Presentation is loading. Please wait.

Presentation is loading. Please wait.

UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November.

Published byLogan Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November."— Presentation transcript:

1 UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November 11, 2009

2 UWM CIO Office UWM Information Security responsible for coordinating: Policies Technical controls Compliance Communication Forensics, investigations and incident response

3 UWM CIO Office Session Goals Answer “Why is this important?” Share Security Goals Identify future steps and needs First, some background…

4 UWM CIO Office We are all data custodians.

5 UWM CIO Office Security Trends Increasingly complex landscape

6 UWM CIO Office Security Trends Need to control where confidential data lands

7 UWM CIO Office Security Trends Challenging endpoint security

8 UWM CIO Office Data breaches are costly. $202/record 500 records = $101K 1,000 records = $202K 30,000 records = $6.06M Source: Ponemon Institute ponemon.org

9 UWM CIO Office Loss of trust. Data breaches are costly. Source: Ponemon Institute ponemon.org

10 UWM CIO Office What dangers are on the horizon?

11 UWM CIO Office Threats Datalossdb.org

12 UWM CIO Office What have we gotten good at: -Incident Response and Forensics -Day to day security issues -AV Management -Risk Assessments -Network Monitoring -Efficient Desktop Support

13 UWM CIO Office So where is UWM in this landscape?

14 UWM CIO Office Data Sources Students: Academic Health HR Faculty/staff: HR Health Research: Health Patent

15 UWM CIO Office Types of Data SSNs Credit card numbers Grades Personnel-related Health-related Research-related

16 UWM CIO Office Personal Health Information Example CUPH (Aurora, Medical College, UWM) Milwaukee Health Report 2009 Perinatal database hosting (80+ hospitals) statewide: - Providing data to state vital records - Meeting reporting needs for hospitals/health departments

17 UWM CIO Office Health care issues such as: Health care legislation Pandemic issues Socioeconomic disparity Even more motivation for breach prevention!

18 UWM CIO Office 1.Manage access to and use of confidential data. 2. Understand where the data is 3. Develop efficient and consistent compliance processes 4. Offer “pre-fab” high security environments Institutional Data Privacy and Security Goals

19 UWM CIO Office 1. Limit access to and use of confidential data Institutional Data Privacy and Security Goals

20 UWM CIO Office 2. Know location of data Institutional Data Privacy and Security Goals

21 UWM CIO Office 3. Employ a repeatable, cost-effective and reportable compliance methodology $ Institutional Data Privacy and Security Goals

22 UWM CIO Office 4. Offer “pre fab” high security environments for researchers Institutional Data Privacy and Security Goals

23 UWM CIO Office What do we need? Policy Procedures and processes Strengthened core IT infrastructure Security-enhanced networking environments Security-enhanced desktop environments

24 UWM CIO Office Policies currently in place: Acceptable Use Policy (AUP) Campus Information Security Policy

25 UWM CIO Office Policy Needs Identified/in Process Research Data Security Policy: - Integrate w/IRB process to secure confidential human subjects data - Utilize form to gather basic info - Work w/Security via checklist or one-on-one engagement

26 UWM CIO Office SSN Privacy & Security Policy: - Establishes understanding to only collect/store data as necessary - Formally ensures data is secured where it is needed and used Policy Needs Identified/in Process

27 UWM CIO Office Procedures and Processes Need for GRC product? IRB coordination Ongoing process of procedure development for security assessment and implementation

28 UWM CIO Office New credit card data handling procedures/processes Consolidation of card payment services Allowance for other options provided unit responsible for compliance efforts

29 UWM CIO Office Strengthen Core IT Infrastructure Framework: ITIL - IT Infrastructure Library: Utilizes methodology for efficient and secure IT management Focuses on defining services Clarifies requirements for: - Performance - Functionality - Security

30 UWM CIO Office How do we do this? Determine what you have Stabilize the patient Establish repeatable build processes Enable continuous improvement Strengthen Core IT Infrastructure

31 UWM CIO Office What are we working on? More formal change management process Development of a unified patching methodology Contemplating a Log Management system Baseline system security standards Strengthen Core IT Infrastructure

32 UWM CIO Office New Service/Service Enhancement Process Enumerates resource estimates and details impacts of systems/services Facilitates top-level resource decision- making Ensures right people at the table Helps balance service levels with service expectations

33 UWM CIO Office Need a network “home” for confidential data Need network-based firewall services Need flexible implementation Security-enhanced Networking Environments

34 UWM CIO Office Tech Users Group providing foundation Common identified solutions: McAfee & EPO Identity Finder Next Gen. endpoint security Collaboration on OS deployments Needs: Patch Management Full support for FDE File/folder level encryption software & support Security-enhanced Desktop Environments

35 UWM CIO Office 1.Manage access to and use of confidential data. 2. Understand where the data is 3. Develop efficient and consistent compliance processes 4. Offer “pre-fab” high security environments – ability to execute Institutional Data Privacy and Security Goals

36 UWM CIO Office What do we need? Policy to establish roles and “must do’s” Procedures and processes Strengthened core IT infrastructure Security-enhanced networking environments Security-enhanced desktop environments

37 UWM CIO Office Specific Technical Needs: Network firewall GRC software Identity Finder Full disk encryption File/folder-level encryption Patch Management Log management

38 UWM CIO Office Requires Investment: Technology People

39 UWM CIO Office Shared responsibility of all to serve as data custodians and ensure data is kept secure.

40 UWM CIO Office Steve Brukbacher, sab2@uwm.edu Bruce Maas, bmaas@uwm.edu Institutional Data Privacy and Security

Download ppt "UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
1. 2 August 2009 - Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)

Nick Vennaro, NHIN Team (Contractor), Office of the National Coordinator for Health IT Michael Torppey, CONNECT Health IT Security Specialist (Contractor)
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Mark Lyles, MD Chief Strategic Officer Medical University of South Carolina September 25, 2014 South Carolina Telehealth Alliance.

Mark Lyles, MD Chief Strategic Officer Medical University of South Carolina September 25, 2014 South Carolina Telehealth Alliance.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Similar presentations

Ads by Google