Presentation is loading. Please wait.

Presentation is loading. Please wait.

OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Coordinators Meeting May 25, 2016 Information Security Office

Published byBartholomew Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Coordinators Meeting May 25, 2016 Information Security Office"— Presentation transcript:

1 OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Coordinators Meeting May 25, 2016 Information Security Office infosecurity@utdallas.edu Education – Partnership – Solutions

2 OFFICE OF BUDGET AND FINANCE Information Security Office Program Update Presented by Nate Howe Education – Partnership – Solutions

3 OFFICE OF BUDGET AND FINANCE Information Security Office  Budget cuts required for administrative units  Continue to offer all key services  Identify business partners to augment capacity as needed Restructuring Education – Partnership – Solutions

4 OFFICE OF BUDGET AND FINANCE Information Security Office  Received several requests from campus  Conducted Request for Proposal (RFP) to evaluate leading providers  Preferred solution as a result of testing is LastPass  Draft proposal under review by senior management, stay tuned Password Vault Education – Partnership – Solutions

5 OFFICE OF BUDGET AND FINANCE Information Security Office  250+ security personnel from various Texas agencies  Presentations available at the DIR websiteDIR website  We can help you network and solve problems together Texas DIR Information Security Forum Education – Partnership – Solutions

6 OFFICE OF BUDGET AND FINANCE Information Security Office  August 10-11; streamed to web  Requests for topics you would like presented?  Presentations you would like to deliver? UT INFOSEC Conference Education – Partnership – Solutions

7 OFFICE OF BUDGET AND FINANCE Information Security Office Full Disk Encryption Presented by Jeff Reynolds Education – Partnership – Solutions

8 OFFICE OF BUDGET AND FINANCE Information Security Office Why Are We Doing This?  To protect valuable data in support of the University's mission  Compliance with UT System policy – UTS165  Compliance with regulatory requirements – HIPAA, FERPA Education – Partnership – Solutions

9 OFFICE OF BUDGET AND FINANCE Information Security Office Why Are We Doing This? HIPAA “Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.” Education – Partnership – Solutions

10 OFFICE OF BUDGET AND FINANCE Information Security Office Why Are We Doing This? FERPA “This letter is for the purpose of notifying your office that the Monadock Regional School District had a data breach event involving the theft of a laptop from the residence of one of our employees.” Education – Partnership – Solutions

11 OFFICE OF BUDGET AND FINANCE Information Security Office Objectives  Completeness – whole disk or partition encryption  Accountability – reporting to provide assurance a machine is still encrypted  Recovery – key escrow  Implied objective: must ensure the usability of the system Education – Partnership – Solutions

12 OFFICE OF BUDGET AND FINANCE Information Security Office Past Efforts Education – Partnership – Solutions

13 OFFICE OF BUDGET AND FINANCE Information Security Office Current Methodologies  Rely upon OS native encryption when possible  If 3 rd party software is used, keep it simple  Maintain security and compliance, but do not exaggerate the scope of encryption Education – Partnership – Solutions

14 OFFICE OF BUDGET AND FINANCE Information Security Office Current Methodologies Bitlocker ISCrypt Education – Partnership – Solutions

15 OFFICE OF BUDGET AND FINANCE Information Security Office ISCrypt  Uses FileVault2, integrated with OS X  Lightweight reporting client  Easy to use web console for escrow  172 Macs currently encrypted with ISCrypt Education – Partnership – Solutions

16 OFFICE OF BUDGET AND FINANCE Information Security Office ISCrypt  New Macs can be put on ISCrypt today  Existing Macs with SecureDoc may be converted to ISCrypt by either: Uninstall SecureDoc, then install ISCrypt Format / reinstall OS X  Machines already encrypted with FileVault2 can be manually added to the ISCrypt server Education – Partnership – Solutions

17 OFFICE OF BUDGET AND FINANCE Information Security Office ISCrypt Demonstration Education – Partnership – Solutions

18 OFFICE OF BUDGET AND FINANCE Information Security Office Documentation  More information available on Confluence: https://confluence.utdallas.edu/confluence/x/8BHzAQ https://confluence.utdallas.edu/confluence/x/8BHzAQ  ISCrypt for Linux is ready for testing  Contact infosecurity@utdallas.edu for more information or to volunteer to help testinfosecurity@utdallas.edu Education – Partnership – Solutions

19 OFFICE OF BUDGET AND FINANCE Information Security Office Any questions? Education – Partnership – Solutions

20 OFFICE OF BUDGET AND FINANCE Information Security Office Future of SecureDoc Presented by Nick McCormick Education – Partnership – Solutions

21 OFFICE OF BUDGET AND FINANCE Information Security Office Update on the future of SecureDoc  Improved stability using native encryption methods instead of SecureDoc  ISO will continue to support SecureDoc for legacy machines  Technicians might want to start removing SecureDoc from legacy machines when working on them  Technicians encouraged to stop installing SecureDoc on new machines; we will be removing ability to do new installs at the end this month Education – Partnership – Solutions

22 OFFICE OF BUDGET AND FINANCE Information Security Office Phishing Incident Response Presented by Nick McCormick Education – Partnership – Solutions

23 OFFICE OF BUDGET AND FINANCE Information Security Office Background  The campus receives roughly 12 unique phishing scams each week which were not prevented by the e-mail filters  Users often detect the phishing scams and report them to the ISO  A few times each year, users fall for a convincing scam… Education – Partnership – Solutions

24 OFFICE OF BUDGET AND FINANCE Information Security Office OFFICE OF BUDGET AND FINANCE

25 OFFICE OF BUDGET AND FINANCE Information Security Office OFFICE OF BUDGET AND FINANCE 25

26 OFFICE OF BUDGET AND FINANCE Information Security Office Current ISO Response  Receive phishing reports from proactive users  Perform analysis to confirm whether the reported e-mail and/or website is malicious  Block malicious links at the Internet firewall  Notify Internet domain owner or Internet Service Provider of potential compromised server  Link blocking only protects on-campus users Education – Partnership – Solutions

27 OFFICE OF BUDGET AND FINANCE Information Security Office Ongoing Risk  Users may still fall victim to malicious emails and links if connecting to the Internet from home or mobile device  Average exposure of 24 hours before the malicious site is taken down Education – Partnership – Solutions

28 OFFICE OF BUDGET AND FINANCE Information Security Office So what can ISO do? The idea… Specialists confirm that a phishing e-mail and/or malicious link has been received by UT Dallas users Management from ISO and OIT work together to approve a containment and cleanup task An automated script removes the malicious email from the inbox of each person targeted by the message Is this feasible? Yes, ISO collaborated with OIT and developed a proof-of-concept script Education – Partnership – Solutions

29 OFFICE OF BUDGET AND FINANCE Information Security Office Concerns about privacy?  Users tell ISO about it phishing scams; we are not reading through user e-mails to find malicious ones  Approval process including both ISO and OIT management  Documentation will be kept each time the incident response script is used Education – Partnership – Solutions

30 OFFICE OF BUDGET AND FINANCE Information Security Office Feedback? Concerns? Education – Partnership – Solutions

31 OFFICE OF BUDGET AND FINANCE Information Security Office Web Application Scanning Update Presented by Dalton Brown Education – Partnership – Solutions

32 OFFICE OF BUDGET AND FINANCE Information Security Office Web Application Scanning Update  We are still scanning applications as we always have! – Firewall Change Requests, Ad hoc requests, etc.  Scanning has begun on the web cluster – We have broken things up into sections based on department, and can continue dividing as needed – We are reaching out to owners of the different areas to schedule scans – If you haven’t heard from us, but want to get a schedule in place, email infosecurity@utdallas.eduinfosecurity@utdallas.edu Education – Partnership – Solutions

33 OFFICE OF BUDGET AND FINANCE Information Security Office Identity Finder Presented by Dalton Brown Education – Partnership – Solutions

34 OFFICE OF BUDGET AND FINANCE Information Security Office Identity Finder  Why do we need it? – Data loss has serious financial and reputational consequences for any institution – universities are no different  $225 per record, $398 per medical record – Data needs to be properly protected – and local workstation hard drives are not the best solution – Better assists us in understanding where we need to concentrate our efforts  So what exactly is Identity Finder? Education – Partnership – Solutions

35 OFFICE OF BUDGET AND FINANCE Information Security Office Identity Finder  Identity Finder is a disk scanner – Uses signatures to detect SSNs, credit card information, and other signature matches – Matches are not a bad thing – helps people decide if they want to keep or destroy the data – Loss of records is costly, and more notifications within Identity Finder means more places to lose them – Data that matches signatures should be placed in secure central locations – such as network shares or box.com with proper permissions applied. Education – Partnership – Solutions

36 OFFICE OF BUDGET AND FINANCE Information Security Office Identity Finder  Approach 2.0 – Lessons learned from past deployment and usage – Use Identity Finder selectively on high-risk machines – Analysts are going to work through reports on a department-by- department basis – Relationship with Encryption Status – Old Clients – We will update those – Advise best practices for device upkeep and data storage Education – Partnership – Solutions

37 OFFICE OF BUDGET AND FINANCE Information Security Office Identity Finder  Project Info – Timeline  Early summer – rebuild Identity Finder infrastructure using the latest versions  Mid-to-late summer – begin initial departmental engagements starting with the highest risk areas – You do not have to do anything at this time – Let us know if you’d like us to help find confidential data in your department Education – Partnership – Solutions

38 OFFICE OF BUDGET AND FINANCE Information Security Office Education – Partnership – Solutions

39 OFFICE OF BUDGET AND FINANCE Information Security Office Education – Partnership – Solutions

Download ppt "OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Coordinators Meeting May 25, 2016 Information Security Office"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security

Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Network security policy: best practices

Network security policy: best practices
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services

Similar presentations

Ads by Google