MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING

Slides:



Advertisements
Similar presentations
Information Security The Responsibility of Security Lies on The Shoulders of Each and Every User……. R. LaRocca 1997 Robert LaRocca - Director Information.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Secure Computing Network
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Payment Card Industry (PCI) Data Security Standard
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Incident Response Updated 03/20/2015
Services Tailored Around You® Business Contingency Planning Overview July 2013.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Information Security Information Technology and Computing Services Information Technology and Computing Services
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Technology Projects January 1 – March 31, 2012 MEASURE I CITIZEN’S OVERSIGHT COMMITTEE QUARTERLY MEETING.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
DECS Community IT DIVISION OF ENGINEERING COMPUTING SERVICES Michigan State University College of Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
Small Business Security Keith Slagle April 24, 2007.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
HalFILE 2.1 Network Protection & Disaster Recovery.
KTAC Security Task Force Superintendents Update April 23, 2015.
Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
UNIT V Security Management of Information Technology.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Securing Information Systems
Cybersecurity - What’s Next? June 2017
Chapter 6 Application Hardening
Technology Department Annual Report
Security Standard: “reasonable security”
Data Compromises: A Tax Practitioners “Nightmare”
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
SCSU Technology Update FY05
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Risk of the Internet At Home
Cybersecurity Strategy
PBA.
Information Security Session October 24, 2005
Contact Center Security Strategies
Information Security Awareness
How to Mitigate the Consequences What are the Countermeasures?
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
6. Application Software Security
Presentation transcript:

MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING Technology Projects July 1, 2015 – December 31, 2015

Technology and Instructional Equipment Modernization

Technology and Instructional Equipment Modernization Technology Advisory Committee (TAC) Recommended: 127 projects One hundred classroom computers ($117K) Podium upgrades ($31K) Wireless upgrade ($40K) One hundred thirty computers/printers/scanners for faculty/staff offices ($137K) Seven digital signage systems ($12K) Tree inventory system ($10K) Latex wide-format printer ($23K)

HP Latex 360 Printer

Six Student Success Factors

VOICE OVER INTERNET PROTOCAL (VOIP) TELEPHONE SYSTEM

VOIP Telephone Project - Completed IP 485G phone 30 purchased IP 655 phone 8 purchased

Security

Why is Data Security Important? To prevent data breaches To protect Personal Identifiable Information (PII) To maintain continuous operations To avoid expenses associated with compromises Maricopa County College District in Arizona computer hack tops $26M Breach in 2011 never addressed lead to 2013 hacking incident

AHC Data Security Measures Physical Security and Environmental Controls Solid HVAC system Redundant electrical system Controlled access Clean room Redundant servers Secured cabinets

AHC Data Security Measures Cyber Security Controls Redundant firewalls Partitioned network 802.1X port-based authentication Business grade antivirus Remote centers on secure connections Encrypted passwords SPAM filters

AHC Data Security Measures IT Services Practices Servers patched once a month Regular data backups Minimize 3rd party database access 3rd party contracts reviewed for data security provisions Computer surplus service includes disk wipe Network and servers monitored

AHC Data Security Measures User Security Controls Updated Board Policy 3720 Computer and Network Use Password policy enforced Separate system authorizations - Principle of least privilege (translates to giving people the lowest level of user rights that they can have and still do their jobs)

AHC Data Security Measures Education in addition to tools Malware and strategies to mitigate their affect Adware Ransomware Trojans Spyware Phishing

CCC information Security Center The CCC Information Security Center is funded by a grant from the California Community Colleges Chancellor's Office

Why the State Funds the CCC Security Center 75% of California Community Colleges have no dedicated IT Security Staff. 60% have no Security Awareness Programs. 60% of Colleges ranked their Information security program as just starting out.

CCC Technology Center Identify misconfigurations Vulnerability Scans of Web facing servers Identify misconfigurations Validate firewall rules Identify out of date and vulnerable software.

CCC Technology Center – Awareness Training Firewalls IDS SSL Authentication Logging Antivirus Staff

CCC Technology Center Future Plans Policy Reviews Inside Vulnerability Scan Architecture Review Risk Analysis Phishing Assessment

Cuesta College Data Breach Human Resources analyst out on medical leave Remotely accessed private information (addresses, phone numbers and SSNs) and emailed to private account without authorization Discovered two weeks later Raided home and found drugs Lacy Fowler arrested June 17, 2015

AHC Response to Cuesta Data Breach Updated VPN/Remote User Agreement Reviewed list of all employees, contractors, and agents with remote access Removed access for all except those with current business needs Required a signed agreement to maintain access Employee account disabled when: An employee separates ITS director notified by cabinet member for special circumstances

Disaster Recovery Plan – Securing the data All critical data is backed up Disk to disk copies are made daily from the Santa Maria (SM) data center to the LVC server room. Disk to tape backup is still used for a few of the older servers. A full backup to tape is made twice a year with the tapes transported to LVC for offsite storage.

Disaster Recovery Plan - Recovery Rent or ‘borrow’ infrastructure Cuesta College or Santa Barbara City College Amazon Web Services (AWS) Microsoft Azure Rackspace Recover services needed for business continuity

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.