Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Slides:



Advertisements
Similar presentations
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
SL21 Information Security Board Mission, Goals and Guiding Principles.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
The Office of Information Technology Two-Factor Authentication.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Internet safety By Lydia Snowden.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Information Security Technological Security Implementation and Privacy Protection.
Information Security Phishing Update CTC
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.
National Energy Research Scientific Computing Center (NERSC) Computer Security – The New Threats Stephen Lau NERSC Center Division, LBNL June 24, 2004.
BUSINESS B1 Information Security.
Staying Safe Online Keep your Information Secure.
OFFICE OF BUDGET AND FINANCE Information Security Office ISC Meeting August 21, 2015 Information Security Office
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
ITA/ISA Monthly Meeting March 20, 2015 Facilitator: David Miller Manager – OIT Support Services.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
 Introduction to Computing  Computer Programming  Terrorisom.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
13LECTURE NET301 11/23/2015Lect13 NET THE PROBLEM OF NETWORK SECURITY The Internet allows an attacker to attack from anywhere in the world from.
Adxstudio Portals Training
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Policies and Security for Internet Access
Building Our IT Security Lines of Defense Working together to protect Government’s IT systems.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
Law Firm Data Security: What In-house Counsel Need to Know
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
Do you know who your employees are sharing their credentials with
I S P S loss Prevention.
Network security threats
Be Safe, use Password Protection Michael Hodges ITS, Identity and Access Management
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Presented by: Brendan Walsh Manager, Security and Access Management
Information Security: Risk Management or Business Enablement?
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Technology Services Multi-Factor Authentication gsw
Office 365 Security Assessment Workshop
Auburn Information Technology
How to Mitigate the Consequences What are the Countermeasures?
Security Hardening through Awareness August 2018
Net301 LECTURE 11 11/23/2015 Lect13 NET301.
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
Presentation transcript:

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015

Information Security Confidential MSU Information Security Vision and Mission Statement Vision Diminish IT security risks to an acceptable level and become the most effective IT function; enable the University to make informed decisions based on risk. Mission Design, implement and maintain an information security program that protects the University’s resources against unauthorized use, modification and loss. Establish a practical information security program that enables MSU to be the best public research University in the world. 2

Information Security Confidential Two-Factor Goals Safe guard MSU employee data Safe guard MSU HR/Payroll and Finance data Provide additional security on EBS applications to prevent susceptibility to phishing attacks 3

Information Security Confidential Information Security Risks for MSU 4 Who’s perpetrating breaches? How do breaches occur? What commonalities exist? *Verizon Data Breach Investigations Report – 2013 (+) Is an increase of 10% or greater from last year (-) Is a decrease of 10% or greater from last year

Information Security Confidential Payroll Incident Summary 5 Millions of attempts to hack into MSU computer systems every day (>20 million prevented during month of May 2014) Millions of SPAM and phishing scams every day, some faculty, staff, and students take the bait Current safeguards in place: – SPAM filtering – Over 5 million SPAM and phishing s blocked per day – Anti-virus installed on workstations – Security awareness training Two Payroll Incident Examples – October 2013 and March 2014 – Phishing s are suspected of compromising the users’ EBS login credentials (user name and password) – No breach of MSU systems/network appears to have occurred – Risk currently mitigated by disabling online direct deposit changes People and process changes recommended to further improve prevention, detection, and response Context:

Information Security Confidential Addressing Security Risks at MSU 6 Two-Factor Authentication Security Policy Dedicated Incident Response Security Awareness Security Incident and Event Management Vulnerability Management Defense in Depth Approach – Multiple layers of controls to reduce overall risk Business enablement combined with risk reduction

Information Security Confidential Two-Factor Authentication Overview 7 Two-factor authentication requires the use of two of the three authentication factors: Something only the user: 1.Knows (e.g. password, PIN, secret answer) 2.Has (e.g. ATM card, mobile phone, hard token) 3.Is (e.g. biometric – iris, fingerprint, etc.)

Information Security Confidential Who Uses Two-Factor? 8

Information Security Confidential How Two-Factor Authentication Helps Credentials are commonly stolen through: – Phishing attacks targeted at MSU – Third-party sites compromised and same username/password used for MSU applications Adobe, Yahoo, LinkedIn, Forbes, Zappos, and eHarmony were breached in past year, 32 million usernames and passwords stolen – 15,000+ users registered with MSU addresses, unknown how many used MSU password to register with these sites Two-factor authentication prevents attackers from accessing your account even if they obtain your username and password. 9

Information Security Confidential Two-Factor Strategy at MSU Second Factor will be a“soft” Token Identify an Industry Leader for the Two-Factor Components Enhance MSU’s single sign-on solution (Sentinel) to integrate with Industry Leaders Solution to provide Two- Factor Enable Two-Factor for EBS applications (portal, HR, Payroll, Finance, BI) for all current employees. 10

Information Security Confidential Multiple deployment options available for MSU users: 1.Mobile application 2.SMS text message 3.Voice call made to desk, mobile, or home phone Two-Factor Authentication Deployment Options 11

Information Security Confidential Appendix A – Scope diagram 12

Information Security Confidential Appendix B – Enrollment: Step 1 13

Information Security Confidential Appendix B – Enrollment: Step 2 14

Information Security Confidential Appendix B – Enrollment: Step 3 15

Information Security Confidential Appendix B – Enrollment: Step 3 16

Information Security Confidential Appendix B – Enrollment: Step 4 17

Information Security Confidential Appendix C – Login 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.