Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

HIPAA Security.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
SECURITY CHECK Protecting Your System and Yourself Source:
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
For further information computersecurity.wlu.ca
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
TAX-AIDE Computer Security Chris Hughes (HMR mod) Chairman NTC 1 NLT Meeting Aug 2014.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
New Data Regulation Law 201 CMR TJX Video.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Data Security GCSE ICT.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Securing Information in the Higher Education Office.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Staying Safe Online Keep your Information Secure.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
Slide 1 Tomorrow’s Technology and You Chapter 10 Computer Security.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Identity Theft What is Identity Theft?  Identity theft is a serious crime. Identity theft happens when someone uses information about you without your.
THE CVR NETWORK. The CVR Local Area Network (LAN)  The purpose of the network is to enhance productivity, provide users with access to resources, and.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Cost of Ownership of a PC Acknowledgements to Euan Wilson (Staffordshire University)
SPH Information Security Update September 10, 2010.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Computer Security By Duncan Hall.
Society & Computers PowerPoint
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Computer Security Sample security policy Dr Alexei Vernitski.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Identity Theft: Protect Yourself Ronald J. Leach.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
Primary/secondary data sources Health and safety Security of Data Data Protection Act.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Information Technology Overview Welcome to NC State!
Security Awareness: Asking the Right Questions to Protect Information
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
To Join the Teleconference
Columbus State University
Introduction to the PACS Security
Identity Theft Samuel H. Slater.
Presentation transcript:

desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006

desktop 2 Agenda issues (real) issues (per vendors) extra.edu issues throw policy technical?

desktop 3 Issues: Software & Vendors Bellovin - buggy software a key problem e.g., 40 M lines of code in Windows slooooow fixes patches on a schedule - bugs not follow a schedule

desktop 4 Issues: ID Theft ID theft: ability to assume someone’s identity not just steal credit card # & exp date primary reason we try to protect SSNs 246K ID theft reports to FTC in 2004 actual count may be as high as 9M ($52B losses) can take years to repair

desktop 5 Issues: Crustacean Security installing firewalls can install complacency users assume they are protected but open to everyone inside the wall only real security is host-based but firewalls help and are required by many regulations firewalls/filters should be put as close to server being protected as possible in addition to perimeter firewalls

desktop 6 Issues: Portable Data data migrates to individual user’s computers desktops, laptops, handhelds... little encryption on these machines stolen or improperly decommissioned machines (& disk drives) can contain important data many examples in news - machine lies to user can be issue if machine shared with employee’s family

desktop 7 Biggest Issue: People are Human people don’t think of consensuses: e.g., sharing passwords grant process that requires tax returns data on laptops - no encryption, no password- protected screensaver leaving report on desk at night report to co-worker or vendor hard to know what to protect... corollary: security gets in the way

desktop 8 Foisted Answers 1-2 calls from telemarketers per month usually a script kiddie always “best in industry” &/or “protect against ALL malware” control data flow and access ensure patch level protect corporate secrets comply with {SOX, HIPAA, GLB...} protect against ‘bad’ content in , surfing etc some may be real problems in.edu

desktop 9 Vendor Assumptions Ghengis Khan is in charge of network the WHOLE network & ALL computers all computers controlled by enterprise its all Windows users do not have admin access single control point clear understanding of sensitive information someone to watch a screen many someones to configure system

desktop 10.edu Reality many networks many network managers with local semi-power whole lotta owners not just Windows agent requirement hard (if possible) no clue about sensitive information people are expensive faculty do not answer to anyone

desktop 11.edu Risks central IT groups generally know what they are doing risk areas local graduate-student run research labs student-owned machines researchers (e.g., getting SSNs from subjects) data exchange with vendors...

desktop 12 Throwing Policy active policy development process university-wide mandates local implementations on web site -{security|privacy}.harvard.edu policies info on regulations, processes etc contract riders internal auditors enforce policy

desktop 13 Some Policies passwords network/system setup checkers, IDS etc no Harvard confidential data on portable computers(including vendors) human subject data credit card security processes & reporting...

desktop 14 What Are We Doing? administration computers per school standard disk image includes virus checkers etc central admin adding whole-disk encryption advise other schools to do same other computers undergraduate software package includes checker etc state best practices low cost checker software at university store

desktop 15 What Are We Doing, contd. finding problems watch net with SNORT & home brew packages mousetrap machines that trigger

desktop 16 Biggest Problem internal communication lots of talks mail (e- & paper) to VPs etc newspapers web site on-line training but still too few people know policies nor do they know where the Personnel Manual is

desktop 17 Example: WWHW

desktop 18 Can Technology Work? can a research.edu use technical protection systems beyond virus checkers etc sure for the business part(s) of the university for places that have a network czar with power for places that have few researchers but confidential data seems to have legs and shows up where you least expect it

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.