Presentation is loading. Please wait.

Presentation is loading. Please wait.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

Published byImogene Joseph Modified over 8 years ago

Similar presentations

Presentation on theme: "OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015."— Presentation transcript:

1 OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015

2 Security realities and trends Higher Ed = Target Rich Environment “BYOD / IOE” Evolving threat landscape – i.e. ransomware Encryption becomes the standard Attack surfaces/exploits for mobile devices are on the rise Cyber-Espionage continues trending up Weak (and reused) Passwords Networks and users lack the basics

3 Our Goals Ensure a safe and secure online environment for OU Be operationally relevant and enable the business Provide excellent customer service Lead a collaborative and innovative OU information security community Partner to educate and raise security awareness across the University

4 Background Our Team –12 full time + 1 student Multiple vacancies posted on jobs.ou.edu –Two Teams IT Risk, Compliance & Awareness Information Security Operations About Me –10+ years in information security 7+ at the National Security Agency / 3+ at the US Naval Academy’s non-profits Everything from high level strategy development to program management for crypto certification/security engineering to running an operational network and hands on with all security capabilities –US Naval Academy / Johns Hopkins University grad –Navy NFO stationed at Tinker AFB from 2000-2004 –Started at OU in Nov 2014

5 IT Risk, Compliance, & Awareness IT Risk & Architecture –Performs risk assessments in coordination with the IS Operations Team –Recommends security technologies for use within the OU IT enterprise –Supports the remediation of risk/vulnerability findings within OU IT networks Compliance (PCI, HIPAA, FERPA, etc) –Leads PCI (and other standards) risk assessments for Norman and OU IT architectures as required Security Training and Awareness –Develops and execute an ongoing campus-wide training and awareness program for various groups of stakeholders (online & offline) –Internal / External facing online presence for security IT Security Policy –Maintains policy repository (online) –Develops draft policy as required –Represents Norman in security policy development, discussion, adjudication at the working level

6 Information Security Operations OU Computer Security Incident Response Team (CSIRT) –Maintains a common operational security picture via an establish network security monitoring infrastructure for the Norman campus and Norman data/assets within S2 -> evolves into OU CSIRT –Responds to security incidents as appropriate –Makes recommendations to forensics for additional investigation when appropriate Forensics –Conducts forensic investigations as requested –Maintains the Computer Forensics Lab (CFL) Vulnerability Analysis –Conducts network vulnerability analysis (blue team/red team) as required/requested for OU IT –Develops a standard tool suite for vulnerability analysis and penetration testing –Assists with compliance assessments (technical, PCI scans, etc) Security Engineering –Identifies, assesses, and implements tools and security capabilities for integration into the OU IT network architecture –Assists with the technical remediation of findings from risk/vulnerability assessments

7 Stop. Think. Connect. Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems Think: Take a moment to be certain the path ahead is clear. Watch for the warning signs and consider how your actions online could impact your safety, or your family’s. Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer

8 Tips & Advice Keep a Clean Machine Protect Your Personal Information Connect with Care Be Wise Web Be a Good Online Citizen

9 Keep a Clean Machine Keep security software current Automate software updates Protect all devices that connect to the Internet Plug & scan

10 Protect Your Personal Information Secure your accounts (2-factor) Make passwords long and strong Unique account, unique password Write it down and keep it safe Own your online presence Mobile – Use a strong passcode to lock your phone Mobile – Think before you app Mobile – Online give your mobile number out to people you know and trust Mobile – Learn how to disable the geo-tagging feature on your phone –http://icanstalku.com/how.php#disable

11 Connect with Care When in doubt, throw it out Get savvy about Wi-Fi hotspots Protect your $$ Mobile – When it doubt, don’t respond

12 Be Web Wise Stay current. Keep pace with new ways to stay safe online Think before you act Back it up Mobile - Know how to cell block others

13 Be a Good Online Citizen Safer for me more secure for all Post only about others as you have them post about you Help authorities fight cyber crime –www.ic3.gov (Internet Crime Complaint Center)www.ic3.gov

14 Questions? Ken Kurz, Director, Information Security & Risk Management –kkurz@ou.edukkurz@ou.edu –405-325-6441 Incidents / Security Questions –security@ou.edu / csirt@ou.edusecurity@ou.educsirt@ou.edu –CSIRT Hotline – 405-325-7258 Online Resources –www.stopthinkconnect.orgwww.stopthinkconnect.org –https://www.us-cert.gov/https://www.us-cert.gov/ –http://www.sans.org/tip_of_the_day.phphttp://www.sans.org/tip_of_the_day.php

Download ppt "OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015."

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP 2012 1.

Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP
1 5 steps to enjoying a safer internet experience SID 2013 presentation for adults who work/volunteer with children, young people and vulnerable adults.

1 5 steps to enjoying a safer internet experience SID 2013 presentation for adults who work/volunteer with children, young people and vulnerable adults.
Information Security Awareness Training

Information Security Awareness Training
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
September 9, 2009 Michael W. McKeehan Executive Director, Internet & Technology Policy Online Safety: Protecting Consumers.

September 9, 2009 Michael W. McKeehan Executive Director, Internet & Technology Policy Online Safety: Protecting Consumers.
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

Similar presentations

Ads by Google