Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.

Published byHilko Weiner Modified over 5 years ago

Similar presentations

Presentation on theme: "Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019."— Presentation transcript:

1 Technology Solutions Cybersecurity Report to the KCTCS Board of Regents
March 14, 2019

2 Why this presentation? Association for Governing Boards (AGB) Best Practice Recommend periodic updates to Board Inform board what KCTCS is doing with security/disaster recovery Ensure single individual is ultimately accountable but everyone in the institution plays a supporting role Chief Information Security Officer (CISO – “see-so”) 2 FTE dedicated to security on staff

3 What are Cyberattacks? Data breaches – incident that puts at risk exposure of sensitive data Highest risk (easily monetized data) Student Information System Financial System HR/Payroll Data Warehouse Document imaging (scanned sensitive data)

4 Not all data are created equally
We prioritize/triage the data within systems i.e. directory data less risky than SSN / drivers license number Ensure that systems are secured in “least privileged” manner “The principle in which a subject – whether a user, application, or other entity – should be given the minimum level of rights necessary to do their job”

5 5 Facets of Security Identification
Knowing what to look for and what to protect Protection Implementing protective measures Detection Monitoring for suspicious activity Response Who does what after breach/incident detected Recovery Disaster recovery

6 Where to start? KCTCS policy covers security breaches and actions necessary Much of this mandated by external auditors Basics Firewalls (device that regulates access to network) Patching computing devices, hardware, software Phishing Awareness This is the single most important piece of our strategy

7 Advanced measures Intrusion detection systems Penetration testing
Brute force testing Privileged account management Vetting KCTCS contractual partners Data center evaluations Regulatory compliance (effective controls SSAE-16)

8 Single largest risk? PHISHING
Employee unknowingly giving up their credentials via Phishing Over 164 million malicious s blocked in 2018 Mitigation? Employee training, marketing campaigns Implementing 2-factor authentication with “power users” Something you know (password) & Something you have (i.e. text message to a phone)

9 Goal is recovery within 60 minutes
Some of our systems hosted in the Amazon and Microsoft clouds can recover in seconds

10 Disaster Recovery/Business Continuity
Incremental backups (hot) nightly, full (cold) backups weekly Goal is recovery within 60 minutes Some of our systems hosted in the Amazon and Microsoft clouds can recover in seconds Failover site should be miles from primary data center (Atlanta and Nashville for us) We practice full-scale outage annually

11

Download ppt "Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Controls for Information Security

Controls for Information Security
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
2011-2012 IT Audit Summary Bruce Patrou Chief Information and Technology Officer St. Johns County School District

IT Audit Summary Bruce Patrou Chief Information and Technology Officer St. Johns County School District
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.

User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google