Northwestern University Information Technology Good Security is Good “Business” 08 April 2005.

Slides:

Advertisements

Similar presentations

CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.

Advertisements

To ensure quality instruction and educational success, NVC Information Technology is committed to delivering high quality technical leadership, resources,

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

© Prentice Hall CHAPTER 15 Managing the IS Function.

S UBSCRIPTION E NROLLMENTS U NDER T HE C AMPUS A ND S CHOOL A GREEMENT 5-license minimum order No institution-wide commitment Software Assurance optional.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Security Controls – What Works

Information Security Policies and Standards

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Current Information Technology Issues Norbert Mika NJ Mika Consulting Inc.

This Is Northwestern University Information Technology 2005.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Northwestern University Information Technology Information and Systems Security/Compliance February 2005.

Chapter 12 Strategies for Managing the Technology Infrastructure.

1 E-Discovery Changes to Federal Rules of Civil Procedure Concerning Discovery of Electronically Stored Information (ESI) Effective Date: 12/01/2006 October,

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Page 1 21 st Century Security: Convergence Collaboration and Competition?? April 5, 2005 Motorola.com Vice President and Chief Information.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Dell Connected Security Solutions Simplify & unify.

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

IS Network and Telecommunications Risks Chapter Six.

Playing Safely in the Cloud Marie Greenberg, CISSP, IAM, IEM Information Security Manager Virginia State Corporation Commission.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.

Emerging Security Trends & Technologies Presented by Santhosh Koratt Head Consulting & Compliance SecureSynergy Pvt.Ltd.

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

The Direction of Information Security and Privacy in State Government Presented by Colleen Pedroza Chief Information Security Officer California State.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

ORGANIZING IT SERVICES AND PERSONNEL (PART 1) Lecture 7.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

1 ITS STRATEGIC INITIATIVES Ken Orgill Assistant Vice Chancellor, Information Technology Services and Campus Chief Information Officer.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

Secure Services Shared Hosted MS Exchange 2010.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

 client  client/server network  communication hardware  extranet  firewall  hacker  Internet  intranet  local area network (LAN)  Network 

Information and Systems Security/Compliance

Phase 4: Manage Deployment

Information Security Program

Information Technology (IT) Department

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Higher Education Privacy Update

Network Security Best Practices

Technical Issues with Establishing Levels of Assurance

Agenda The current Windows XP and Windows XP Desktop situation

Information Technology Organization Overview RFP #220-05

Presentation transcript:

Northwestern University Information Technology Good Security is Good “Business” 08 April 2005

Northwestern University Information Technology Information and Systems Security/Compliance Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO Dave Kovarik Director Sharlene Mielke Disaster Recovery Roger Safian Information Security

Northwestern University Information Technology Dave Kovarik Office: (847) Sherman Ave., Evanston, Suite years in Information Security practice CISSP: Certified Info Systems Security Professional CISM: Certified Information Security Manager Information and Systems Security/Compliance

Northwestern University Information Technology Mission “Enable the University to Conduct Its Business in a Secure Mannner” Purpose “Maintain that delicate balance between service and security” Information and Systems Security/Compliance

Northwestern University Information Technology Primary Areas of Responsibility Security – Information Protection Services Compliance - Regulatory, University policy Disaster Recovery / Business Continuity Information and Systems Security/Compliance

Northwestern University Information Technology Business Defined…

Northwestern University Information Technology University “Business” Partnerships Research s Services Schools Finances Students Intranets, Internet… Can they be trusted? Alumni

Northwestern University Information Technology b Internet Every system must be secured Inside is almost as risky as outside Individual systems Intranet Intranet Data Center = Foundational Issues Ubiquitous connectivity PCs everywhere High mobility Are all assets protected? “Contingent” clients –Contractors –Vendors/consultants –Temporary users Links to partners, affiliates Diversity introduces Risk

Northwestern University Information Technology Trustees Schools Students Research Employees Regulatory & Client Demands Pressure mounting on universities to prove compliance with an increasing array of laws and regulations + Increasing demands for services = Security becomes ever more challenging. Web / Internet Databases Collaboration Wireless Mobile Devices Technologies StakeholdersLaws/Regulations Sarbanes-Oxley GLBA, HIPAA FERPA Patriot Act and more…

Northwestern University Information Technology Complexity Abounds

Northwestern University Information Technology Convergence We Are More Alike than Different… “You will be assimilated – resistance is futile.”

Northwestern University Information Technology 2005… Jan. 03 George Mason University Jan. 06 University of Kansas Jan. 18 Univ. of California, San Diego Feb. 02 Indiana University

Northwestern University Information Technology 2005… Mar. 11 Boston College Mar. 14 California State University, Chico Mar. 18 University of Nevada, Las Vegas Mar. 20 Northwestern University Mar. 28 University of California, Berkeley

Northwestern University Information Technology Why Are Universities Targets?

Northwestern University Information Technology Why Are Universities Targets?

Northwestern University Information Technology Why Are Universities Targets?

Northwestern University Information Technology What Can We Do? Passphrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

Northwestern University Information Technology Passwords The password is Passphrase

Northwestern University Information Technology Your passphrase Encrypted passphrase –Tf$/cgi3tcG.H Your passphrase –******** Matching them up –Does ******* == Tf$/cgi3tcG.H ?

Northwestern University Information Technology Sniffers Collects data –username and passphrase Widely available Available for many operating systems You won’t notice Often creates very large log files

Northwestern University Information Technology Passphrase Crackers Tools that “Crack” passphrases Widely Available Very efficient Uses system information Dictionary-based attack Has many rules for substitution

Northwestern University Information Technology Choosing a good passphrase Not based on personal information Don’t use anything in a dictionary Never tell it to anyone Change it regularly Your passphrase is like a toothbrush –Don’t share it, and change it when necessary

Northwestern University Information Technology NU,WPiP! Northwestern University, Where Parking is Plentiful!

Northwestern University Information Technology Passphrases You can find additional information on passphrases, , NetIDs, and related policies & guidelines at…

Northwestern University Information Technology What Can We Do? Pass-Phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

Northwestern University Information Technology Security Awareness The Prince of Paranoia says: If It Walks Like A Duck... Trust, But Verify Identity Theft – pay attention or pay dearly!

Northwestern University Information Technology Security Awareness Get Control! Junk mail – just trash it! Phishing… and now Pharming Privacy & Identity Theft

Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

Northwestern University Information Technology Self-Assessment Get & Stay Patched!!! Keep Anti-virus Current!!! Run Anti-Spyware - FREQUENTLY Run Analysis Tools – FREQUENTLY

Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

Northwestern University Information Technology Policy Compliance University Policies… Security, Privacy & Responsibilities Infrastructure Services Guidelines Best Practices

Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

Northwestern University Information Technology NUIT Services Academic Technologies / Bob Taylor Supports NU faculty members' instructional and research needs and supplies educational technologies and multimedia resources to the entire NU community.

Northwestern University Information Technology NUIT Services Administration & Finance / Steve Beck Provides administrative and financial support for other IT units in the pursuit of NUIT's mission.

Northwestern University Information Technology NUIT Services Computing Services / Dana Nielsen Acquires, supports, and maintains the computing platforms for NU's administrative, instructional, and research systems.

Northwestern University Information Technology NUIT Services Information Systems Architecture / Tom Board Oversees the design, maintenance, and improvement of University middleware

Northwestern University Information Technology NUIT Services iCAIR – International Center for Advanced Internet Research / Joe Mambretti Teams with international partners to accelerate innovation and enhance global communications through leading-edge Internet research and pre-production deployment.

Northwestern University Information Technology NUIT Services Management Systems / Betty Brugger Provides information systems support to assist University staff and faculty in the performance of business-related or administrative processes, primarily at the enterprise level.

Northwestern University Information Technology NUIT Services Technology Support Services / Wendy Woodward Educates the NU community on computing and network resources available on campus and over the Internet as well as new and changing technology at Northwestern.

Northwestern University Information Technology NUIT Services Telecommunications & Network Services / Dave Carr Designs, procures, installs, operates, and maintains the central voice, data, image, and video communication services for the NU network.

Northwestern University Information Technology NUIT Services The Collaboratory Project / Gary Greenberg A Northwestern University initiative that provides project consulting, training, and technical advice to teachers interested in using the Collaboratory to advance education.

Northwestern University Information Technology Back to the Beginning Competitive advantage – publicity is not necessarily a good thing Maximize profitability by minimizing loss Promote & preserve reputation

Northwestern University Information Technology Back to the Beginning Mandated by legislation – compliance minimizes vulnerability to adverse action Establishes “trust” required of partnerships It’s expected of a premier University

Northwestern University Information Technology ISS/C Information and Systems Security/Compliance Dave Kovarik (847) Sharlene Mielke (847) Roger Safian (847)