Information Security in Laurier Grant Li Wilfrid Laurier University.

Slides:



Advertisements
Similar presentations
Information Technology Awareness Wayne Donald IT Security Officer.
Advertisements

Program Management Office (PMO) Design
SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,
SL21 Information Security Board Mission, Goals and Guiding Principles.
David A. Brown Chief Information Security Officer State of Ohio
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Payment Card Industry (PCI) Data Security Standard
Session 3 – Information Security Policies
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
A First Course in Information Security
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Marketing of Information Security Products. The business case for Information Security Management.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Information Systems Security Computer System Life Cycle Security.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 6 of the Executive Guide manual Technology.
Microsoft Security Development Lifecycle
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.
Small Business Security Keith Slagle April 24, 2007.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Security Awareness – Essential Part of Security Management Ilze Murane.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
Incident Response Christian Seifert IMT st October 2007.
Implementing a Security Policy JISC – ICT Security Threats & Promises, April 2002 Mick Ismail ICT Services Manager City of Wolverhampton College.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Law Firm Data Security: What In-house Counsel Need to Know
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Security Standard: “reasonable security”
Team 2 – understand vulnerabilities
Compliance with hardening standards
Joe, Larry, Josh, Susan, Mary, & Ken
Information Security Board
I have many checklists: how do I get started with cyber security?
Office 365 Security Assessment Workshop
Cyber Security in a Risk Management Framework
DSC Contract Management Committee Meeting
DSC Contract Management Committee Meeting
Anatomy of a Common Cyber Attack
Presentation transcript:

Information Security in Laurier Grant Li Wilfrid Laurier University

Agenda Challenges Incidents Approach

Challenges Constant penetration probes Various computer literate level users Academic freedom respect Limited resources Challenges Incidents Approach

Incidents Zero-day malware Phishing, spam In house software develop security Non hardened servers Challenges Incidents Approach

Challenges Incidents Approach Information Security Program Governance Technical Security Measures Training & Awareness Metrics SPIRIT Operations

Governance Goals:  Make information security a priority for Laurier (budget, resources).  Establish and manage an information security program.  Ensure information security is built into project management and software development practices. Current Status:  Information Security Policy approved and published. Information Security Policy  ICT Guidelines on Information Security posted on the web. ICT Guidelines on Information Security  Engaged Deloitte to conduct an assessment against the ISO27002 standard – addressing the findings. Next Steps:  Report on information security status (metrics, latest news, etc.) to senior management.  Develop Information Security documents according to ISO27002 framework.

Technical Security Measures Goals:  Ensure the Laurier community is protected against unauthorised access and damage from external agents.  Review and update on a regular basis. Current Status:  We have good virus, malware and threat detection systems at all layers in the computing value chain.  We update the systems constantly.  We reviewed current systems. Next Steps  Plan for update where needed.  Network segmentation.

Training and Awareness Goals:  Ensure the Laurier community keeps information security top of mind.  Provide the tools and training to keep individuals and departments safe. Current Status:  Have created a plan to provide training to everyone across the university.  Updated computersecurity.wlu.ca web page.computersecurity.wlu.ca  Monthly newsletters are distributed.  Conducted security awareness sessions in some departments. Next Steps:  Plan white phishing.

Metrics Goals:  Create a useful suite of metrics to track and report on our information security performance. Current Status:  We are reporting on:  # and type of information security incidents per month.  # security notes (potential warnings) from our external partners per month.  Vulnerability management report. Next Steps  ISO self assessment.

SPIRIT Security & Privacy Incident Response & Investigation Team Goals:  Implement a program to respond efficiently and effectively when a breach does occur. Current Status:  We saw and addressed small incidents.  Reviewed process and procedure written for the university scale incidents. Next Steps  Establish and train the team.  Conduct a Table Top and a full “War Game” exercise.

Operations Goals:  Continuously monitor and report on our information security status. Current Status:  We have good connections with Canada’s Cyber Command Centre, REN-ISAC, and security systems vendors.  Implemented TripWire to monitor and report access to critical systems.  Banner Security project kicked off.  Shopped around SIEM. Next Steps:  Identify and implement SIEM.

Questions? Grant Li (519) ext.2797 Fax: (519)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.