Information Security in Higher Education Today Current Threats

Slides:



Advertisements
Similar presentations
2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.
Advertisements

Security for Mobile Devices
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.
4 Information Security.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Privacy and Security Risks in Higher Education
Securing Information in the Higher Education Office.
Information Security Technological Security Implementation and Privacy Protection.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Brett Miller, Medical School Chief IT Security Officer IRBMED Seminar Series April 28, 2015 Data Security.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Forms Management: Compliance, Security & Workflow Efficiencies.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
Why build a strategy? 7/15/2015 University of Wisconsin–Madison2 Options: Detection or Prevention Last strategic plan was five years old and never formally.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Security considerations for mobile devices in GoRTT
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
© 2010 Verizon. All Rights Reserved. PTE / DBIR.
CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
“HIPAA-Proof” Your Healthcare Data: Safeguards at the Database Level Ted Julian VP Marketing & Strategy Application Security Inc.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
© Copyright 2010 Hemenway & Barnes LLP H&B
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.
What you need to know about PCI-DSS Jane Drews Chief Information Security Officer Information Security & Policy Office
Frontline Enterprise Security
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
A New Security Blueprint Shantanu Ghosh Vice President, Enterprise Security & India Product Operations.
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY
3 Do you monitor for unauthorized intrusion activity?
Juniper Software-Defined Secure Network
Warren Binford, Willamette U. College of Law
Auditing Cloud Services
Teri Takai EXECUTIVE DIRECTOR, CENTER FOR DIGITAL GOVERNMENT.
CHAPTER 4 Information Security.
Forensics Week 11.
The Internet of Unsecure Things
Skybox Cyber Security Best Practices
National Cyber Security
INFORMATION SYSTEMS SECURITY and CONTROL
The Practical Side of Meaningful Use:
Introduction to the PACS Security
Protect data in core business applications
Presentation transcript:

Lewis Watkins,CISO lwatkins@utsystem.edu Information Security in Higher Education Today Current Threats Higher Ed. Challenges Solutions and Best Practices Lewis Watkins,CISO lwatkins@utsystem.edu 1

The Good News and Bad News Some Facts from the U. S. Secret Service and Verizon 2010 Breach Report 98% of exposed data came from servers. Make sure servers are professionally managed. 85% of attacks were not complex. 96% of breaches were avoidable using simple controls. Security requires operational excellence! 61% were discovered by a third party. 86% of breached organizations had evidence in their log files. Organizations have inadequate monitoring. 2

Current Threats The future is already here – it's just not very evenly distributed. William Gibson 3

Gartner 2006 Prediction 4

Today’s Threats! Attacks come 24/7 from anywhere in the world. Unprotected computers are 100% assured of being compromised. Attacks are much more sophisticated than just a year ago, and the motives are much more sinister. Most owners of compromised computers have no knowledge that they have a problem. Primary attackers of concern: Organized, professional crime organizations Nation States Quasi-political/terrorist organizations 5

Most Common Exposures within the UT System Lost/Stolen Computers (that aren’t encrypted) Paper Documents (old documents) Business Partners (mistakes, contract violations, employees) Insecure Applications (Its not the network) Breached Electronic Files (Forgotten files) Employee Errors Employee Misconduct 6

“Oh Toto, I don’t think we are in Kansas anymore!” State of Virginia medical data held for ransom San Francisco network held hostage Slacker harms University of Utah by PHI exposure Stuxnet – worm targets Iran nuclear program “Here you Have” virus (zero day) UNC Professor fighting termination because of exposure of 100,000 patient records Drive-by malware – mostly unseen Bots, Bots, Bots – Attacking others 7

Higher Ed. Challenges 8

Five Challenges of Higher Education Security The Complexity Problem: Universities are very complex. Information Security is complex. Security touches every operational aspect of the university. The Scope Problem: Risks span the entire organization – and beyond. The Quality Problem: Small errors can result in large security vulnerabilities that result in breaches. 9

The Location Problem We place data everywhere now…. USB Drives iPhone / Blackberry / Android / Smart Phones Netbooks / Laptops / Desktops/iPads Departmental Servers Central IT Servers Virtual Servers Consolidated Data Centers / Shared Services Outsourcers / Business Partners The “Cloud” Private Clouds / Public Clouds / Unsanctioned Clouds Other: Embedded Systems / Auto Systems (Nav & GPS) 10

Compliance Obligations Information Security Compliance includes these and other regulations, FERPA 1974 PCI-DSS 2004 HIPAA 1996 Including…. - TX Bus. & Com. Code Ch. 521 E-Discovery Red Flag Business Associate Agreements TAC 202 1994 GLB 1999 HITECH FISMA 2002 11

Worker Economic Stress Fewer Workers to perform needed tasks. Workers working under greater stress and fear. 12

Solutions and Best Practices 13

There are Solutions! Make sure Data Owners are trained and engaged. Take Inventory (as part of risk assessment process) Devices on your network Applications Data stores Eliminate Unnecessary Data. Make sure your security personnel have visibility into the environment. Make sure your Information Security Officer has access to Executive management. 14

Cloud Computing Unmanaged cloud computing poses risk to University data. Well managed cloud computing holds promise of improved information security. 15

Implement and Track Best Practice Strategies 16

Questions? Lewis Watkins, CISSP Chief Information Security Officer lwatkins@utsystem.edu (512) 499-4540 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.