IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
RISK ADVISORY SERVICES Green State IT Strictly Private and Confidential 29 September 2014 An initiative towards higher maturity for managing software.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
HIPAA Security Standards What’s happening in your office?
Secure Computing Network
IT Security Policies and Campus Networks Translating security policy to practical campus networking Sara McAneney IT Security Officer Trinity College Dublin.
Security Controls – What Works
Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Session 3 – Information Security Policies
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
New Data Regulation Law 201 CMR TJX Video.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SecureAware Building an Information Security Management System.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
SEC835 Database and Web application security Information Security Architecture.
Evolving IT Framework Standards (Compliance and IT)
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Maintain Ethical Conduct
1 Module: What Is Enviance? An Introduction to the Company, the System & this Training.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
Appendix C: Designing an Operations Framework to Manage Security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Statistics Canada1 Statistics Canada’s strategic approach to IT Security OECD Conference on IT Security Paris, April 19th and 20th, 2001 Dave Venables.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Chapter 8 Auditing in an E-commerce Environment
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
Information Security tools for records managers Frank Rankin.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security in Laurier Grant Li Wilfrid Laurier University.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
Cybersecurity - What’s Next? June 2017
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Health Care: Privacy in a Digital Age
IT Development Initiative: Status & Next Steps
Presentation transcript:

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer Trinity College Dublin 22/05/2007

Overview Creating the Security Policy The Implementation Dilemma What makes the Campus Environment Different? The Answer Case Study: Trinity College Dublin

Campus Networks and Security Cultural Resistance Gradual infiltration Acceptance Period of rapid catch up Maturity?

Policies Implemented 2006 *ECAR – Educause Centre for Applied Research IT Security Survey 492 Respondents

Creating the Security Policy ISO Relevant Legislation Organisational Environment Identify Assets Resources E.g. USICA Information Security Toolkit

Policy Main Policy Supporting policy areas: – –Internet use –System development etc

Implementation…. Governing Body Approval Communication to Users Translation to Operational Procedures Enforcement

Campus Implementation Difficulties Traditional ethos of free & open access to systems and information Diverse user base - Admin, teaching, research, grids, commerce, corporations, clubs, societies, college life, public guests Complex collaborative arrangements - institutions, individuals and industry Need to facilitate the rapid adoption of emerging & often immature technologies Diversity and decentralised management…

Traditional Implementation Management Area Head End User Area Head End User Policy Dissemination

University Structure Governing Body Committees Schools/Faculties Admin Areas Student Representatives Commercial Entities

Governing Body Admin Body Admin Areas End User Committees User Groups Committees Academic Body School/ Faculty End User Committees User Groups Student Body Student Society Student clubs End User Campus Company End User Research Affiliates End User

Helpful to Focus on Similarities with all Large Networks Provide High Quality, Flexible Services Protect Confidential data Protect against Internal and External Security Threats Comply with Legislation Contingency and Disaster Recovery Planning

Despite/Because of complexity and diversity vital to implement IT Security Framework Framework which facilitates & protects Goal

The Answer? Management Structure - Establish IT Security Governance/Management Structure Involve Stakeholders - Identify key stakeholders and involve in creating policy, encourage ongoing communication. High Value Assets - Identify core IT Assets and prioritise Segregation - Functional and Security Boundaries Flexibility – make provision for high risk activity - Research, new technology etc

Case Study: Trinity College Dublin July IT Security Policy Approved by College Governing Body Awareness Exercises - , Booklet, website Translation to Operational procedures Ongoing - Adoption of Security Technologies

Security Management System

Implementation- College IT Security Governance Governing Committee Autonomous Network End User Autonomous Network End User Trinity College Data Network Local Area IT Support reps End Users

Implementation Internal Agreements - Central computing department & local IT interests. Regular Communication Dissemination to IT Administration Staff & End Users Adoption of Technologies

Supporting Documentation Network Security Internet Use Use Authentication/Passwords Virus and Spam Software Development Data Backup Disaster Recovery Remote Access Third Party Access Legal Compliance Guidelines

Adopting Technologies Network Security– VPN, VLANs, Firewall, IDS, NAC,802.1x, guest network services, eduroam Host Security– Automatic Updates, Centrally Managed AV Enterprise Directory – secure Authentication Removal Insecure Protocols

Central Services Web, Mail, Proxy etc Teaching & General Research Student Services Autonomous Networks Specialized Production, Cash Registers etc Specialized Research Wireless Services Security Boundaries

Assessing the Progress Improved communications – move away from duplication of service Improved focus – strategic planning Incident Reporting Internal Audit – systems, applications, External Audit ISO27001 Certification

Future Challenges Exploding User Numbers – students/public on network, Guests, Eduroam Non traditional networked devices - PDA’s, phones, Xboxes, cameras, CEPOS Disappearing Network Boundary Rapid Adoption New technology Changing Threat profile Data privacy concerns – Help users protect their personal/financial data More important than ever to deal with these challenges via a strong IT Security Framework

References: ex.php ex.php

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.