Sean Moriarty, Oswego State CTS 2016 Cyber Security Update

Slides:

Advertisements

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Advertisements

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Privileged Identity Management Enterprise Password Vault

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

HIPAA Data Security PCF Data Security Update May 1 st, 2015.

Penn State University College Of Education Understanding College of Education Resources.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

Site License Advisory Team March 31, 2014 meeting.

ESCCO Data Security Training David Dixon September 2014.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

TIF-Security Update Robert Ono, IT Security Coordinator October 2010.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

IT Governance Purpose: Information technology is a catalyst for productivity, creativity and community that enhances learning opportunities in an environment.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

University IT Strategy

Michael Wright • Chief Security Officer • Tech Lock

Multifactor Authentication

DATA SECURITY FOR MEDICAL RESEARCH

Buffalo Academy of the Sacred Heart

University Wide Vulnerability Scanning Program

Michael Menne IT Solutions Chief Information Security Officer

Direct Deposit Phishing Attack

Data and database administration

Compliance with hardening standards

ComArtSci Technology Update

Information Technology (IT) Department

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Information Security Seminar

Gmail customer service

Collaborative Computing Solutions

Presented by: Brendan Walsh Manager, Security and Access Management

CYB 110 Competitive Success/snaptutorial.com

CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.

CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.

CYB 110 Teaching Effectively-- snaptutorial.com

CYB 110 Education for Service-- tutorialrank.com

Information Security Awareness 101

I have many checklists: how do I get started with cyber security?

Computer Information Services (CIS) New Hire Orientation

FY18 IT Risk Assessment Process Overview

All data occupies physical space, even if we don't think of it as such.

Understanding Existing Standards:

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

12 STEPS TO A GDPR AWARE NETWORK

OFFICE OF ACADEMIC AFFAIRS STRATEGIC PLANNING WORKSHOPS

Strategic Plan FY 2019 – FY 2023 Update

The City University of New York Performance Management Process (PMP)

League for Innovations Conference March 2018

Bethesda Cybersecurity Club

UNM Information Assurance Scholarship for Service (SFS) Program

UNM Information Assurance Scholarship for Service (SFS) Program

Spear Phishing Awareness

TPAF – My Pension Online

Information Technology Organization Overview RFP #220-05

OU BATTLECARD: Oracle Identity Management Training

October is National Cybersecurity Awareness Month

OU BATTLECARD: Oracle WebCenter Training

Presentation transcript:

Sean Moriarty, Oswego State CTS 2016 Cyber Security Update The title for the day and for our planning process is “The Digital Campus – technology for an enhanced Tomorrow” Obviously the Tomorrow refers to Oswego’s new strategic plan. And I think there is no doubt that technology is going to play a large part in helping to achieve it. About a year ago President Stanley did a presentation where she talked about the Digitally Enhanced Campus and our need to get there. So I have used that theme for all of my presentations since then and tried to ensure that we are moving in that direction. But I think it is time to start defining what the digital campus looks like, examine how close we are to being there and set the direction on how we get there. We want your help in achieving those tasks. Sean Moriarty, Oswego State CTS 2016 Cyber Security Update Faculty Assembly - October 24, 2016

Agenda General information on Cyber security risks and campus activities Cyber Security Month activities Risks that faculty should be aware of Cloud computing

Worldwide Top Issues and risks of the Past Year Phishing Spoofing Accidental sharing of data Auto-complete in email Human error Forgetting/losing documents/laptop in the taxi or at airport security Lost mobile device Compromised accounts

2015-16 Cyber security activities Activation of Google 2 step login Defined a position and hired an Information Security Analyst New website - https://www.oswego.edu/cts/cybersecurity Member in the SUNY SOC (Security Operations Center) Encrypt hard drives of all new laptops User account reduction New user account processes; i.e. requiring alumni to annually renew their account reviewed other options to authenticate emails (SPF,DKIM)

CyberSecurity Awareness Month Weekly Topics October 3-7: Don’t Get Hooked on Phishing - Phishing Derby Contest October 10-14: Protect Your Environment October 17-21: Protect Your Mobile Devices October 24-28: Protect Your Login - Introducing Pass- Phrases You will notice additional information on campus in the form of posters, digital signage, Oswegonian ads and articles, and pamphlets.

Tips for Faculty Change your Lakernet passwords next week when the Passphrases are available Use 2-factor authentication for your email ALWAYS have a password on your mobile device Be wary of phishing Be wary of open networks (tether to your mobile device instead and use eduroam when you are at other institutions who use it)

Cloud Computing Pros Cons Examples at Oswego New services are only available in the cloud Services are more fully featured Require different staff skillset to administer the applications Can address increased requirements more quickly (increased bandwidth for the website during emergencies) Cons Different budgeting model (CapX vs OpX) Need to develop a legal trust relationship with the vendor – there may be risk in this Examples at Oswego Gmail, Aquia Web site, Starfish, Adirondak Residence System, Maxient, CSO, Adobe Creative Cloud

Cloud Computing (cont’d) Managing Risk Dependent on the data in the cloud, need more oversight when it is Personally Identifiable Information (PII) and Confidential data Manage by Reputation/References of the vendor Legal contracts (CTO and SUNY legal approval) Auditing contracts

Cloud Computing (cont’d) Points to Consider Is there already an existing SUNY contract with this vendor? If not, does the contract need to be reviewed by the CTO office and/or SUNY legal? Should a SUNY wide contract be considered? What data will this service use? Will Personally Identifiable Information (PII) or confidential information be shared with a vendor? Are there FERPA requirements that need to be considered to protect the shared data? Does the application meet accessibility requirements? Does the vendor have the appropriate security measures in place for the data being stored and do they have audits available?

Cloud Computing (cont’d) Points to Consider Will authentication be required to utilize the service? If so, has a plan to integrate the application with the institution’s identity management system been scheduled into the project timelines? Will a data exchange project be required to obtain the service? If required, has a project been scheduled to implement the exchange? Will the application need to be customized with logo and branding? Has the proper team been created to implement these aspects of the project?

CTS Annual report Available at http://www.oswego.edu/cts Reports on our progress towards our 4 Digital Campus Strategic Goals: Students, faculty and staff thrive by seamlessly integrating technology into their teaching, learning and scholarly activities. Our community is efficient and creates value with our technical resources. Service excellence provides efficient support through robust, green and secure infrastructure and processes. Effective IT planning and governance ensure campus priorities are achieved.

Questions/Comments