Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Update CTC 18 March 2015 Julianne Tolson.

Published bySpencer Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Update CTC 18 March 2015 Julianne Tolson."— Presentation transcript:

1 Information Security Update CTC 18 March 2015 Julianne Tolson

2 2 What is Information Security? ” Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). ” information Wikipedia: http://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_security

3 3 CSU Information Security Policy It is the collective responsibility of all users to ensure: Confidentiality of information which the CSU must protect from unauthorized access Integrity and availability of information stored on or processed by CSU information systems Compliance with applicable laws, regulations, and CSU/campus policies governing information security and privacy protection ICSUAM http://www.calstate.edu/icsuam/sections/8000/index.shtmlhttp://www.calstate.edu/icsuam/sections/8000/index.shtml

4 4 Information Security Standards ISO 27000,27001,27002,27003 http://en.wikipedia.org/wiki/ISO/IEC_27000 NIST Cyber Security Framework (NIST CSF) http://www.nist.gov/cyberframework/

5 5 How is Information Security Achieved? A strategic partnership between stakeholders that includes: Risk management Controls Access control

6 6 Risk Management / Assessment Establish context Risk assessment Physical / Logical Threats Vulnerabilities Risk mitigation Reduce, retain, avoid, transfer Monitor and control

7 7 Risk Management examples Business continuity planning Offsite back-ups Patching and updates Qualys Vulnerability scans Web application scans Browsercheck (Bus. Ed.)

8 8 Qualys Browsercheck Business Ed. Demo 1.Sign-up 2.Configure 3.Distribute link https://browsercheck.qualys.com/?uid=e60a1eceb95f467c8d725858c5595b88 4.Monitor Users will be prompted to take action when vulnerabilities are detected https://www.qualys.com/forms/browsercheck-business-edition/

9 9 Controls Administrative: policies and procedures, background checks, FERPA, PCI, HIPAA Logical: intrusion detection, firewalls, encryption, principle of least privilege Physical: environment, separation of duties

10 10 Controls examples Responsible use policy Identity Finder Intrusion detection: PAN and Fireeye Information Security Awareness Discussion topic: How to get the word out?

11 11 Access control Identification Assurance Authorization Mandatory Access Control Discretionary Access Control Authentication Multi-factor authentication

12 12 Access control example Multi-factor authentication DuoSecurity pilot Action Item: Review any discretionary access control you have granted

13 13 Security Incident Response Assessing current process Incident categorization Response by incident category Server, Account, Endpoint Forensic tools Event logs & analysis

14 14 Questions?

Download ppt "Information Security Update CTC 18 March 2015 Julianne Tolson."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.

Similar presentations

Ads by Google