Incident Response CSG September 2004 Harvard University.

Slides:

Advertisements

Similar presentations

Page 1 Organize for Success IST Organization Design January, 2013 MALCOLM BERNSTEIN CONSULTING.

Advertisements

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Security and Personnel

David A. Brown Chief Information Security Officer State of Ohio

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Security Controls – What Works

Public Safety & Institutional Assurance COMMUNICATING EXCELLENCE TOGETHER 2011 INDIANA UNIVERSITY COMMUNICATIONS & MARKETING CONFERENCE.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

This Is Northwestern University Information Technology 2005.

University of California, Davis1 Draft Wireless Network Policy Administrative Computing Coordinating Council September 10, 2001.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Information Systems Security Officer

CSU Chico Web Site A Unified approach to Governance, Management, and Accessibility.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

I NDIANA U NIVERSITY C A N N I N G S P A M A T Copyright Notice Copyright Merri Beth Lavagnino, Marsha Waren, and Rick Jackson, This work is the.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Streamlining IP Registrant Identification, Notification, and Blocking for Threats in the Wild Tom Jagatic and Merri Beth Lavagnino Indiana University.

1 Mark Bruhn Indiana University IT Policy Officer.

Peer Information Security Policies: A Sampling Summer 2015.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

The Scales of Justice Balancing Policy and Law Against Expectations in Real-Life Computer Abuse Cases.

SEC835 Database and Web application security Information Security Architecture.

A NASSCOM ® Initiative DSCI-KPMG Survey 2010 State Of Data Security and Privacy in the Indian Banking Industry Vinayak Godse Director- Data Protection,

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Using Windows Firewall and Windows Defender

Programs Involving Children Policy University Office of Public Safety.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

IT Security and Policy Issues Mark Bruhn University IT Policy Officer Office of the Vice President for Information Technology Indiana University.

Information Technology Study Fiscal Crisis and Management Assistance Team (FCMAT) Las Virgenes Unified School District Presented By: Leslie Barnes Steve.

Podcasting Institutional Policy and Management Issues A Case Study Indiana University Garland C. Elmore Deputy CIO and Dean Beth Van Gordon.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Note1 (Admi1) Overview of administering security.

UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Report on the Reorganization of UITS IT Leaders Program 13 June 2007 Presented by the Indiana University Cohort Debby Allmayer Human Resources Officer.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Pro-active Security Measures

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

IT Services Model Business Requirements IT Strategies Goals

Computer Policy and Security Report to Faculty Council Jeanne Smythe ATN Director for Computing Policy March 26,2004.

Technology Services Division Rebecca Stilling Deputy Director.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

Installation and Maintenance of Health IT Systems Unit 8a Troubleshooting; Maintenance and Upgrades; and Interaction with Vendors, Developers, and Users.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Incident Response Christian Seifert IMT st October 2007.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

1 Federal Emergency Management Agency Charlie Hoffman Disaster Operations Directorate Chief, DEC Programs Disaster Emergency Communications National Public.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Shared Services and Third Party Assurance: Panel May 19, 2016.

OPRC Level 3 Spill Management Roles & Responsibilities.

Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.

February 3, 2009 Bridging Academic and Medical Cultures Academic Research Systems and HIPAA William K. Barnett Anurag Shankar.

Mark Bruhn Indiana University IT Policy Officer

Information Technology (IT) Department

Information Technology Organization Overview RFP #220-05

Presentation transcript:

Incident Response CSG September 2004 Harvard University

What is it? Response to pre-defined (or not) technology events by applying pre-defined (or not) policies and procedures. All campuses have incident response functions, formal or informal.

IT Events Abuse Misuse Security Service complaints

Organization issues Leader Authority Charter Scope Incident categories Rules of engagement per category Action Team – dedicated or distributed Support team – PR, legal, etc. Procedures

Iterative Response Proactive – defining the response capability Proactive – detection Proactive – prevention Reactive – receipt/triage Reactive – incident tracking Reactive – incident resolution Reactive – post mortem

Chief IT Security and Policy Officer Michael McRobbie VP/CIO, VPR Office of the Vice President for Information Technology and Chief Information Officer Indiana University 09/01/2004 Chief of Staff/ Communications and Planning Officer Finance Officer Human Resources Officer AVP for Telecommunications AVP for University Information Systems AVP for Research and Academic Computing AVP for Teaching and Learning Info Technologies University Information Technology Services Regional Campus CIOs Adam Herbert President Campus Chancellor

Mark Bruhn Chief IT Security and Policy Officer Christine Conklin (B) Tammy Grubb (B) Rose Ann Hasty (B) Barbara Hanes (I) Chasadee Castillo-Soto (I) Incident Response Tom Jagatic (B) Jason Abels (I) Robb Whitt (B) Linda McNabb Admin Asst Tom Davis IT Security Officer Michael McRobbie VP/CIO, VPR IT Security Office Andrew Korty (I) Sean Krulewitch (B) *Marge Abels (B) Dave Monnier (B) Dave Greenberg (I) Vacant (B) Cross-Unit Recovery Planning Team Laura Klein Manager, IT Accounts Admin Stacie Wiegand Data Administrator Marge Abels Disaster Recovery Program Manager Merri Beth Lavagnino Deputy IT Policy Officer Information Protection CID/CDS Support REN-ISAC Support CACR Support Information Technology Policy Office Office of the Vice President for Information Technology and Chief Information Officer Indiana University 09/01/2004 Doug Pearson Dir, REN-ISAC

ITSO Highly capable in various technologies Detection (netflow, etc.) Create auto-processes that distribute vulnerable or likely compromised host lists, daily  ITPO Strategic prevention (firewall, border filters, etc.) Consults with computing dept or departmental technicians on security and security issues and options Works with the computing department on infrastructure security (security CDs, device registration, etc.)

ITPO Less technical – more coordinative (is that a word?) Handles all manner of IT abuse, misuse, and security incidents Develops and administers IT policies, including security policy (of course, w/Security Officer) Interprets and defends policy for individuals and departments Assesses recommended security controls or actions against user/functional issues (e.g., privacy) Works in web-based incident response application and database (RT -- Request Tracker) Works to locate specific misbehaving devices Administer tactical filters (dhcp lease blocks, disabling data jacks and usernames, etc.) Interacts with department technicians and individual users about issues with specific devices Reviews and works through lists from ITSO Coordinates large responses with computing dept units and department technicians Works to identify specific misbehaving individuals, based on complaints/allegations Passes technical evidence to appropriate campus offices for action

So… …the IU philosophy is to dedicate security engineers to complex and difficult technical problems, and have them pass information along to, and interact with, the incident response staff Unless some new vulnerability/exploit is evident –IU security engineers never work on p2p file sharing issues –IU security engineers do not have to work on student behavior issues –IU security engineers do not worry about spam and spam filtering –IU security engineers do not have to interact with specific students or staff about problems on their specific computers –Etc.