Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College
Contents The college ICT Facilities Security issues How do we address them?
The College City College 18,000 Learners 950 Staff 18 Academic schools 3 Main Campuses Community & External Sites
ICT Facilities Network 10/100/1000 –1,600 workstations –45 Servers –9,000+ student accounts –800 Staff accounts –3 Major sites –9 External sites
ICT Facilities - 2 – All network members –Staff –Students Internet Access – All networked computers –2 High speed connections –1 dedicated connection –Unfiltered & logged/Monitored access
ICT Facilities - 3 Intranet systems –Secure and differentiated access –Staff related facilities –Student related facilities –Common areas College Web Site –Over 305,000 monthly hits (Jan. 2002)
ICT Facilities - 4 Drop-in and open access areas –LR Centres –UK OnLine & Community Centres –Cyber Cafés Intranet Publishing IT/ICT/ILT consultancy IT Systems development & investigation User Support Staff development Student Induction Video conferencing
Security issues External attacks Internal abuse Data Loss Internet Misuse User awareness
How do we address them? Prevention –Firewalls and proxies –Virus protection –User accountability –Intelligent systems –Avoid temptation –No 9x –Standard settings and controlled installations –User Education
How do we address them?(2) Monitoring –All things technical+ –Internet usage –Storage space
How do we address them(3)? Backup & disaster recovery –Roaming profiles & Network drives –Use the geographic dis/advantage –Cross site backup –Replication of service –Standard hardware platforms
Rules & Enforcement Acceptable use - a college policy Clear penalties Support