Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale 2006. This.

Published byAngelina Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale 2006. This."— Presentation transcript:

1 Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 What this presentation will cover Background information on VCU Driving forces for our Security Program Getting Started Tips for quickly starting a Security Program VCU Security Program – Experiences and Examples Summary

3 VCU Background Information Virginia Commonwealth University Located in Richmond, Va. Monroe Park Campus MCV Campus 29,000 students – 4,000 in VCU housing 9,000 faculty/staff http://www.vcu.edu

4 VCU Information Technology Environment Central IT – Technology Services Separate IT Structure for Hospital Additional IT staffs in some schools Replacing IBM MF with SCT Banner on Sun/Solaris Critical servers (350) in the VCU Computer Center Scan indicates 600 addition servers on network At least 10,000 PC’s connect to the network Network – Primarily Cisco, mostly fiber Wireless in some parts of Campus

5 Driving forces Federal, State Mandates – HIPPA, FERPA,SEC 501 Lack of coordination of security efforts Various cyber attacks Loss of productivity due to security incidents News of incidents at other universities

6 Getting Started Form a Security Program Development Team – Key decision makers in IT initially – High level security expertise – Keep group small (4-6) Weekly Meetings for review & discussion Start with an existing program or standards Set a completion goal of 6 weeks

7 Tips for developing a Security Program – Don’t start from scratch – use other programs NIS, SANS, Educause, Universities VASCAN - http://www.vascan.org/checklist/data_sec_check.html – Consolidate all existing security activities into Security Program – Address what you can first – Iterative process – Get initial plan out quickly – Prioritize security activities based on current needs

8 Tips – Continued Create Partnerships -- Seek Sponsors IT Professionals Forum & Intranet Site http://www.ucc.vcu.edu/intranet/ Desktop Management Groups Emergency Response Team Campus Police Human Resources Information Systems Professors Other Universities Vendors

9 Tips Continued – Security Team Search for technical staff showing an interest in security Work with managers to allocate time Team size - 4 to 5 FTE equivalents Develop action items from Security Program to be assigned to Security Team

10 Tips Continued – IT Security Web Site Search your web for existing security related material Develop a role base security web site – Students – Faculty and staff – Technical staff Sections for Communicating Security Program, Policies, and Standards Links to other Security Sites http://www.itsecurity.vcu.edu/

11 Tips Continued – Understand your environment What are your network devices? How many servers and PC’s are on your network? Who manages these devices? Evaluate current protection – IDS, IPS,AV Use regular scans to monitor environment

12 Tips Continued – Managed network environment Server Consolidation Single Mail System Directory Services – AD, Novell Desktop Management Software Authenticate access to network Change Management

13 Tips Continued – Simple Risk Assessment Initially Define Sensitive Data Categories Simple list of questions Interview process – 1 hour Follow up in 1 week with report http://www.pubinfo.vcu.edu/itsecurity/risk/

14 Tips Continued – Security Awareness Make it fun and interesting Integrate it with current HR and student processes Policy and role based training material Multimedia approach to training material Provide materials for others to use

15 Review Security Program Development Team Quick results – build on other plans Create partnerships Draw security team from interested staff Consolidate existing security web content Know environment, then manage it Use a simple security assessment tool Security Awareness key – make it interesting

16 Summary Make your security program an integral part of your organization. Use other projects and initiatives to help drive security in your organization. Have others champion parts of your security program. Make it truly a shared program made up of many partnerships between your security staff and other parts of your organization.

17 Questions?

18 Additional Material – VCU Security Program - Components Authentication, Authorization and Encryption Business Analysis & Risk Assessment Business Continuity Planning Data Security Incident Handling Monitoring and Controlling System Activity Physical Security Personnel Security Security Awareness Security Tool Kit Systems Interoperability Security Technical Communications Technical Training Threat Detection

Download ppt "Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale 2006. This."

Similar presentations

Cyber Security Haunted House: Creating a New Approach to Reach Students Kenneth Janz Director, Center for Instruction, Research, and Technology Indiana.

Cyber Security Haunted House: Creating a New Approach to Reach Students Kenneth Janz Director, Center for Instruction, Research, and Technology Indiana.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.

While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Wireless & Mobile in the Library Indiana State University Library Ralph Gabbard, Judy Tribble, Paul Asay, Chris Hayes Copyright Ralph Gabbard, Judy Tribble,

Wireless & Mobile in the Library Indiana State University Library Ralph Gabbard, Judy Tribble, Paul Asay, Chris Hayes Copyright Ralph Gabbard, Judy Tribble,
Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, 2003. This work is the intellectual property of the author.

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Copyright Princeton University 2004. This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.

Copyright Princeton University This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.
Copyright Ellen C. Ramsey and Ryan P. Looney 2005. This work is the intellectual property of the author. Permission is granted for this material to be.

Copyright Ellen C. Ramsey and Ryan P. Looney This work is the intellectual property of the author. Permission is granted for this material to be.
Copyright Sylvia Maxwell and Michael White, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared.

Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional 2008 1 ISU Alert Carol McDonald Information Systems Leader Information Technology.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.
Miller, K., Roderick, T., & Zvacek, S. – Educause, 2004 Collaborating to Create Collaborative Learning Environments Kent E. Miller, Libraries Thomas Roderick,

Miller, K., Roderick, T., & Zvacek, S. – Educause, 2004 Collaborating to Create Collaborative Learning Environments Kent E. Miller, Libraries Thomas Roderick,
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Innovation and Outcomes: Voices of Experience Purdue University Calumet Midwest Educause Conference Monday, March 13, 2006 Heather L. Zamojski: Course.

Innovation and Outcomes: Voices of Experience Purdue University Calumet Midwest Educause Conference Monday, March 13, 2006 Heather L. Zamojski: Course.
Selecting a Business Intelligence Standard for Higher Education Mid Atlantic Educause Conference Baltimore, Maryland Baltimore, Maryland January 10, 2006.

Selecting a Business Intelligence Standard for Higher Education Mid Atlantic Educause Conference Baltimore, Maryland Baltimore, Maryland January 10, 2006.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, 2007. This work is the intellectual property of the author.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Similar presentations

Ads by Google