1. IT Retreat 2009 IT Security Controls and Initiatives

2. 2 IT Retreat 2009 Agenda Intentional IT Security Culture –Awareness, Education, and Training –Attitudes and Perceptions –Behavior and Actions IT Security Initiatives –Mandatory Security Training and Awareness –Remote Access Security Controls –Mobile Device Security Controls –Worksite Security Controls Summary –Changing Attitudes and Behavior –Successfully implementing Initiatives and Controls –Everlasting Change

3. 3 Intentional Security Culture Justifying and Informing –Awareness of Threats and Risks Link Link –On-going Education and Training Shaping Attitudes and Perspectives –Changing perceptions around security as obstacles and onerous Influencing Behavior and Actions –Secure practices

4. 4 Security Initiatives Mandatory Training and Awareness –Prerequisite to activating CCID for all faculty/staff/student/affiliates –Online and available at the user’s discretion –Succinct and Focussed on Critical and Key Security Items

5. 5 Security Initiatives Remote Access Security Controls –U of A Standard Build Machines Only –Strong Authentication when accessing sensitive data –No local saving, caching, or printing

6. 6 Security Initiatives Mobile Device Security –Encryption –Rules specifying network drives as the default and standard for storage –No local storage – especially of sensitive data –Password PDA’s –“Remote Kill”

7. 7 Security Initiatives Worksite Security –Visible Photo ID required in staff only areas –Clear Desktop and Clear Screen Policy –Files and hard copy materials must be physically secured –Cable locks and locking cabinets for laptops –Secure Fax

8. 8 Summary Changing Attitudes and Behaviors Successfully Implemented Initiatives Everlasting Change

9. Ongoing Breaches 2005 - $89K avg cost to comp from a single laptop theft. (2005 FBI/CSI Comp Crime Survey) LINK