Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale 2006. This.

Slides:

Advertisements

Similar presentations

Cyber Security Haunted House: Creating a New Approach to Reach Students Kenneth Janz Director, Center for Instruction, Research, and Technology Indiana.

Advertisements

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Wireless & Mobile in the Library Indiana State University Library Ralph Gabbard, Judy Tribble, Paul Asay, Chris Hayes Copyright Ralph Gabbard, Judy Tribble,

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.

Copyright Princeton University This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.

Copyright Ellen C. Ramsey and Ryan P. Looney This work is the intellectual property of the author. Permission is granted for this material to be.

Copyright Sylvia Maxwell and Michael White, This work is the intellectual property of the author. Permission is granted for this material to be shared.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.

Miller, K., Roderick, T., & Zvacek, S. – Educause, 2004 Collaborating to Create Collaborative Learning Environments Kent E. Miller, Libraries Thomas Roderick,

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.

Innovation and Outcomes: Voices of Experience Purdue University Calumet Midwest Educause Conference Monday, March 13, 2006 Heather L. Zamojski: Course.

Selecting a Business Intelligence Standard for Higher Education Mid Atlantic Educause Conference Baltimore, Maryland Baltimore, Maryland January 10, 2006.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Copyright 2008, Elizabeth A. Evans. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.

IT Strategic Planning From Technical Dreams to Institutional Reality

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Security Awareness: Taking the Medicine and Liking It Shirley C. Payne Director for Security Coordination University of Virginia EDUCAUSE Conference October.

Cheryl Ast Project Team Leader, Administrative Computing Services (949) EDUCAUSE Southwest Regional Conference University of.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Center for Instructional Technology James Madison University Strategies for Transitioning to the Age of Digital Media Sarah E. Cheverton James Madison.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

Classroom Technologies Re-organization Copyright Kathy Bohnstedt, This work is the intellectual property of the author. Permission is granted for.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

Lynette Olson, Assessment & Effectiveness Director & Gary Langer, Associate Vice Chancellor, Office of the Chancellor, Minnesota State Colleges and Universities.

Herding CATS: the Community of Academic Technology Staff Lou Zweier, Director CSU Center for Distributed Learning The California State University NLII,

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Please Note: Copyright –David L. Snellman This work is the intellectual property of the author. Permission is granted for this material to be shared.

ASK ME The ASK ME Program Putting Support at the Center: A New Model for Help Desk Staffing Presented By: Ann Genovese and Kathy Gillette George Mason.

1/17/07 1SCC-SSM Supporting Academic Needs: A Strategic Customer Care Sustainable Support Model Educause Mid-Atlantic Regional Conference 2007 Paul Halpine.

Higher Education and the New International Imperative David Ward President American Council on Education Global Challenges and Higher Education Duke University.

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

The "How" and "Why" of a Large-Scale Wireless Deployment  March 3, 2004  EDUCAUSE Western Regional Conference Sacramento, CA Copyright Philip Reese,

Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.

Taking Cyber Security Awareness to the Street Community Aware.

University of Washington Educational Partnerships and Learning Technologies Student Consultants Unleash the Power Karalee Woody Director, Student Access.

Copyright Copyright University of Washington This work is the intellectual property of the author. Permission is granted for this material to be.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.

An Assessment of the TA Web Certification Program: Four Years of Supporting the Use of Instructional Technology at the University of Minnesota Brad Cohen,

Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.

Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.

Improving the Social Nature of OnLine Learning Tap into what students are already doing Tap into what students are already doing Educause SWRC07 Copyright.

A Cat-Herding Tale Forging a Single Course Management System for a Decentralized Institution Copyright Abdul Shibli, 2004.This work is the intellectual.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

2007 Carnegie Mellon University 1 Copyright Kelley Anderson and Mary L. Pretz- Lawson, This work is the intellectual property of the authors. Permission.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.

Copyright James Kulich This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.

Portfolio Assessment: “If it Can’t be Measured, it Can’t be Managed” Walt Sevon Director, Classroom & Learning Technologies Co-Director, Technology Systems.

Julian Hooker Assistant Managing Director Educause Southwest

Educause Learning Initiatives (ELI) January 20-22, 2009

myIS.neu.edu – presentation screen shots accompany:

EDUCAUSE Networking 2002 Washington, D.C. April 17, 2002

Presentation transcript:

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

What this presentation will cover Background information on VCU Driving forces for our Security Program Getting Started Tips for quickly starting a Security Program VCU Security Program – Experiences and Examples Summary

VCU Background Information Virginia Commonwealth University Located in Richmond, Va. Monroe Park Campus MCV Campus 29,000 students – 4,000 in VCU housing 9,000 faculty/staff

VCU Information Technology Environment Central IT – Technology Services Separate IT Structure for Hospital Additional IT staffs in some schools Replacing IBM MF with SCT Banner on Sun/Solaris Critical servers (350) in the VCU Computer Center Scan indicates 600 addition servers on network At least 10,000 PC’s connect to the network Network – Primarily Cisco, mostly fiber Wireless in some parts of Campus

Driving forces Federal, State Mandates – HIPPA, FERPA,SEC 501 Lack of coordination of security efforts Various cyber attacks Loss of productivity due to security incidents News of incidents at other universities

Getting Started Form a Security Program Development Team – Key decision makers in IT initially – High level security expertise – Keep group small (4-6) Weekly Meetings for review & discussion Start with an existing program or standards Set a completion goal of 6 weeks

Tips for developing a Security Program – Don’t start from scratch – use other programs NIS, SANS, Educause, Universities VASCAN - – Consolidate all existing security activities into Security Program – Address what you can first – Iterative process – Get initial plan out quickly – Prioritize security activities based on current needs

Tips – Continued Create Partnerships -- Seek Sponsors IT Professionals Forum & Intranet Site Desktop Management Groups Emergency Response Team Campus Police Human Resources Information Systems Professors Other Universities Vendors

Tips Continued – Security Team Search for technical staff showing an interest in security Work with managers to allocate time Team size - 4 to 5 FTE equivalents Develop action items from Security Program to be assigned to Security Team

Tips Continued – IT Security Web Site Search your web for existing security related material Develop a role base security web site – Students – Faculty and staff – Technical staff Sections for Communicating Security Program, Policies, and Standards Links to other Security Sites

Tips Continued – Understand your environment What are your network devices? How many servers and PC’s are on your network? Who manages these devices? Evaluate current protection – IDS, IPS,AV Use regular scans to monitor environment

Tips Continued – Managed network environment Server Consolidation Single Mail System Directory Services – AD, Novell Desktop Management Software Authenticate access to network Change Management

Tips Continued – Simple Risk Assessment Initially Define Sensitive Data Categories Simple list of questions Interview process – 1 hour Follow up in 1 week with report

Tips Continued – Security Awareness Make it fun and interesting Integrate it with current HR and student processes Policy and role based training material Multimedia approach to training material Provide materials for others to use

Review Security Program Development Team Quick results – build on other plans Create partnerships Draw security team from interested staff Consolidate existing security web content Know environment, then manage it Use a simple security assessment tool Security Awareness key – make it interesting

Summary Make your security program an integral part of your organization. Use other projects and initiatives to help drive security in your organization. Have others champion parts of your security program. Make it truly a shared program made up of many partnerships between your security staff and other parts of your organization.

Questions?

Additional Material – VCU Security Program - Components Authentication, Authorization and Encryption Business Analysis & Risk Assessment Business Continuity Planning Data Security Incident Handling Monitoring and Controlling System Activity Physical Security Personnel Security Security Awareness Security Tool Kit Systems Interoperability Security Technical Communications Technical Training Threat Detection