Presentation is loading. Please wait.

Presentation is loading. Please wait.

August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and."— Presentation transcript:

1 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and Communications UC Office of the President

2 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Workgroup Universitywide work group created to recommend initiatives to: –reduce number and severity of future security breaches –identify policy and best practices for education, technology

3 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Subgroups 1.more effective handling of security incidents 2.protection of sensitive data on desktops, laptops and portable devices 3.communications/ education 4.leadership / accountability

4 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Final Report Focus on “restricted data” Initiatives identified for: –Leadership - must ensure IT security throughout UC –Management - must ensure the safeguarding of restricted data

5 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Roles and Responsibilities leadership - initiate mandates to campuses individuals – identifies requirements for accountability units – administering data access policies, permissions, enforcement with standards, conducting security audits …

6 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Roles and Responsibilities units – assign responsibility for security programs, maintaining data inventories, setting departmental guidelines, procedures, proper handling of security incidents and implementing remediation

7 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Roles and Responsibilities campus-wide responsibilities –campus guidelines and standards –infrastructure management, such as networks and identity management –data stewardship, protection and management organizations –engage controllers and risk managers

8 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Roles and Responsibilities university-wide responsibilities –manage an insurance-like fund to reduce local liability costs –provide clear guidelines for handling incidents –pilot audit and forensics teams –data risk management program to support campuses

9 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Communication and Education launch system-wide campaign to raise awareness campus urged to send communications to their constituencies create training modules adaptable to campus learning environments

10 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Policy and Compliance Programs revise IS-3 to include –minimum security requirements –standards for allowable use of restricted data –guidelines for security incident handling

11 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Management Initiatives conduct risk assessments –identify all resources that store or transmit restricted data –identify threats and vulnerabilities implement security plan appropriate to the environment

12 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Security Plans outline processes and controls needed to enhance security –identify rights of access to data –implement strategies to protect data –train staff improve security incident procedures

13 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Strategies for Securing Restricted Data encryption must be used –for transit –storage on devices when physical security cannot be provided campuses must implement connectivity standards

14 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Strategies for Securing Restricted Data minimize storing on devices employ network management tools, such as firewalls, IDS system, vulnerability scanning, and VPNs focus on log management strategies employ appropriate authentication and access controls

15 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Strategies for Securing Restricted Data implement and test back up controls ensure robust systems management for applications and systems, such as anti-virus and security patch management, close ports, turn off unused services, operate change monitoring tools operate firewalls at both system and network

16 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Effective Handling of Incidents establish standard incident response procedures conduct appropriate post-security breach investigations recommendations for forensics guidance

17 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Recommendations Leadership: develop systemwide and campus guidelines University-wide –UC-wide communication campaign –Create templates for communications

18 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Recommendations Training: create Web-based training module for general purpose use Security Incidents: establish and communicate guidelines for log management

19 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Recommendations Contract for forensics tools and services Create University-wide security audit and forensics teams Update IS-3

20 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Recommendations Campus security programs –identify responsible party for oversight –develop campus security programs Encryption –promote campus-wide encryption services –select and contract for tools and technologies

21 August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative When will this happen? August - report distributed to Chancellors September - Council of Chancellor’s agenda for discussion and identification of next steps

Download ppt "August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Similar presentations

Ads by Google