Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security in Laurier Grant Li Wilfrid Laurier University.

Published byJason Conley Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security in Laurier Grant Li Wilfrid Laurier University."— Presentation transcript:

1

2 Information Security in Laurier Grant Li Wilfrid Laurier University

3 Agenda Challenges Incidents Approach

4 Challenges Constant penetration probes Various computer literate level users Academic freedom respect Limited resources Challenges Incidents Approach

5 Incidents Zero-day malware Phishing, spam In house software develop security Non hardened servers Challenges Incidents Approach

6 Challenges Incidents Approach Information Security Program Governance Technical Security Measures Training & Awareness Metrics SPIRIT Operations

7 Governance Goals:  Make information security a priority for Laurier (budget, resources).  Establish and manage an information security program.  Ensure information security is built into project management and software development practices. Current Status:  Information Security Policy approved and published. Information Security Policy  ICT Guidelines on Information Security posted on the web. ICT Guidelines on Information Security  Engaged Deloitte to conduct an assessment against the ISO27002 standard – addressing the findings. Next Steps:  Report on information security status (metrics, latest news, etc.) to senior management.  Develop Information Security documents according to ISO27002 framework.

8 Technical Security Measures Goals:  Ensure the Laurier community is protected against unauthorised access and damage from external agents.  Review and update on a regular basis. Current Status:  We have good virus, malware and threat detection systems at all layers in the computing value chain.  We update the systems constantly.  We reviewed current systems. Next Steps  Plan for update where needed.  Network segmentation.

9 Training and Awareness Goals:  Ensure the Laurier community keeps information security top of mind.  Provide the tools and training to keep individuals and departments safe. Current Status:  Have created a plan to provide training to everyone across the university.  Updated computersecurity.wlu.ca web page.computersecurity.wlu.ca  Monthly newsletters are distributed.  Conducted security awareness sessions in some departments. Next Steps:  Plan white phishing.

10 Metrics Goals:  Create a useful suite of metrics to track and report on our information security performance. Current Status:  We are reporting on:  # and type of information security incidents per month.  # security notes (potential warnings) from our external partners per month.  Vulnerability management report. Next Steps  ISO 27002 self assessment.

11 SPIRIT Security & Privacy Incident Response & Investigation Team Goals:  Implement a program to respond efficiently and effectively when a breach does occur. Current Status:  We saw and addressed small incidents.  Reviewed process and procedure written for the university scale incidents. Next Steps  Establish and train the team.  Conduct a Table Top and a full “War Game” exercise.

12 Operations Goals:  Continuously monitor and report on our information security status. Current Status:  We have good connections with Canada’s Cyber Command Centre, REN-ISAC, and security systems vendors.  Implemented TripWire to monitor and report access to critical systems.  Banner Security project kicked off.  Shopped around SIEM. Next Steps:  Identify and implement SIEM.

13 Questions? Grant Li (519) 884-0710 ext.2797 Fax: (519) 746-5790 Email: gli@wlu.ca

Download ppt "Information Security in Laurier Grant Li Wilfrid Laurier University."

Similar presentations

Information Technology Awareness Wayne Donald IT Security Officer.

Information Technology Awareness Wayne Donald IT Security Officer.
Program Management Office (PMO) Design

Program Management Office (PMO) Design
SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,

SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Similar presentations

Ads by Google