Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore.

Published byClarissa Janel Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore."— Presentation transcript:

1 1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore County (UMBC)

2 222 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Achieving Nirvana - The Six Stages of Security A recent EDUCAUSE ECAR research bulletin - High Stakes for Optimal IT Security Staffing, cited Glenn Fourie’s Stages of Institutional Security Awareness Level 1 - Ignorance Level 2 - Awareness Level 3 - Vulnerability Level 4 - Intrusion Detection Level 5 - Forensics Level 6 - Practically Secure

3 333 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 1 -- Ignorance Blissfully ignorant of security issues. Common thoughts heard in this stage: There has never been an issue an my institution and we don’t need to worry about this. Security is something the IT people came up with to make us spend money -- just like that Y2K stuff We are too small for anyone to bother us

4 444 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 2 - Awareness Some event highlights institutional vulnerability. Common reasons in this stage: Hello this is the Chronicle of Higher Ed -- I’d like to discuss the recent release of Student ID’s on the web. The institutional web site is defaced with some pornographic picture. RIAA or MPAA brings a lawsuit against one of your students. A poor audit triggers questions from the trustees.

5 555 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 3 - Vulnerability Institution is still in a “reactive” mode. As you begin to take action the institution begins to grasp the extent of the problem. Common issues that arise in this level There are no policies to dictate what can or can’t be done. Security is weak throughout and there is no one the CIO can turn too and say “fix this”. Hiring someone to lead security becomes a priority Campuses begin to develop plans and budgets to “address the issue” Vulnerability can last many years!

6 666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 4 - Intrusion Detection Institutions begin to be “proactive” in addressing the problem. Common elements in this stage are: There is a person leading the security team. Campuses redesign their network and information services with security in mind. Policies and procedures are created to augment technology Campus considers IT security to be a requirement for new services Campuses start a security and awareness campaign

7 777 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 5 - Forensics The campus has developed a deep understanding of its IT infrastructure. Forensics provides a feedback loop to augment and adapt your security infrastructure -- people, policies, and technology. Real-time network security monitoring systems are introduced The network has been architected to support “defense in depth” Widely deployed host-based firewalls/IDS are deployed to protect systems Operating system patching is automated

8 888 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 6 - Practically Secure The institution is secure for current threats and has the adaptability to address new threats as they arise. No institution has reached this stage so there are no examples!

9 999 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID UMBC -- Where Are We We are in entering Level 4. We are focusing on technology and policy to make us “Proactive” We are spending 1.5 million to redesign our network and LAN architecture to support security AND performance We are revamping policies and procedures to address security and augment what we can’t do with technology We have a major program on security awareness under way based on “protecting yourself from Identity Theft” We are working with our academic units to connect security into our curriculum in CSEE and IS

10 10 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID EDUCAUSE/Internet2 Security Task Force Our goal is to help institutions improve their network and computer security -- regardless of the level they are at today Established in 2000, our goals are: –Education and Awareness –Standards, Policies, and Procedures –Security Architecture and Tools –Organization, Information Sharing, and Incident Response Our focus has been to engage government, corporations, and other higher education organizations in promoting security.

11 11 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Current Security Task Force Initiatives Education and Awareness Initiative Annual Security Professionals Workshop Legal Issues and Institutional Policies Risk Assessment Method and Tools Effective Security Practices Guide Research and Development Initiatives Vendor Engagement and Partnerships Research and Educational Networking Information Sharing & Analysis Center

Download ppt "1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore."

Similar presentations

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.

Creating Executive Awareness about Information Security Joy Hughes, VP, George Mason Univ. Jack Suess, VP, UMBC EDUCAUSE.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Www.umbc.edu EDUCAUSE/Internet2 Computer and Network Security Task Force Update www.educause.edu/security Jack Suess February 3, 2004.

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.
What Every CBO Should Know About IT Security Robert Clark Director of Internal Auditing Georgia Institute of Technology Jack Suess VP of Information Technology.

What Every CBO Should Know About IT Security Robert Clark Director of Internal Auditing Georgia Institute of Technology Jack Suess VP of Information Technology.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Similar presentations

Ads by Google