Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota.

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

{{} Giving Effective Feedback Early Career Faculty Development Program 29 August 2011 Francine Montemurro, Boston University Ombuds

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Wireless.ubc.ca Balancing security and usability on the world’s largest Wi-Fi campus network Jonn Martell Wireless Project Manager, UBC

IT Retreat 2009 IT Security Controls and Initiatives.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Lecture 11 Reliability and Security in IT infrastructure.

Security administrators The experts need better tools too!

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

SM3121 Software Technology Mark Green School of Creative Media.

Session Objectives Examine the Financing challenges in road construction. Session outcome: By the end of the session trainees should be able; To identify.

Security & PCI Compliance The Future of Electronic Payments Security & PCI Compliance Greg Grant Vice President – Managed Security Services.

1 Tuesday, August 16, 2005 W E B C A S T August 16, 2005 Policy Development Theory & Practice: An Emphasis on IT Pat Spellacy Director of Policy & Process.

Online Data Backup Services from

Windows 2003 and 802.1x Secure Wireless Deployments.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Configuring the Wireless on Your Configurator Computer.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

From Forgotten Intranet to Successful Wiki: Best Practices for Implementing an Academic Library Staff Wiki University of Nevada, Las Vegas Kristen Costello.

IEU Mobile by Serhat Uzunbayir IES 506 Human-Computer Interaction Human-Computer Interaction Term Project.

Implementing Security Education, Training, and Awareness Programs

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

Security & Usability Charles Frank. Convenience is the Antithesis to Security  Computer systems must employ mechanisms that are difficult to use!

Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.

Simplifying the Configuration of Student Laptops — StirlingVPNSetup Simon Booth University of Stirling Laptop Forum 27th June 2006.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Introduction to Computer Security PA Turnpike Commission.

Vista Impact on Higher Ed Security Cam Beasley, ISO Craig Blaha, Manager of Special Projects The University of Texas at Austin.

PKI Activities at Virginia September 2000 Jim Jokl

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Privacy Preserving Back- Propagation Neural Network Learning Made Practical with Cloud Computing.

Networks Mr Hewitt. Objectives By the end of this lesson you will be able to: Compare stand alone, networked and laptop computers Define a Network Explain.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Capability Secure Distributed File Management By Combex, Inc. For More Information Contact Marc Stiegler

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

@ BCHS. The School Policy is your guide to ensuring you and your students are safe. It is your responsibility to make yourself aware and familiar with.

Communications & Networks National 4 & 5 Computing Science.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6 Essentials of Design.

FORESEC Academy FORESEC Academy Security Essentials (III)

Understanding deployment issues on the Supply Chain Ann Harding, SWITCH, Nicole Harris, TERENA Cambridge July 2014.

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Encryption Name : Maryam Mohammed Alshami ID:H

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Brianne Stewart.   A wireless network is any computer network that is not connected with a cable  Many homes use this type of internet access  Less.

Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.

Implementing Security Education, Training, and Awareness Programs By: Joseph Flynn.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

There are many leading online sources that are providing reliable encryption solution for your online as well as offline file security through smart software.

Computer Security for Businesses

On and Off Premise Secure Access

Information Security It Is Your Business

Connecting Remotely Winter 2014.

Implementing Client Security on Windows 2000 and Windows XP Level 150

Morgan County Schools And Extreme Networks

Technical Issues with Establishing Levels of Assurance

Presentation transcript:

Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota

What we’ll cover today Assumed: A security function exists A security function exists You have the technical basics covered (policy,process,people,technology,etc) You have the technical basics covered (policy,process,people,technology,etc) You sometimes have problems getting from technical analysis to a decision You sometimes have problems getting from technical analysis to a decision

I have the technical analysis done…now what? Preliminary steps: Reality check with others inside/outside (compliance issues, expense, staff time) Reality check with others inside/outside (compliance issues, expense, staff time) Survey the landscape (who is affected, how big a change is required, etc) Survey the landscape (who is affected, how big a change is required, etc) Keep your management informed Keep your management informed

Now what? (cont’d) Collaborate with others to determine potential solutions Collaborate with others to determine potential solutions Communicate the risks and possible solutions widely Communicate the risks and possible solutions widely Build consensus on a solution or let people know the most likely solution Build consensus on a solution or let people know the most likely solution Sell your management on the need to make a change Sell your management on the need to make a change

Making change palatable If possible, make it easy to comply If possible, make it easy to comply Communicate “why” for the change Communicate “why” for the change Expect a few complaints…be diplomatic & courteous Expect a few complaints…be diplomatic & courteous Over-communicate big changes...until everyone is tired of hearing about it Over-communicate big changes...until everyone is tired of hearing about it Expect change to take longer than anticipated Expect change to take longer than anticipated

Security Decisions: Balancing usability vs complete security Don’t burn bridges if the decision doesn’t go your way Don’t burn bridges if the decision doesn’t go your way Don’t expect to get support for every decision Don’t expect to get support for every decision Educate others on the “why’s”…use the misfortune of others Educate others on the “why’s”…use the misfortune of others Be a trusted teamplayer Be a trusted teamplayer Listen to the view of others Listen to the view of others How you handle today’s issue will influence if people trust you on tomorrow’s How you handle today’s issue will influence if people trust you on tomorrow’s

Example: Windows desktop security settings The problem: High risk of Windows password cracking from the U network (XP pre- SP2 days) High risk of Windows password cracking from the U network (XP pre- SP2 days) Too many picky security changes to make from default settings Too many picky security changes to make from default settings No way for typical desktop user to know if they were at risk or compliant No way for typical desktop user to know if they were at risk or compliant Too hard to do the right thing Too hard to do the right thing

Windows Desktop (cont’d) The process: Require the settings by policy for computers that work with private data Require the settings by policy for computers that work with private data Script the 30 or so changes to the setting Script the 30 or so changes to the setting Get feedback for the proposed solution at technical and other meetings Get feedback for the proposed solution at technical and other meetings Enlist early adopters to show it works Enlist early adopters to show it works Collaborate w/auditors to use a version of the script to check settings Collaborate w/auditors to use a version of the script to check settings Sell management on why needed Sell management on why needed

More examples… Border filters Border filters P2P on wireless P2P on wireless Log collection and review Log collection and review Password rules Password rules Encryption of laptops Encryption of laptops VMware VMware IPv6 traffic on campus IPv6 traffic on campus

Result: Enjoy both the turkey AND the dressing

Questions?