Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Amber LaFountain Project Archivist - Private Practices, Public Health Center for the History of Medicine Francis A. Countway Library of Medicine Harvard.

Crime and Security in the Networked Economy Part 4.

Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Security Controls – What Works

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Data Governance Data Architecture Data Development Database Operations Data Security Management Referene & MDM DW & BI Document & Content Mgmt Meta.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Persistent Digital Archives and Library System (PeDALS) A Guide for Wisconsin State Agencies.

Chapter 2 Modern Private Security

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Securing Information in the Higher Education Office.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

1. What is the DMCA? Digital Millennium Copyright Act. Signed into law in Provides the legal framework for copyright holders to claim copyright.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Electronic Records Management: What Management Needs to Know May 2009.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Chapter 3 Internal Controls.

HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA COMPLIANCE WITH DELL

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

An Educational Computer Based Training Program CBTCBT.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

Executive Invitation – Oracle Data Finder Service Oracle Corporation.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

IS Network and Telecommunications Risks Chapter Six.

The University of Georgia. /1002 Ensure that the University is appropriately managing risk to information assets and information services.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

J. Rick Mihalevich Dean of Information Technology Linn State Technical College June 18, 2009.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Chapter 4 Intranets and Extranets. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

1 Research Compliance at HMS: What is it Why it is important Who is involved How it affects you and how you can get help Postdoctoral Fellow Orientation.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Information Security Services. Overview  Administrative Systems Security  Legislative Requirements  SUNet Security  Individual Security Awareness.

Sorting out IT Policy at Poly U. Ron Heasley Will Krause Tim Logan Mary Schoeler.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

E-FINANCE CHAPTER 6 RISK AND CHALLENGES Risk and Challenges, V.C joshi (2004), E-finance Log into the future, 2nd Edition, Thousand Oakes, London, E-finance:

The Medical College of Georgia HIPAA Privacy Rule Orientation.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Chapter 2 Modern Private Security

Educause/Internet 2 Computer and Network Security Task Force

A New Model for Managing Data Security and Privacy

Securing and Protecting Citizens' Data

CompTIA Security+ Study Guide (SY0-401)

Understand mechanisms to control organisational IT security

Anatomy of a Common Cyber Attack

Presentation transcript:

Stanford Computer Security and You 

Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets and resources  Very complex and robust networking and computing environment

Internet  Internet environment is open, sharing, exploratory, experimental  Many information assets and resources  Distributed management  Can be “unsafe”

 Partner to protect Stanford information assets and resources while supporting the institution’s broad and relatively open access requirements  Works with:  Internal Audit  Networking  Risk Management  Office of General Counsel  Judicial Affairs  Residential Computing  Departments and Schools,  … and You! Information Security Services

Focus  Meet legal requirements  Improve individual security knowledge and awareness  Improve administrative systems security  Improve overall SUNet security

Legislation: Support Issues  FERPA  Protect private student information  HIPAA  Protect personal health information (PHI)  GLBA  Protect “banking” transaction information  SEVIS  Provide foreign student information  DMCA  Protect copyrighted information  California Law  May not use SSN as identifier  Must disclose compromise of private information Improve Administrative Systems Security

Awareness Campaign  Postcards sent to every employee  Web site securecomputing.stanford.edu  Student focus in Fall  Approaching Stanford  Packets on beds  Residence hall contest  Ongoing activities  Stanford 101  Communicating with returning students  Technical security training  Continuing to expand web site Improve Individual Security Awareness

Improve Application Security  Participate with the project and support teams  Design security infrastructure  Participated in security reviews Improve Administrative Systems Security

Categories of Data Criteria: Use these criteria to determine which data category is appropriate for a particular information or infrastructure system. A positive response to the highest category in any row is sufficient to place that system into that Category. Category A (highest, most sensitive) Category B (moderate level of sensitivity) Category C (very low, but still some sensitivity) Legal requirements Protection of data is required by law (see attached list for specific HIPAA and FERPA data elements) Stanford has a contractual obligation to protect the data Reputation risk High MediumLow Other Institutional Risks Information which provides access to resources, physical or virtual Smaller subsets of Category A data from a school, large part of a school, department Data about very few people or other sensitive data assets Examples  Medical  Students  Prospective Students  Personnel  Donor or prospect  Financial  Contracts  Physical plant detail  Credit Card numbers  Certain management information  Information resources with access to Category-A data  Research detail or results that are not Category-A  Library transactions (e.g., catalog, circulation, acquisitions)  Financial transactions which do not include Category-A data (e.g., telephone billing)  Very small subsets of Category A data Improve Administrative Systems Security

Firewall Architecture (c onceptual) Improve Administrative Systems Security

Institutional Efforts Today  Filtering extremely high-risk traffic at the border  Proactive scanning  Security alerts  Sampling all five Internet feeds Improve Overall SUNet Security

Significant Security Payoff Improve Overall SUNet Security

Individual Efforts Today  Set good passwords on all machines  Keep NetDB entries current  Patch appropriately  Practice security at appropriate levels for the data you’re working with 

Beyond Today  Continue to improve Stanford security  Health check  Patch management  Education What’s Next

Contact Information: and Contact Information: and How We Can All Help Protect Stanford’s Information Resources  Be aware  Keep your systems clean and healthy  Lead by example