1. Leaders’ Forum, March 16, 2006
The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information

2. The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information
Today’s Speakers:
Arni Stinnissen, Detective Staff
Sergeant, Electronic Crimes Section
OPP
Debbie Jones, Director of
Information Technology, Western

3. IT Security @ Western is a shared responsibility
Debbie Jones
Director,
Information Technology Services

4. Photos courtesy Flickr.com

5. Western’s Layered Security

6. Gateway Routers Provides routing and denial of routing by IP or port
Block certain Denial of Service attacks
Block port based scans
Blocks attacks against specific ports such as , some microsoft ports and sql database ports

7. Gateway Intrusion Protection
Can block or log traffic by IP, port, pattern or protocol
First line of defense against new viruses
Identifies certain traffic patterns and automatically blocks
Detects and automatically blocks on-campus and off-campus scanning or network problems

8. Firewall Registered Services Ensure protocol integrity
Restrict what machines on campus receive special traffic ( , ftp, http, database requests..)
Ensure protocol integrity
Allows for fine grained rules for accepting or rejecting specific types of traffic
Customizable for different networks on campus

9. Trend Antivirus Email Scanner
Rejects certain types of attachments that are high risk of carrying malicious code
Detects viruses in incoming s and strips the virus attachment off

10. Anti Spam Technology
Spam can be a nuisance (like junk mail), or a threat laced with viruses, malware, phishing or links to unsavoury web sites
Western’s spam control
Of the 8.3 million connections per week, 68% were rejected and a further 5% were tagged as SPAM

11. Spam Tagging

12. Ramp Provides locking and unlocking of infected systems on campus
Provides the setting of service specific protection
Provides systems administrators with a quarantined network for new or infected machines
Provides systems administrators access to security scans

13. Trend Antivirus Anti-Spyware
Campus wide license
Protects PC’s from known viruses and malware
ITS Server automatically updates 4,800 PCs at Western
8 servers in other areas update another 3,000 PCs
PC-cillin is on 7,000 home computers and 5,000 residence computers

14. Operating System Patches
Operating Systems are vulnerable and hackers continually find new ways of ‘sneaking in’
Patches close the vulnerabilities to prevent them from being exploited by hackers and worms
ITS server automatically sends patches to over 5,000 desktops on campus

15. Protecting Western ITS Network Security office nso@uwo.ca
Responsible for maintaining a secure and stable network and data infrastructure for campus.
Implements and supports the ‘many layers’ of protection
Monitors network activity for anomalies and deals with problems
Responds to security incidents or calls for help
Makes new tools available to campus
ITS Computer Wellness Clinics
Laptops and computers may be brought to the clinic to be cleaned of viruses and malware (by appointment, weekdays 8:30-4:30)
Book an appointment by ing
System Administrators all around campus
All of the heros across campus that maintain and protect computers with appropriate anti-virus software and security patches.

16. Working Group on Information Security (WGIS)
Members provide broad expertise and input into IT Security Issues
Graduate students Campus system administrators Faculty members Information Technology Services USC PeopleSoft Resource Group Office of the Registrars Housing Internal Audit Campus Police General Counsel Research Services Human Resources Communications and Public Affairs
Terms of reference include:
Responsibility for drafting and recommending IT security policies
Responsibility for IT security awareness on campus started “ Computer Wellness Campaign” last September

17. Western Policies Provides structure
Establishes campus wide practices and understanding
Clarifies roles
Assigns responsibility
Empowers Information Technology Services, Unit Heads and Systems Administrators to protect the network integrity and security

18. Excerpts - Computing Resources Policy
Information Technology Services shall be responsible for establishing, maintaining, implementing, administering, and interpreting organization-wide information systems security standards, guidelines, and procedures.
Unit Heads, including Directors, are responsible for ensuring that security policy is implemented within the unit.
System Administrators will work closely with ITS and ensure that systems they administer are operated in accordance with all applicable Information Security Standards and Policies
Any person, group, or custodian accessing University information must recognize the responsibility to preserve the security and confidentiality of this information.

19. Computer Wellness Campaign
Website
Posters in Middlesex College, USC, Office of the Registrar, Libraries, Genlabs, all Food Services Areas & Residences
Poster set as background in the Genlabs & the Sun Rays in the Western Libraries.
Film Western airing the poster at the beginning of each film.
CHRW Audiozine and advertisements
Mass Mailer sent to all Western Students, Staff & Faculty
Articles in the Western News and Gazette
Links off

28. Western’s Layered Security

29. How can you protect Western?

30. How can you protect Western?
Understand the policies and best practices
Read the Security related policies and best practices at
MAPP 1.13 Code of Behaviour for use of Computing Resources
MAPP 1.20 Computing Resources Security
MAPP 1.21 Wireless Networking Policy
Visit the Computer Wellness Site at for more information

31. How can you protect Western?
Ensure your system is protected
Your system should always be protected with the latest anti-virus software and security patches. Think of it as a seatbelt and….
Buckle up!
Know who is responsible and can help you if the system is not protected or has been compromised (or locked off the network)

32. How can you protect Western?
Don’t download freeware at work
It may not be as ‘free’ as you think. Spyware, malware, trojans & keystroke loggers are often hidden within ‘freeware’.
Remember Don’t take gifts from strangers!
If you need additional software installed, contact your Systems Administrator for assistance

33. How can you protect Western?
Don’t surf suspicious websites
Limit your web surfing to known University or commercial websites.
Always X out, don’t click ‘OK’ or ‘NO’ or ‘unsubscribe’
Practice safe and responsible surfing

34. How can you protect Western?
Use strong passwords
Keep your passwords in a secure place
Avoid common words: hackers can crack dictionary passwords
Passwords are like underwear
They protect privacy
They should never be shared
The longer, the better

35. How can you protect Western?
Protect the data you use
Think before storing, publishing or sharing data
Is the data sensitive?
Does it need to be portable?
Who should see it?
How have you protected it so that only those that should see it have access?
Mobile data on laptops and USB keys is at risk - Leave it, Lose it.

36. How can you protect YOUR information?
Recognize phishing and don’t fall for it
Phishing can come through s or web sites
Phishers are getting better, scams are getting trickier to detect
Be suspicious when personal or private information is involved and Don’t Get Phished
When in doubt, ask

37. And let’s not forget your Home Computer!

38. It’s the Internet - Expect the unexpected
What’s next?
It’s the Internet - Expect the unexpected

39. Thank you! Arni Stinnissen - Arni.Stinnissen@jus.gov.on.ca
Debbie Jones -
Questions?

40. Discuss what stood out for you
The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information
Table Dialogue:
Take 15 minutes to
Discuss what stood out for you
Formulate a question to pose to Arni or Debbie
Thank you to Arni and Debbie:
With your table facilitators, please
Take 15 minutes to
Discuss what stood out for you
Formulate a question to pose to Arni or Debbie
1:35 Facilitate the Q & A session, handing the microphone to Arni or Deb as appropriate.
1:50 Hand over to Dr. Davenport for his reflections (see next slide and Dr. Davenport’s notes)
At 1:57, thank Dr. Davenport and continue with the last 3 slides.

41. (President and ViceChancellor)
The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information
Paul Davenport
(President and ViceChancellor)
- Reflections…
Thank you, Gitta:
(7 minutes)
What stood out for me as I listened…
Before I hand back to Gitta to close the meeting, I’d like to take this opportunity to thank ITS, the Working Group on Information Security, the Computer Wellness Campaign Group, and you as leaders for the effort to keep Western’s vital information and intellectual property safe. In particular, I’d like to thank Ellen Smout of ITS, who has been central to this work and has contributed behind the scenes on the presentations we had today.
Ellen is unable to be here today as planned because her father, Dr. Marvin Smout, passed away on March 11; the family was holding its memorial reception at Museum London over the lunch hour today.
Dr. Smout was a memorable figure in the Western community and in the London community. He received his M.D. from Western and taught here from He was Chief of Anatomic Pathology at Victoria Hospital for 25 years, and , in his time, taught pathology to over 2,400 Western students. We extend our condolences to Ellen and her family.
(Hand back to Gitta)

42. The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information
Inform staff
Establish safeguards
Approve data access
Deal with security violations
Communicate to HR, ITS, etc. any staff changes that affect access
Create a contact list of people responsible for all computers in your area
Identify to ITS your technical contact (System Administrator) and a supervisory contact

43. The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information …Next Steps
To Support Your Leadership Role:
See your “Meeting in a Bag” kit -- some resources
for ensuring your unit teams know about the risks,
ways to minimize them, and their accountabilities.
Thank you for your leadership in keeping
Western’s data, Western’s work, and Western’s
people safe!

44. Thank You… Computer Wellness Committee
Elgin Austen
Jim Dunkin
Wendy Kennedy
Scott May
Geoff Pimlatt
Peggy Roffey
Ellen Smout

45. Thank you… Forum Facilitators:
Carol Abraham Stephanie Hayne
Jennifer Ashenden Brian Jeffs
Krys Chelchowski Ruta Lawrence
Chris Costello Scott May
Debra Dawson Graham Newbigging
Frank DeGurse Peggy Roffey
Andrew Fuller Malcolm Ruddock
Paul Greenwood Nancy Stewart
Lori Gribbon Glen Tigert
Nancy Griffiths Peggy Wakabayashi

46. Next Leaders’ Forum
April 27, 2006,
12:00-2:00 p.m
Great Hall