Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Controls for Information Security
Factors to be taken into account when designing ICT Security Policies
Payment Card Industry (PCI) Data Security Standard
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
IT Audit Summary Bruce Patrou Chief Information and Technology Officer St. Johns County School District
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Website Hardening HUIT IT Security | Sep
Information Security Information Technology and Computing Services Information Technology and Computing Services
User Services. Services Desktop Support Technical Support Help Desk User Services Customer Relationship Management.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Information Security Training for Management Complying with the HIPAA Security Law.
Information Security Phishing Update CTC
1. Self Awareness You should only access your accounts and private informations from a safe location (only at home as necessary if at all possible) where.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Information Technology & Communications Sensitive Data Use, Storage & Security Meeting Background Data Breach on February 18, 2014 Security Meeting with.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Information Systems Security Operations Security Domain #9.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.
IMFO Annual Conference – 2015 S21: Good Governance & Oversight B2B.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
KTAC Security Task Force Superintendents Update April 23, 2015.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Technology and Business Continuity
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Slide Template for Module 4 Data Storage, Backup, and Security
Information Security Program
3 Do you monitor for unauthorized intrusion activity?
Cybersecurity - What’s Next? June 2017
Data Compromises: A Tax Practitioners “Nightmare”
Introduction to the Federal Defense Acquisition Regulation
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Joe, Larry, Josh, Susan, Mary, & Ken
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING
PBA.
Auburn Information Technology
Red Flags Rule An Introduction County College of Morris
Information Security Awareness
BACHELOR’S THESIS DEFENSE
Neopay Practical Guides #2 PSD2 (Should I be worried?)
3 Do you monitor for unauthorized intrusion activity?
Securely run and grow your business
Microsoft Data Insights Summit
In the attack index…what number is your Company?
3 Do you monitor for unauthorized intrusion activity?
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019

Why this presentation? Association for Governing Boards (AGB) Best Practice Recommend periodic updates to Board Inform board what KCTCS is doing with security/disaster recovery Ensure single individual is ultimately accountable but everyone in the institution plays a supporting role Chief Information Security Officer (CISO – “see-so”) 2 FTE dedicated to security on staff

What are Cyberattacks? Data breaches – incident that puts at risk exposure of sensitive data Highest risk (easily monetized data) Student Information System Financial System HR/Payroll Data Warehouse Document imaging (scanned sensitive data)

Not all data are created equally We prioritize/triage the data within systems i.e. directory data less risky than SSN / drivers license number Ensure that systems are secured in “least privileged” manner “The principle in which a subject – whether a user, application, or other entity – should be given the minimum level of rights necessary to do their job”

5 Facets of Security Identification Knowing what to look for and what to protect Protection Implementing protective measures Detection Monitoring for suspicious activity Response Who does what after breach/incident detected Recovery Disaster recovery

Where to start? KCTCS policy 4.2.6 covers security breaches and actions necessary Much of this mandated by external auditors Basics Firewalls (device that regulates access to network) Patching computing devices, hardware, software Phishing Awareness This is the single most important piece of our strategy

Advanced measures Intrusion detection systems Penetration testing Brute force testing Privileged account management Vetting KCTCS contractual partners Data center evaluations Regulatory compliance (effective controls SSAE-16)

Single largest risk? PHISHING Employee unknowingly giving up their credentials via Phishing Over 164 million malicious emails blocked in 2018 Mitigation? Employee training, marketing campaigns Implementing 2-factor authentication with “power users” Something you know (password) & Something you have (i.e. text message to a phone)

Goal is recovery within 60 minutes Some of our systems hosted in the Amazon and Microsoft clouds can recover in seconds

Disaster Recovery/Business Continuity Incremental backups (hot) nightly, full (cold) backups weekly Goal is recovery within 60 minutes Some of our systems hosted in the Amazon and Microsoft clouds can recover in seconds Failover site should be 100-150 miles from primary data center (Atlanta and Nashville for us) We practice full-scale outage annually

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.