STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch.

Slides:



Advertisements
Similar presentations
Welcome To Presentation on Holistic Information Security Management.
Advertisements

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
DATA BREACHES IN HEALTHCARE BY CHUCK EASTTOM
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
2014 Leadership Lunch & Learn Series “SECURITY FROM THE TOP DOWN”
It’s Time to Upgrade Your Thinking Q1 & Q2 Cyber Breaches Source: Identity Theft Resource Center, 7/2/ breaches with over 8.5 million records.
Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
Security Computing Practices Plamen Martinov Chief Information Security Officer.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
APA of Isfahan University of Technology In the name of God.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
How Safe Is Your Mobile Information? Issues and Safeguards for Mobile Devices Dan Morrissey, CHSP Catholic Health Initiatives Fourteenth National HIPAA.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Slide 1 Tomorrow’s Technology and You Chapter 10 Computer Security.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
Talking points Attacks are more frequent, more aggressive, require more time to repair and prevent Machines get compromised in 2003 for the same reasons.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Database Vulnerability And Encryption Presented By: Priti Talukder.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
SPH Information Security Update September 10, 2010.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Small Business Security Keith Slagle April 24, 2007.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
NetTech Solutions Protecting the Computer Lesson 10.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Information Security: Current Threats Marc Scarborough Information Security Officer
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.
Chapter 7. Identifying Assets and Activities to Be Protected
Team 1 – Incident Response
Network Security Analysis Name : Waleed Al-Rumaih ID :
Infrastructure as a Service
Forensics Week 11.
Today’s Risk. Today’s Solutions. Cyber security and
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Implementing Client Security on Windows 2000 and Windows XP Level 150
School of Medicine Orientation Information Security Training
Presentation transcript:

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Desktop Security Strategy Common Solutions Group September 19, 2006 Bill Clebsch

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06page 1 Agenda Why Do Universities Need Firewalls? What are the Other Methods? What Is Stanford’s Firewall Design? How Does the R1 Community Proceed?

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 2 How are Universities Targeted? ● tracks data breaches reported since the ChoicePoint incident, February 2005 ●Between 2/15/05 to 2/20/06 there were 125 incidents reported, 53 million records compromised ●46% of these incidents were at colleges/universities ●The breach pattern at colleges/universities 65% hacking 21% stolen computers 10% exposed online/sent 4%dishonest insider

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 3 What Is The Cost of An Incident? The Cost of Incidents ●Breach of medical privacy award against U of WV: $2.3M ●Privacy settlement for Mental Health Provider: $3.5M ●Fundraising at Ohio University drops in response to security breaches: 25% reduction in donations (May-June 2005 vs 2006) The Cost of Incidents at Stanford ●Campus-wide [non-destructive] infection: ($2M) ●Credit card data: Next incident (~1.6M) ● shut down: missed grant deadline: (Much bigger) ●Stolen laptop: 5 donors notified: (Priceless) What is the Experience at Your School ?

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 4 Steps to Secure Stanford’s Network SolutionWhat It DoesWhy Do We Need More? Network Self Registration Only clean machines can register to the network Prevents “sick” machines from registering to the network – protects against an “inside out” attack Still vulnerable to malicious attacks (whether internal or external) A point-in-time guarantee that the machine was clean BigFix Keeps machines clean, automatically Automatically distributes and installs critical security patches to Microsoft machines Voluntary program, not all computers covered (just getting to students) Data Center Firewalls Data Center resources are protected Protects applications and data located inside the Data Center, primarily used for administrative applications and data Departmental data not in Data Center still at risk o Departmental Firewalls Resources inside defined perimeter are protected Protects applications and data within boundaries of defined perimeter (eg: department, internet, students, etc.) and allows custom, flexible, solutions for different environments Restricted data may still need to be encrypted And we can add IDP Are You Taking Similar Steps?

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 5 What Does the Firewall Solution Look Like?

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 9/19/06September 2006 Common Solutions Group Meetingpage 6 What are the Best Ways to Protect University and Personal Desktops & Laptops?