Awareness Training
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
2010: Top Security Challenges & ITS Security Projects Update Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services

2010: Top Security Challenges & ITS Security Projects Update Jodi Ito Information Security Officer VP IT & CIO Office Information Technology Services

Similar presentations

Ads by Google