Presentation is loading. Please wait.

Presentation is loading. Please wait.

Soft Selling Tough Issues

Published byDale Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Soft Selling Tough Issues"— Presentation transcript:

1 Soft Selling Tough Issues
Sheri Thompson, IT Communications & Planning Officer & Brian Nichols, Chief Information Security Officer Copyright Sheri J. Thompson & Brian Nichols, This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

2 About LSU

3 IT @LSU First CIO hired in April 2005; VCIT in 2008
IT organization “reorganized” in September 2005 Office of CIO (HR/Finance, Security/Policy, Communications/Planning) 4 divisions (NI, RE, UIS, USS) Flagship IT Strategy Community-authored 10 key recommendations Secure and safeguard integrity of infrastructure and information Develop communications channels

4 IT Security & Policy@LSU
Established IT Security and Policy Office in Fall 2005 Appointed LSU’s first Chief IT Security & Policy Officer 9 FTE’s Commissioned external security audit LSU IT security rated “Fair” - no glaring holes, but … 94 recommendations for improvements in policy and practice IT Security and Policy addressed in the Flagship IT Strategy (FITS) Essentially, a call to follow the audit recommendations

5 IT Communications @LSU
After FITS completed, focus changed to communications 1.5 full time designers (ITS Webpages, IT marketing, IT publications) 2 student workers (IT marketing) Funding from STF

6 What about your college?
Do you have an IT Security/Policy function? Do you have an IT Communications function? How do you communicate policies?

7 Tough Issues DMCA/RIAA Network Security Virus Protection Data Breaches
Identity Theft

8 Why Are There Tough Issues? “Typical” College IT Environment
Extremely “open” by culture and tradition 25,000 – 75,000 networked devices Hardware and software deployed diverse Usually first to implement new technologies…..before matured Networked systems being probed continually for vulnerabilities

9 DMCA/RIAA Legislation enacted by Congress in 1998; HEOA 2008
Educate users about current state of copyright law as it applies to file sharing and to keep up to date on changes to legislation Preventative measures to ensure proper use of peer-to-peer (P2P) applications LSU Student Government provides legal music service via Ruckus

10 Network Security/Virus Protection
ILOVEYOU, May 2000 ~$5.5 billion in damages Approximately 24 hours, ~10% of all computers connected to Internet SQL Slammer, January 2003 ~75,000 systems within 10-minutes Blaster, August 2003 Over 100,000 systems in first week ~1.2 million in damages Storm BotNet, January 2007 ~10 million systems Zombie botnet

11 Data Breach Overview Huge problem nationally for colleges and universities In the Chronicle weekly On the rise again….. 65 publicized security breaches in 2006 112 publicized security breaches in 2007 ~150 publicized security breaches in 2008 to date Explanation for increase New organizations devoting more attention to IT security? States with breach notification laws that prohibit institutions from keeping security incidents private? Simply more breaches? Out of pocket cost to victims $500 – $1,500

12 Louisiana Notification Law
Signed by Governor in July 2005; effective January 1, 2006 Requires notification to any Louisiana resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person as a result of a security breach Notification should be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement

13 Identity Theft Averages among 18-24 years old: $8,248 fraud amount
139 days fraud lasts 123 days to detect 56 days to resolve 69% committed by friend or acquaintance 54% self-detected

14 What about your college?
What are your tough issues? How do you address them?

15 Take the ball and run with it.

16 Strategy & Tactics Variety of Issues Audiences Responsibility
Threat levels Accountability ROI Variety of

17 Where Do I Begin? Assess your resources
What talent do you have available to you? What funding? What media? Delivery mechanisms? Who looks where? Establish priorities What messages are important? To whom? When?

18 Focus on Students Largest population (highest incidents) Best ROI
More apt to change?

19 Resource Creativity* Talk is cheap– visit dorms, student groups, classes Student workers are usually affordable Become someone’s pet project (marketing student group? Service learning?) Ask your neighbors (Student Life may have $$$ and/or resources) Free-sources What else? *Doing Something with Nothing

20

21 Meet Tad

22

23 Phishing Attacks Zombie Computers Credit Monitoring
Identity theft Phishing Attacks Zombie Computers Credit Monitoring

24

25

26

27

28

29

30

31 Virus Protection Physical Security
Network security Virus Protection Physical Security

32

33

34

35

36

37 Encryption Credit Monitoring
DatA breaches Encryption Credit Monitoring

38

39

40

41 DMCA/RIAA Legal Ramifications

42

43

44

45 References Federal Trade Commission, ID Analytics, Privacy Rights Clearinghouse Educational Security Incidents (ESI) Javelin Strategy & Research April ‘06 “The Demographics of Identity Fraud”

46 sjt@lsu.edu bnichols@lsu.edu
Questions?

Download ppt "Soft Selling Tough Issues"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Identity Theft. Identity Theft – Some Basics affects 12-15 million people per year keeps increasing each year most common items exposed during a data.

Identity Theft. Identity Theft – Some Basics affects million people per year keeps increasing each year most common items exposed during a data.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.

Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author.

Information Security Office 1 Copyright Statement Copyright Mary Ann Blair This work is the intellectual property of the author.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Similar presentations

Ads by Google