Presentation is loading. Please wait.

Presentation is loading. Please wait.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Published byLaura McBride Modified over 8 years ago

Similar presentations

Presentation on theme: "CU – Boulder Security Incidents Jon Giltner. Our Challenge."— Presentation transcript:

1 CU – Boulder Security Incidents Jon Giltner

2 Our Challenge

3 What do we face… The campus computing environment: –~ 20,000 PC-class systems –~ 6,000 Server-acting systems –~ 40,000 accounts Like most universities the campus is highly decentralized

4 What do we face, part 2… We’re responding to about 50 incidents per week: 42% network worms 18% “Root kits” 18% SPAM bots 15% copyright 7% email worm Few involve protected data

5 High Visibility Incidents October 2004 - Continuing Education: CCs and PII July 2005 (all PII) –Wardenberg Health Center –College of Architecture and Planning –Department of Housing including ID Card –Office of the Registrar

6 Invoke Incident Response Process Formal documented process established in 2004 “Requires” notification and involvement of central IT CERIAS Incident Response Database –Center for Education and Research for Information Assurance and Security IRDB https://cirdb.cerias.purdue.edu/website/ https://cirdb.cerias.purdue.edu/website/ –Web Based tool for managing security incidents –Supports email, contact management, role- based access and multi-level access to hierarchical domains of confidentiality.

7 Data Breach Response Team Team is formed if incident involves potential breach of sensitive data Mandate independent forensics –Credit card companies mandate the firms you can use. The team’s primary role is to handle communications: –Notification to affected individuals via US postal mail using best last known address –Notification to affected individuals via email when email addresses are available –Press release –Web content –Follow-up communications with press –Establish and man hot-line for notified individuals (department responsibility)

8 Data Breach Response Team Who is involved: –Legal Counsel –Department head for the compromised department –IT Security Coordinator –Technical lead for the compromised department –Campus Police –University Communications –University Privacy Officer –University Officer with oversight for the compromised department –Treasure's office if compromise involves credit cards

9 Vulnerabilities Windows patches Oracle updates Third-party software, i.e., Veritas back- up software Stale databases

10 Culpability (Discussion) Application and system administration within departments? Controls at network layer? Vendor software? Existence and/or enforcement of well communicated policies regarding data management?

11 Questions: Have we over responded to these specific incidents? –(Not according to established IR process) Has CU-Boulder been victimized more than others, or have we just acknowledged it more publicly?

12 Negative Impacts: PII potentially spilled –(ultimate perception is that it has) University reputation Target squarely on our backs – “script kiddies, look there”

13 Positive Impacts Real-time honing of our Incident Response System Security initiatives getting executive attention Gotten attention of local system admins and their dept. heads Proposed sweeping changes

14 Scoping the Challenge Ahead Must meet academic, research and administrative needs Multi-layered Approach –Host administration –Network access must be earned –Awareness & Education –Frequent Risk Assessments Compounding 70% solutions!

15 The Passel of Solutions 1. Private IP addresses for desktop-class systems 2. Require Host-based Intrusion Detection Software 3. Risk Assessments performed by 3 rd party 4. Further Restrict Inbound Internet Traffic 5. Server Registration

Download ppt "CU – Boulder Security Incidents Jon Giltner. Our Challenge."

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Network security policy: best practices

Network security policy: best practices
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google