1. 1 Information Technology Security Services at The University of Michigan Paul Howell Chief Information Technology Security Officer

2. 2 ITSS Overview Service offerings Security council Initial activities Questions

3. 3 ITSS Offerings Reactive ServicesProactive ServicesSecurity Quality Management Services Alerts and Warnings Incident Handling Incident Handling – Incident analysis – Incident response on site – Incident response support – Incident response coordinationIncident analysisIncident response on siteIncident response supportIncident response coordination Vulnerability Handling Vulnerability Handling – Vulnerability analysis – Vulnerability response – Vulnerability response coordinationVulnerability analysisVulnerability response coordination Artifact Handling Artifact Handling – Artifact analysis – Artifact response – Artifact response coordinationArtifact analysisArtifact response coordination Announcements Technology Watch Security Audits or Assessments Configuration and Maintenance of Security Tools, Applications, and Infrastructures Development of Security Tools Intrusion Detection Services Security-Related Information Dissemination Risk Analysis Security Consulting Awareness Building Education/Training Product Evaluation or Certification

4. 4 Security Council Cross University membership consisting of a few Deans, business owners, UMHS, and several faculty. Makes policy recommendations to Provost, CFO, and EVP for Medial Affairs. Dialog & sane decisions around risk management. Provides general direction for ITSS.

5. 5 Initial Activities Planning for –Staff sharing / training (discussed later) –Incident response –Security assessments Hiring for several security positions. Join FIRST. Prompt reporting of all computer security incidents.

6. 6 Initial Activities – cont. Establish an Incident Response Oversight Team. Vulnerability scans of all wired & Wi-Fi campus networks. ITSS Web site. Dark IP space for identifying scanning and other activity.

7. 7 Initial Activities – cont. NetFlow collection / processing at all UM- Internet interconnects. Document and maintain network contacts for all wired & Wi-Fi networks. Tools and procedures to locate a Wi-Fi computer / AP.

8. 8 Staff Sharing Program Goals Scale security skills within the existing workforce Medium level of competency Training done over a 4 to 6 month period, consisting of a combination of self-paced, lecture & lab, and on-the-job Pre-testing and post-testing measure progress New security job title and compensation, fraction determined by local needs Periodic rotation through ITSS for 4 to 6 months at half-time for on-going skills updating