Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
SL21 Information Security Board Mission, Goals and Guiding Principles.
MSIA Introduction to Information Systems Security Training and Policy Week 1 Live Session Presentation.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Computer Security: Principles and Practice
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
By Taver Chong, SFSU Associate Internal Auditor –
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
APA of Isfahan University of Technology In the name of God.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Risk Management, Assessment and Planning Committee III-4.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
U of Maryland, Baltimore County Risk Analysis of Critical Process –Financial Aid Adapted STAR model –Focus on process and information flow –Reduced analysis.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Note1 (Admi1) Overview of administering security.
UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.
Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Personal data protection in research projects
Friday 22nd April 2016 DS Chris Greatorex SEROCU
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Accountability to Affected Populations in Lebanon Complaints and Response Mechanisms Participation.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
CPA Gilberto Rivera, VP Compliance and Operational Risk
Procedure for the resolution of grievances in the ILO
WSU IT Risk Assessment Process
Fusion Center ITS security and Privacy Operations Joe Thomas
Network Security Research Presentation
SPEAK UP SPEAK OUT.
Responding to Intrusions
Compliance with hardening standards
Adapting Enterprise Security to a University Environment
The Police: Organization, Role, and Function
LAND RECORDS INFORMATION SYSTEMS DIVISION
Information Security Seminar
Joe, Larry, Josh, Susan, Mary, & Ken
Cyber Security coordination in Europe CERT-EU’s perspective
Information Security Board
8 Building Blocks of National Cyber Strategies
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
MCPS School Safety and Security Presentation
U.S. Department of Justice
PBA.
Enterprise Roles and Structures:
INTRODUCTION TO TAX-AIDE TECHNOLOGY
MCPS School Safety and Security Presentation
Providing Advice To Clients
Enhanced alerting and collaborative incident management
Citizen Police Review Board Discussion
Computer Emergency Response Team
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004

Sedptember 22, 2004Slide 2 Incidents? What Incidents? Direct targeting of University systems –Attempts to disrupt service –Attempts to capture confidential information –Attempts to obtain copyrighted materials only licensed for campus use General attacks (viruses, worms, denial of service) Harassment, threats, etc. Copyright violations

Sedptember 22, 2004Slide 3 How Are Incidents Detected? Direct targeting of University systems and general attacks are usually detected through… –Intrusion prevention reporting and alerts –Unusual network activity –Log data Information about harassment, threats, etc. are normally obtained through complaints sent to Princeton’s CERT and Help Desk calls. Potential copyright violation complaints are received directly from industry associations

Sedptember 22, 2004Slide 4 The Policy Advisor Coordinates the University’s Incident Response Effort Member of the Office of Information Technology’s (OIT) Support Services team –Along with Help Desk, Networking, Central and Departmental desktop support. Incident Response Functions –OIT representative to the University committee that creates policies that focus on personal responsibilities as they relate to the use of technology. –Engages technology teams to participate in incident investigation and resolution. –Corresponds with persons who have issued complaints as well as individuals on campus whose computers are disrupting the network. –Serves as the primary contact to Administration, Academic Deans, etc. regarding incidents that could involve disciplinary action. RIAA, MPAA and vendors on copyright-related issues.

Sedptember 22, 2004Slide 5 The IT Security Staff Focuses on Technology and Information Related Issues IT Security Officer plus one Security Specialist Incident Response Functions –Administer firewalls and intrusion prevention systems, –Coordinate technical response to major attacks, –Perform computer forensic evaluations, –Provide media with information about attacks and responses. Other Functions –Recommend information handling and technology-related policies, –Develop operational and administrative procedures with technology teams, –Promote security awareness, –Advise technology teams, and administrative and academic departments, –Research security-related technologies and solutions, –Manage security-related projects.

Sedptember 22, 2004Slide 6 Additional Members of the Incident Response Team Technology support teams –Server and Workstation Support –Network Services –Database Services –Application Services General Counsel Law Enforcement –University’s Public Safety department –Police, FBI, etc. (via Public Safety) Human Resource Department Department Heads and Academic Deans

Sedptember 22, 2004Slide 7 Departmental Roles in the Investigative Process OIT’s role is to: –Collect and interpret evidence, –Inform the appropriate managers and deans of incidents affecting or originating from their areas, –Respond to complaints from external organizations, –Contact “abuse” areas of other organizations for externally initiated attacks, –Involve General Counsel and Public Safety as necessary. Disciplinary action must be authorized by the appropriate department manager or dean. Potential criminal activity must involve law enforcement –The University’s Public Safety Department coordinates with outside agencies.

Sedptember 22, 2004Slide 8 How Do We Ensure that All OIT Groups Are on the Same Page? IT Policy and Security Cross Functional Team –Chaired by the IT Security Officer, –Members include the Policy Advisor and representatives from all major OIT areas, –Security-related information exchange To OIT departmental staff From OIT to the cross functional team, –Priority setting, –Policy and procedural development, –Project oversight.

Sedptember 22, 2004Slide 9 Initiatives We Have Taken On To Better Prevent or Mitigate the Impact of Incidents General security awareness seminars, flyers, etc. Password strengthening initiatives –Strength checking –Elimination of NIS authentication –Elimination of telnet, ftp, pop3 and unencrypted IMAP (in progress) Timely software patching –Policy and procedures –Microsoft’s SUS for Windows operating systems. Auto-update for others. –Communicating patch information more effectively Intrusion Prevention and Firewall services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.