STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

IT Retreat 2009 IT Security Controls and Initiatives.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.

NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

CMS Fall Forum Fall 2003 November 18, 2003 Lorraine Frost.

Computer Security: Principles and Practice

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Addressing Information Security at Heller October 16, 2013 secureHeller.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

IT:Network:Microsoft Applications

Internet Security In the 21st Century Presented by Daniel Mills.

Website Hardening HUIT IT Security | Sep

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Masud Hasan Secue VS Hushmail Project 2.

GS1 US INITIATIVES UPDATE MARCH 18, GS1 STANDARDS MAKES IT POSSIBLE 2 SAFETYSECURITY VISIBILITYEFFICIENCY COLLABORATION To apply standards to business.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.

1 NETWORK PLANNING TASK FORCE “ FY ’06 FALL SESSIONS ” 10/03/05.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

SPH Information Security Update September 10, 2010.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Shibboleth: An Introduction

Strong Authentication Project Update for NPTF 4/21/2008.

TIF-Security Update Robert Ono, IT Security Coordinator October 2010.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

HAZARD MITIGATION PLAN UPDATE LOCAL EMERGENCY PLANNING COMMITTEE.

AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Frontline Enterprise Security

Certification Learning Network February 2,

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

FY ‘08 NETWORK PLANNING TASK FORCE Rate Setting

ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

12/15/20031 Network Planning Task Force “Consensus Building: Final Rate Setting for FY ‘05”

NETWORK PLANNING TASK FORCE FY ‘08 Planning Session I 1.

TECHDOTCOMP SUPPORT TECHDOTCOMP nd Ave, Seattle, WA 98122, USA Phone:

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Managed IT Services JND Consulting Group LLC

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Sean Moriarty, Oswego State CTS 2016 Cyber Security Update

Proposed Information Security Policy Changes

MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING

Cybersecurity Strategy

IT Development Initiative: Status and Next Steps

Auburn Information Technology

HIPAA Standards Update

Implementing Client Security on Windows 2000 and Windows XP Level 150

In the attack index…what number is your Company?

Fy ‘08 NETWORK PLANNING TASK FORCE

Presentation transcript:

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE

NPTF Meeting dates 2 February 18-Operational review (Completed) April 21- Security strategy session (Completed) July 21-Updates & planning discussions (Completed) August 11- Strategy discussions (Completed) September 15- Security strategy discussion October 6- Strategy discussions/preliminary rates (ADDED) October 20- Strategy discussion November 3- FY’10 Finalize rate setting

Today’s Agenda 3 ■ Security Strategy Discussions ■ Security Planning Today ■ Defense in Depth ■ Prevention ■ Risk Assessment Update ■ Increase Efficiency ■ Proposed 3 Year Plan

Security Planning Today 4 ■ Continue to evolve a security strategy and plan ■ Goal: Find ways to say “yes” while minimizing risk, reducing vulnerabilities, and the overall cost of security

Security Planning Today 5 ■ Rolling 3 year plan ■ Defense in depth ■ Prevention ■ Update Risk Assessment ■ Increase Efficiency

Defense in Depth 6 ■ Continue to expand layers of defense ■ Maintain and enhance a robust security infrastructure ■ Strengthening PennKey Project ■ Central Authorization ■ Supplement strong authentication with logging and anomaly detection

Prevention 7 ■ Continue to increase user awareness ■ Leverage Learning Management System to deliver security awareness and training to broad community ■ Focus awareness on phishing in FY09 ■ Policies and controls ■ SSN policy ■ SPIA ■ Infrastructure and tools ■ Strengthening PennKey Project ■ Central authorization ■ Laptop encryption

Risk Assessment Update 8 College Opportunity and Affordability Act of 2008 Phishing Lost and stolen devices

Increase Efficiency 9 ■ Reduce costs to affiliate with third party systems ■ Shibboleth ■ Central authorization - centrally managed groups ■ Replace GRADI with RT-IR

Proposed 3 Year Plan 10 FY09 Focus Risk Assessment Behavior Changes Strengthen PennKey Passphrases Cosign FY10 Focus Risk Assessment Strengthen PennKey 2 factor FY11 Focus Risk Assessment Anomaly Detection FirmEvolving

Proposed 3 Year Plan FY ‘09 11 ■ SPIA Cohort 3 ■ Phishing awareness ■ Tips, articles, warnings ■ Online Privacy and Security Training ■ Staff & Faculty, followed by LSPs ■ Central Authorization Service (PennGroups) ■ Fall 08 general availability ■ Hard Drive Encryption ■ PGP selected, Volume license agreement ■ Shibboleth ■ Q4 FY09 ■ Streamlining PennKey

Proposed 3 Year Plan FY ’09 12 ■ RT-IR ■ New tracking system for ISC Information Security Team ■ Strengthening PennKey ■ Cosign replacing websec ■ Passphrases replacing passwords ■ SecureShare ■ Secure web based file sharing tool ■ Scanning ■ Considering Rapid7 NeXpose to replace ISS ■ Security Liaisons ■ SSN Compliance

Proposed 3 Year Plan FY ‘10 13 ■ SPIA ■ 2 Factor Authentication ■ Authentication Logging ■ Hard Drive Encryption for Laptops ■ Strongly encouraged for all laptops ■ Evaluate DKIM (Domain Keys Identified Mail) to mitigate spam & phishing ■ Strengthen 3rd party phishing filtering and broaden adoption ■ Explore technical measures to combat illegal file sharing

Proposed 3 Year Plan FY ‘11 14 ■ SPIA ■ Anomaly Detection ■ Policy governing storage of, and access to, University Data from machines not owned by Penn

Discussion 15