Northwestern University Information Technology System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern.

Slides:



Advertisements
Similar presentations
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy Telerik QA Academy.
Security Controls – What Works
CSA 223 network and web security Chapter one
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
SYSchange for z/OS By Pristine Software April 2009 Thomas Phillips April 2009 SYSchange Pristine Software.
IBM Security Network Protection (XGS)
Software Asset Management
Patch Management Strategy
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
An Introduction to AlarmInsight
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
HIPAA COMPLIANCE WITH DELL
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Proposed mid-term Security Strategies for CERN Prepared by ad-hoc working group members: Lionel Cons, Francois Fluckiger, Denise Heagerty, Jan Iven, Jean-Michel.
Computer Science and Engineering 1 Cloud ComputingSecurity.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Chapter 6 of the Executive Guide manual Technology.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Assurance Policy Tim Shimeall
Neil Sanderson 24 October, Early days for virtualisation Virtualization Adoption x86 servers used for virtualization Virtualization adoption.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Engineering Essential Characteristics Security Engineering Process Overview.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Chap1: Is there a Security Problem in Computing?.
Module 2: Designing Network Security
Chapter 8 System Management Semester 2. Objectives  Evaluating an operating system  Cooperation among components  The role of memory, processor,
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Network management Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Managed IT Services JND Consulting Group LLC
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Serving IT up with ITIL By Thane Price. IT is the laboratory’s pit crew  Goal : Make technology transparent while accomplishing valuable internal customer.
Managed IT Solutions More Reliable Networks Are Our Business
Understanding The Cloud
Cybersecurity - What’s Next? June 2017
Working at a Small-to-Medium Business or ISP – Chapter 8
Design for Security Pepper.
System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern University Information Technology.
LAND RECORDS INFORMATION SYSTEMS DIVISION
Nlyte for Colocation Providers
Automating Security in the Cloud
County HIPAA Review All Rights Reserved 2002.
INFORMATION SYSTEMS SECURITY and CONTROL
Specialized Cloud Architectures
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Computer Science and Engineering
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Northwestern University Information Technology System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern University Information Technology

A real-time enterprise is too complex to manage with our current methods. To keep users productive, to avoid security breaches, and to meet overall expectations we need new approaches and tools. About the “Real-Time Enterprise” Application availability Information integrity Transaction transparency Thesis:

Northwestern University Information Technology About System Management Goal: User productivity Measured by: –Predictable and reliable transactions –Confident security of all information assets –Minimal application downtime While enabling: –Efficient operations –Effective application of resources

Northwestern University Information Technology Item: Transaction Transparency For a single user transaction, all expected secondary transactions between systems take place without intervention “Real-time” means the time it takes for the user to move between systems that are affected by the transactions

Northwestern University Information Technology Transaction Transparency

Northwestern University Information Technology How: Service-Oriented Architecture Virtual application integration “Structured application architecture” defines services and eases maintenance

Northwestern University Information Technology Item: Information Integrity Authoritative information is current Current information can be accessed in real-time (what is the fund balance?) Consistent data item semantics Data capture is reliable and audited Business Continuity requirements call for frequent restore points –Can we lose one (day’s, hour’s) transactions?

Northwestern University Information Technology Threats to Information Integrity & Security Lack of security awareness Poor software configurations Exploitation threats Compromised identities Poor Business Continuity practices –Information sensitivity –Legal requirements –Opportunity risks –Open file permissions –Open preset accounts –Weak or non-existent passwords –Unpatched software –Unlocked file cabinets –Social vulnerabilities –Post-It™ password reminders –Auto-login settings –Shared NetIDs –No information backup process –No off-site backups –Too infrequent backups

Northwestern University Information Technology Answers to Information Integrity Threats Lack of security awareness – education; newsletters; required quiz before access Poor software configurations – desktop scanning; controlled intrusion attempts Exploitation threats – education; auto scanning of ; desktop scanning Compromised identities – common identity and reduced sign-on; two-factor methods Poor Business Continuity practices – education; audit reports; table-top drills

Northwestern University Information Technology Item: Application Availability Most important: user-perceived availability –Up-time –Response time Service provider availability –Up-time outside of maintenance windows –Response time –Simultaneous sessions Transaction transparency makes any service only as reliable as the weakest link

Northwestern University Information Technology Measuring Availability Users want:99%= 87 hours down/year = 15 minutes/day Provider (6hr maint. / week (312 hrs/yr): 99% = 85 hours down/year = 14 minutes/day = 95% to user Provider: 15 down hrs/year = 99.8% User: 15 down hrs / year = 99.9%

Northwestern University Information Technology Availability is Measured End-to-End We must measure availability, performance, response time, etc., end-to-end. –This quantifies perceived experience –Requires monitoring the complete application path Transaction measurements and trends are more important than volume metrics –Instead of how many – what was the wait? –Instead of worst response time – distribution and trend of response times

Northwestern University Information Technology Threats to Application Availability Physical Malicious code Denial-of-Service Poor software quality assurance Poor capacity planning If an application is available this hour, then what must we do to ensure that it is available next hour?

Northwestern University Information Technology Threats to Application Availability

Northwestern University Information Technology Capacity - Monitoring is Crucial Time Response Time or Transaction Time SLA goal Perceived Take corrective action? What is the interval?

Northwestern University Information Technology Dealing with Peak Demands Time SLA Actual Demand Idle Capacity Excess Capacity Static provisioning for peak demand leaves resources idle. Conservative estimates create excess capacity. Both contribute to increased costs. Transactions / unit

Northwestern University Information Technology Dynamic Provisioning End-to-End Measurement

Northwestern University Information Technology Using Dynamic Provisioning Idle Capacity Dynamic provisioning for peak demand reduces idle capacity and eliminates over capacity. Result: cost savings. Allocated pool capacity Time SLA Actual Demand Transactions / unit

Northwestern University Information Technology Answers to Availability Threats Physical – redundancy and diversity Malicious code – vulnerability scanning and intrusion detection Denial-of-Service – session behavior modeling Poor software quality assurance – new development methods and regression testing Poor capacity planning – load testing, monitoring and dynamic provisioning

Northwestern University Information Technology Work In Progress Continuing requests for load testing and regression testing software ITCS is experimenting with dynamic provisioning and end-to-end monitoring software Dormitory scanning software is under study for possible wider deployment ADC working on data access policies and role-based security frameworks Identity management system replacement

Northwestern University Information Technology Summary The University will become a real-time enterprise under a Service Oriented Architecture Information integrity and real-time access are vital to support distributed business processes User productivity will be dependent upon many inter-operating systems – a single degraded service will affect processes throughout the University

Northwestern University Information Technology Summary (con’t) We need increased security awareness and systems to automatically detect and remediate threats – the network must defend itself This new environment will overwhelm “seat of the pants” monitoring or uncoordinated approaches End-to-end monitoring, dynamic provisioning, software authoring tools, and move-to- production testing tools are necessary for NUIT to be both proactive and efficient

Northwestern University Information Technology Questions?