Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Slides:



Advertisements
Similar presentations
A Successful Help Desk Process for all IT Support
Advertisements

“Build It and They Will Come," But Will They? A Poster Presentation by Abdul Shibli Harvard Graduate School of Education Cambridge, Massachusetts
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.
Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, This work is the intellectual.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Copyright Statement Copyright Crit Stuart, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Virtualization Across The Enterprise Rob Lowden Director, Enterprise Infrastructure Indiana University 23 May 2007.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.
Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
1 Outsourcing Student & Other Collaboration Services Wendy Woodward Director, Technology Support Services Copyright Wendy Woodward This work.
Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.
Classroom Technologies Re-organization Copyright Kathy Bohnstedt, This work is the intellectual property of the author. Permission is granted for.
Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett This work is the intellectual property of the author. Permission.
Project Portfolio Management at Georgia State University Randall Alberts, PMP, SSBB
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Beyond the Campus Gates: Bringing Alumni, Parents, and Prospects into the Campus Portal William P. Wilson Mark R. Albert John C. Duffy Gettysburg College.
HumaniTech®: Educause, Seattle October 24, 2007 Bridging Divides, Building Collaborations
Copyright Michael White and Sandra Thompson, This work is the intellectual property of the author. Permission is granted for this material to be.
Twitter: 1.
Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.
Building the Integrated Learning Center Having the right people at the table Chris Johnson, Senior Consultant for Learning Technologies University of Arizona.
Issues Associated with ePortfolios in Small Colleges EDUCAUSE Mid-Atlantic Regional Conference 2006 Ed Barboni, Senior Advisor, Council of Independent.
Title: Developing a Multimedia Tutorial Style Guide to Expand Student Training Author: Suzie Medders, Student Training Coordinator Educational Technology.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
The "How" and "Why" of a Large-Scale Wireless Deployment  March 3, 2004  EDUCAUSE Western Regional Conference Sacramento, CA Copyright Philip Reese,
Rethinking Campus and Classroom Design William J. Mitchell NLII 2004 September 9, 2004 Copyright William Mitchell, This work is the intellectual.
ISC Networking & Telecommunications Migrating from Centrex to IP Telephony at Penn EDUCAUSE MARC 2006 Melissa Muth & Dawn Augustino University of Pennsylvania.
November 7, 2005EDUCAUSE Live1 An Eye to the Future with a Brief Look at the Past Jack McCredie UC Berkeley November 7, 2005 Copyright John W. McCredie.
George Mason University Assessing Technology Support: Using Portfolios to Set Goals and Measure Progress Anne Agee, Star Muir, Walt Sevon Information Technology.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.
Effective Distribution of Academically Licensed Software ©2008 Brent West. This work is the intellectual property of the author. Permission is granted.
Scalable Bandwidth on Demand: A New Model for the Era of Entitlement? Educause Mid-Atlantic Regional Conference January 17, 2003 Gregory D. Palmer Jennifer.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Mining User Data: Getting the Most out of your CMS John Fritz, UMBC.
Authors: Victoria F. Sarkisian, Linguistic Coordinator at the Academic Learning Center Austin C. Schilling, Senior Consultant at IBM In collaboration with:
Copyright James Kulich This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Breaking Down Barriers & Building Bridges Improves Customer Satisfaction & Efficiency Wendy Woodward | March 15, 2011 Copyright Wendy Woodward 2011.
CIO Constituent Group Meeting
Copyright Joel Rosenblatt 2010
SupportU 24x7: Implementing and Maintaining a Co-Managed Help Desk
SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005
Julian Hooker Assistant Managing Director Educause Southwest
Adapting Enterprise Security to a University Environment
EDUCAUSE 2011 Three Paths, One Goal: Three Institutions’ Journey with Providing and Supporting Mobile Technology Emporia State University The Faculty &
Decentralization in a Centralized IT Environment
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Ed Barboni, Senior Advisor, Council of Independent Colleges
Blaine A. Brownell, President,
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
© Mike Reese This work is the intellectual property of the author
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
EDUCAUSE Networking 2002 Washington, D.C. April 17, 2002
Presentation transcript:

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Educause Security 2007ISC Information Security Security Reporting University of Pennsylvania Joshua Beeman

Educause Security 2007ISC Information Security Overview Penn’s environment Version 1 (duct tape, chewing gum…) Version 2 (less gum, more tape…) Results

Educause Security 2007ISC Information Security Environment A private university in Philadelphia, PA founded in ,000 students/4,000 faculty/13,000 staff 7500 students live on campus students, staff and faculty live in the surrounding community Health System has separate management –IT division outsourced/15,000 users

Educause Security 2007ISC Information Security Environment Computing mostly decentralized over 40 cost centers Some services are managed or coordinated centrally by Information Systems and Computing (ISC) Administrative Systems Support & Security Networking & Telecommunications

Educause Security 2007ISC Information Security Environment Open network Decentralized computing Information security concerns continually growing Limited funding Does this sound familiar to anyone?

Educause Security 2007ISC Information Security Environment Why a Security Report? Awareness Identify larger trends Develop security “hawks” Improve customer service

Educause Security 2007ISC Information Security Report – v.1 Incident Tracking via Excel Spreadsheet: Date IP address Center name Incident source Incident type Handler comments (optional)

Educause Security 2007ISC Information Security Report – v.1 Key Elements – Compromises: Total number of compromises Total number of IP addresses Ratio of Compromises/IP’s Ranking (based on ratio) Average (based on ratio)

Educause Security 2007ISC Information Security Report – v.1 Key Elements – Critical Hosts: Total number of Critical Hosts registered Total number of IP addresses Ratio of Critical Hosts/IP’s Ranking (based on ratio) Average (based on ratio)

Educause Security 2007ISC Information Security Report – v.1 Key Elements – Management Reports: Summary tables –Compromise ranking –Critical Host ranking Summary graphs –Incident source –Overall distribution

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security Report – v.2 GRADI (web-based incident tracking system) Captures previous fields plus… Case Status (Pending, closed, etc.) MAC Address Wallplate Port List User PennKey …and more for certain case types

Educause Security 2007ISC Information Security Report – v.2 GRADI (continued) In addition provides automated processes for: DNS & host contact lookup Custom handling based on incident type ing/routing Searching, export, etc.

Educause Security 2007ISC Information Security Report – v.2 Previous Key Elements: Compromises Critical Hosts Critical Events Management reports

Educause Security 2007ISC Information Security Report – v.2 Plus New Elements: Wireless, Wired DMCA, non-DMCA Critical Vulnerabilities New management reports Comparative studies

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security Results Provided senior management with tools and data Increased information security awareness Identified larger trends, problem areas Improved Universities overall security posture Created security “hawks”

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security

Educause Security 2007ISC Information Security Results Remember that v.1 was based on: Individual Excel spreadsheets 5 data fields

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.