Download presentation
Presentation is loading. Please wait.
Published byNorman Lyons Modified over 8 years ago
1
Results from the CIFAC Project and What They Mean to You Virginia E. Rezmierski Daniel M. Rothschild April 4, 2005 Washington, DC
2
Advisory Board Mark S. Bruhn, B.S., CISSP Indiana University Shawn A. Butler, Ph.D. Carnegie Mellon University Robert Clark, Jr., B.A., CIA, CBM Georgia Tech Tracy Mitrano, Ph.D., J.D. Cornell University Rodney Petersen, J.D., Ph.D. EDUCAUSE E. Eugene Schultz, Ph.D. Lawrence Berkeley Nat’l Laboratory Barbara Simons, Ph.D. Association for Computing Machinery Eugene H. Spafford, Ph.D. Purdue University CERIAS John J. Suess, M.S. University of Maryland – Baltimore County D. Frank Vinik, J.D. United Educators
3
Participating Colleges and Universities PublicPrivate Large (≥10,000) San Jose State University UC Berkeley University of Illinois - Chicago SUNY Binghamton University of Massachusetts - Amherst UMD College Park Georgia Tech Georgia State University of Texas at San Antonio University of Texas at Austin Michigan State University Stanford University University of Chicago Northwestern University Cornell University Syracuse University Boston University MIT Georgetown University Emory University Small & Medium (<10,000) California State University - Monterrey Bay University of Massachusetts - Boston University of Maryland - Baltimore County University of Michigan - Flint University of Michigan - Dearborn Saginaw Valley State University Santa Clara University Loyola University of Chicago Lake Forest College LeMoyne College Hampshire College American University Southwestern University Findlay University Cleary University Concordia University (MI)
5
Incident definition An incident is an event that utilizes or exploits information technology resources or security flaws therein, either by accident or by design and through malice or otherwise, that causes, directly or indirectly, one or more of the following occurrences: Compromise of proprietary, confidential, or protected data, System disruption which impedes user(s)’ access to data or other IT resources, Violates IT use policies set out and made known by the administrator(s) of the IT systems in question, Violates norms commonly accepted within the community of system user(s) for use of IT resources, Attempting or conspiring engage or represent oneself or another to be engaged in any aforementioned behavior.
6
Incident Descriptives
7
Incident Focus
8
Incident Seriousness
9
Incident Prevention Access control tools Personnel Training and education Existence of policy
10
Incident Cause and Response Training and education Requirements for use of institutional resources Accidental or careless behavior Malicious or abusive behavior
11
Stimuli to Action Probability of damage to institutional reputation Cost to the department, college, or university Time involved for resolution Number of machines affected Type of machines affected Type and sensitivity of data involved Probability of further access or damage Number of people affected Level, status, or rank of people affected Probability of damage or danger to persons
12
Stimuli to Action Probability of damage to institutional reputation Cost to the department, college, or university Time involved for resolution Number of machines affected Type of machines affected Type and sensitivity of data involved Probability of further access or damage
13
Best Practices: Prevention Technical best practices Strong passwords Configuration Patch/debug Firewall/IDS/IPS/(v)ACL Access control Foundational best practices Education, training, and awareness Policy, procedure, and enforcement
14
Best Practices: Mitigation Technical best practices Access control/blocking Auditing Foundational best practices Decisive, timely action Interdepartmental cooperation and communication Procedures Straightforward communication w. affected parties Education, training, and awareness
15
Best Practices: Manage Technical best practices Foundational best practices Interdepartmental IRT Communication between incident handlers Straightforward communication w. affected parties Quick resolution
16
Thoughts to take away 1. There are a lot of incidents happening 2. Students are a major factor 3. People want to share information 4. Having policies and procedures is vital 5. Education of users and staff is important 6. Quarantining is on the rise
17
Thoughts to take away 7. Automated enforcement tools are on the rise 8. Perceptions of seriousness are role- dependent 9. Interdepartmental IRTs are increasing 10. Risk managers and auditors are missing 11. Campuses are maturing in technology, policy, and procedures
18
The CIFAC Project Gerald R. Ford School of Public Policy The University of Michigan 712 Oakland Avenue Ann Arbor, MI 48104-3021 734.615.9595 p 734.998.6688 f cifac.staff@umich.edu 1Apr05 17:10
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.