Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works
Information Security Policies and Standards
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Controls for Information Security
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Security Standards in Higher Education Presented by: Karen Eft, IT Policy Manager University of California, Berkeley Robert Ono, IT Security Coordinator.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Information Security Update CTC 18 March 2015 Julianne Tolson.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
. Safety means first aid to the uninjured. Area Instructional Labs and Facilities Instructional Desktops /Notebooks 1 Non-Instructional Desktops /Notebooks.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Note1 (Admi1) Overview of administering security.
STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
TIF-Security Update Robert Ono, IT Security Coordinator October 2010.
Chapter 2 Securing Network Server and User Workstations.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Computer Policy and Security Report to Faculty Council Jeanne Smythe ATN Director for Computing Policy March 26,2004.
Personal data protection in research projects
Information Security tools for records managers Frank Rankin.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Presented by Martin Šimek Ransomware, Internet of Things and Botnets vs. Control.
Proposed Information Security Policy Changes
Tim Carter Sales Director Sybase Confidential Propriety.
Secure Software Confidentiality Integrity Data Security Authentication
Capabilities Matrix Access and Authentication
Introduction to the Federal Defense Acquisition Regulation
Tim Carter Sales Director Sybase Confidential Propriety.
I have many checklists: how do I get started with cyber security?
Information Security Services CIO Council Update
ISMS Information Security Management System
Identity & Access Management
12 STEPS TO A GDPR AWARE NETWORK
How to Mitigate the Consequences What are the Countermeasures?
Implementing Client Security on Windows 2000 and Windows XP Level 150
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
PLANNING A SECURE BASELINE INSTALLATION
Designing IIS Security (IIS – Internet Information Service)
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010

Security Tools Update Incident response plan unit template released in 2009 Audit log practices – training in September 2010 Physical security – new security template released in 2009 Security awareness training – 2010 system-wide workgroup Equipment release - multi-function printing device guidance released to campus/UCDHS in 2010 Web application security vulnerability scanning – security lifecycle development training in August 2010

2010 Cyber-safety Policy Revisions Clarify mobile devices integration within CS standards Broaden reference to “computers” to include mobile devices Require firmware updates for mobile devices Remove AV requirement for mobile devices Require mobile devices to use at least a four character password, where available Require mobile devices to support remote wipe capability, where available Modify annual survey items to include mobile devices Modify annual survey password references to include passphrases

Recommended Cyber-safety Survey Revisions Update definition of “restricted information” Existing definition: Restricted information is defined as data that is considered sensitive to some degree and may include personal information or information whose unauthorized access, modification or loss could seriously or adversely affect the university. Proposed definition: Restricted information describes any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit. (BFB IS-3, 5/20/2009)

2010 Cyber-safety Survey Items SOFTWARE PATCHES AV Software Removal of insecure services Secure authentication PERSONAL INFORMATION PROTECTION* Firewall Services* PHYSICAL SECURITY* Open relays Proxy services AUDIT LOGS* BACKUP/RECOVERY* Security training* Anti-spyware* EQUIPMENT RELEASE* INCIDENT RESPONSE PLAN* WEB APPLICATION SECURITY* 2009 survey items Underline: needed improvement areas

Cyber-safety Survey Schedule October through December 2010: Survey data collection January through February 2011: Analysis and reporting to units, as appropriate March 2011: Reporting to CS oversight committee, Technical Infrastructure Forum and Campus Council for Information Technology April 2011: Report to Chancellor’s cabinet

Continued Support of Organizational Effectiveness Web application scanning service Anti-malware licensing Computer host vulnerability scanning and reporting Intrusion prevention capability at network border Network firewalls at network border Authentication services and identity and access management Personal identity information scanner – licensed for Windows and Mac OS X InCommon certificates for SSL Encryption for with restricted content Forensic investigation and reporting assistance