Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security in Higher Education Today Current Threats

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security in Higher Education Today Current Threats"— Presentation transcript:

1 Lewis Watkins,CISO lwatkins@utsystem.edu
Information Security in Higher Education Today Current Threats Higher Ed. Challenges Solutions and Best Practices Lewis Watkins,CISO 1

2 The Good News and Bad News
Some Facts from the U. S. Secret Service and Verizon 2010 Breach Report 98% of exposed data came from servers. Make sure servers are professionally managed. 85% of attacks were not complex. 96% of breaches were avoidable using simple controls. Security requires operational excellence! 61% were discovered by a third party. 86% of breached organizations had evidence in their log files. Organizations have inadequate monitoring. 2

3 Current Threats The future is already here – it's just not very evenly distributed. William Gibson 3

4 Gartner 2006 Prediction 4

5 Today’s Threats! Attacks come 24/7 from anywhere in the world.
Unprotected computers are 100% assured of being compromised. Attacks are much more sophisticated than just a year ago, and the motives are much more sinister. Most owners of compromised computers have no knowledge that they have a problem. Primary attackers of concern: Organized, professional crime organizations Nation States Quasi-political/terrorist organizations 5

6 Most Common Exposures within the UT System
Lost/Stolen Computers (that aren’t encrypted) Paper Documents (old documents) Business Partners (mistakes, contract violations, employees) Insecure Applications (Its not the network) Breached Electronic Files (Forgotten files) Employee Errors Employee Misconduct 6

7 “Oh Toto, I don’t think we are in Kansas anymore!”
State of Virginia medical data held for ransom San Francisco network held hostage Slacker harms University of Utah by PHI exposure Stuxnet – worm targets Iran nuclear program “Here you Have” virus (zero day) UNC Professor fighting termination because of exposure of 100,000 patient records Drive-by malware – mostly unseen Bots, Bots, Bots – Attacking others 7

8 Higher Ed. Challenges 8

9 Five Challenges of Higher Education Security
The Complexity Problem: Universities are very complex. Information Security is complex. Security touches every operational aspect of the university. The Scope Problem: Risks span the entire organization – and beyond. The Quality Problem: Small errors can result in large security vulnerabilities that result in breaches. 9

10 The Location Problem We place data everywhere now…. USB Drives
iPhone / Blackberry / Android / Smart Phones Netbooks / Laptops / Desktops/iPads Departmental Servers Central IT Servers Virtual Servers Consolidated Data Centers / Shared Services Outsourcers / Business Partners The “Cloud” Private Clouds / Public Clouds / Unsanctioned Clouds Other: Embedded Systems / Auto Systems (Nav & GPS) 10

11 Compliance Obligations
Information Security Compliance includes these and other regulations, FERPA 1974 PCI-DSS 2004 HIPAA 1996 Including…. - TX Bus. & Com. Code Ch. 521 E-Discovery Red Flag Business Associate Agreements TAC 202 1994 GLB 1999 HITECH FISMA 2002 11

12 Worker Economic Stress
Fewer Workers to perform needed tasks. Workers working under greater stress and fear. 12

13 Solutions and Best Practices
13

14 There are Solutions! Make sure Data Owners are trained and engaged.
Take Inventory (as part of risk assessment process) Devices on your network Applications Data stores Eliminate Unnecessary Data. Make sure your security personnel have visibility into the environment. Make sure your Information Security Officer has access to Executive management. 14

15 Cloud Computing Unmanaged cloud computing poses risk to University data. Well managed cloud computing holds promise of improved information security. 15

16 Implement and Track Best Practice Strategies
16

17 Questions? Lewis Watkins, CISSP Chief Information Security Officer (512) 17

Download ppt "Information Security in Higher Education Today Current Threats"

Similar presentations

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.
Security for Mobile Devices

Security for Mobile Devices
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.
4 Information Security.

4 Information Security.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Similar presentations

Ads by Google