Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Services. Overview  Administrative Systems Security  Legislative Requirements  SUNet Security  Individual Security Awareness.

Published byMolly Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Services. Overview  Administrative Systems Security  Legislative Requirements  SUNet Security  Individual Security Awareness."— Presentation transcript:

1 Information Security Services

2 Overview  Administrative Systems Security  Legislative Requirements  SUNet Security  Individual Security Awareness  What’s Next

3 Improve Administrative Systems Security  Joined the project and support teams  Delphi, Peoplesoft  System administration  Security reviews  Peoplesoft, Delphi, Authority Manager, WebAuth, VOIP, MyApps, Workflow, TMIS, Apply Yourself, CashNet, etc.  Designed multi-tier firewall architecture  Emphasizing industry best practices Improve Administrative Systems Security

4 Categories of Data Criteria: Use these criteria to determine which data category is appropriate for a particular information or infrastructure system. A positive response to the highest category in any row is sufficient to place that system into that Category. Category A (highest, most sensitive) Category B (moderate level of sensitivity) Category C (very low, but still some sensitivity) Legal requirements Protection of data is required by law (see attached list for specific HIPAA and FERPA data elements) Stanford has a contractual obligation to protect the data Reputation risk High MediumLow Other Institutional Risks Information which provides access to resources, physical or virtual Smaller subsets of Category A data from a school, large part of a school, department Data about very few people or other sensitive data assets Examples  Medical  Students  Prospective Students  Personnel  Donor or prospect  Financial  Contracts  Physical plant detail  Credit Card numbers  Certain management information  Information resources with access to Category-A data  Research detail or results that are not Category-A  Library transactions (e.g., catalog, circulation, acquisitions)  Financial transactions which do not include Category-A data (e.g., telephone billing)  Very small subsets of Category A data Improve Administrative Systems Security

5 Firewall Architecture (c onceptual) Improve Administrative Systems Security

6 Legislation: Support Issues  FERPA  Protect private student information  HIPAA  Protect personal health information (PHI)  GLBA  Protect “banking” transaction information  SEVIS  Provide foreign student information  DMCA  Protect copyrighted information  California Law  May not use SSN as identifier  Must disclose compromise of private information Improve Administrative Systems Security

7 SUNet Security  Filter high-risk traffic at the border  Support distributed firewalls  Vaden  Controller’s Office  Sample all five Internet feeds  2.2 Gb/sec  Maintaining 5GB day logs x 8 weeks for forensic purposes  Previously sampling only two feeds  Constraining traffic to 200Mb/sec Improve Overall SUNet Security

8 SUNet Security, cont.  Scan Entire Network  Looking for vulnerabilities only  Started in residences with ResComp  Of 4,000 machines, found 300 vulnerable  All 300 repaired before break-ins  Continuing to re-scan periodically  Scanning all other network segments  Working with local support groups Improve Overall SUNet Security

9 Significant Security Payoff Improve Overall SUNet Security

10 Campus-Wide Security Leaders Group  Sub-group on Policy Development  Improvements to Admin Guide  Additional practices and procedures  Subgroup on Security Awareness  Create a security awareness and education program Improve Individual Security Awareness

11 Awareness Campaign  Launched on April 7  Postcards sent to every employee  Web site ready  Self-check security tool  Enter a drawing  Student focus in Fall  Approaching Stanford  Packets on beds  Residence hall contest  Ongoing activities  Stanford 101  Communicating with returning students  Technical security training  Continuing to expand web site Improve Individual Security Awareness

12 Other Awareness Activities  Security Alerts  Highly focused alerts  Stanford focused  Email alerts to broad distribution list  Posted to web site  Presentations  Meet with groups to continue to educate Improve Individual Security Awareness

13 Other Activities  Incident response  Continue to aim at reducing incidents  Work with various Stanford Offices  Office of General Counsel  Internal Audit  Privacy Officer  Judicial Affairs  Residential Deans  ResComp  Med School, Hospital, and other security groups at Stanford  Participating at the industry and national levels  EDUCAUSE/Internet 2 Security Task Force  USENIX  SANS  Networld + Interop

14 Beyond Today  Continue to improve Stanford security  Reach steady-state for administrative applications  Improve network security  Improve individual security  Additional services  Provide deeper and broader security training  Work with faculty  Better protection for intellectual capital  Work with Networking  Offer more and better security options through network architecture improvements What’s Next

Download ppt "Information Security Services. Overview  Administrative Systems Security  Legislative Requirements  SUNet Security  Individual Security Awareness."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.

Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Information System Security Engineering and Management

Information System Security Engineering and Management
Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

Data Security Overview ORSP Staff AT Desktop Service Team November 18th, 2014.

Similar presentations

Ads by Google