Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fy ‘08 NETWORK PLANNING TASK FORCE

Published byDouglas Carson Modified over 5 years ago

Similar presentations

Presentation on theme: "Fy ‘08 NETWORK PLANNING TASK FORCE"— Presentation transcript:

1 Fy ‘08 NETWORK PLANNING TASK FORCE
Information Security Looking Forward

2 NPTF Meetings – FY ‘08 1:30-3:00pm in 337A Conference Room, 3rd floor of Walnut Street Process Intake and Current Status Review – July 16 Agenda Setting & Discussion – September 17 Strategy Discussions – October 1 Security Strategy Discussions – October 29 Security & Other Strategy Discussions – November 5 Prioritization & FY’09 Rate Setting – November 19

3 NPTF Meetings – FY ’09 February 18-Operational review
April 21- Planning discussions June 2- Security strategy session July 21-Strategy discussions August 4- Strategy discussions September 15- Preliminary rates/security October 6- Strategy discussion November 3- FY’10 Rate setting

4 Today’s Agenda Security Strategy Discussions Security Planning Today
Prevention Defense in Depth Increase Efficiency Proposed 3 Year Plan

5 Security Planning Today
Have a security strategy and plan Rolling 3 year plan Focus on prevention (not reactive) Defense in depth Goal: Find ways to say “yes” while minimizing risk, reducing vulnerabilities, and the overall cost of security

6 Prevention Continue to increase user awareness Policies and controls
Leverage Learning Management System to deliver security awareness and training to broad community 75% of data breaches are caused by user error1 Policies and controls SPIA Infrastructure and tools Next generation PennKey Central authorization Laptop encryption 1. "Taking Action to Protect Sensitive Data", IT Policy Compliance Group, Feb, 2007

7 Defense in Depth Continue to Expand Layers of defense
Build and maintain a robust security infrastructure Next generation PennKey Central Authorization Supplement strong authentication with logging Security Event Management in place at 45.8% of peer institutions1 Consider building upon logging initiative with fraud detection 1. "Taking Action to Protect Sensitive Data", IT Policy Compliance Group, Feb, 2007

8 Increase Efficiency Reduce costs to affiliate with third party systems
Shibboleth Central authorization - centrally managed groups

9 Security Approaches Implemented by Doctoral/Research (DR) Institutions1
1. Safeguarding the Tower: IT Security in Higher Education EDUCAUSE Center for Applied Research

10 Proposed 3 Year Plan FY ‘08 SPIA LSP Training SSN Policy
New Employee Awareness Central Authorization Service (PennAccess) Hard Drive Encryption PennNet Gateway Pilot File Sharing Policy Shibboleth GRADI / Remedy integration

11 Proposed 3 Year Plan FY ‘09 SPIA System Administrator Awareness
Annual Security Awareness strongly encouraged for all staff Next Generation PennKey Desktop & Server HIPS Logging Service Intrusion Detection (local) Local systems begin to utilize central authorization Plan database encryption and logging Investigate central SSN vaulting

12 Proposed 3 Year Plan FY ‘10 SPIA
Annual Security Awareness for all faculty Database Encryption Policy Central SSN Vaulting Service Recommended Application Security Testing Tools Always-on Critical Host Scanning Database Logging Logging Service Fraud detection

13 Discussion

Download ppt "Fy ‘08 NETWORK PLANNING TASK FORCE"

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

SALSA-NetAuth Joint Techs Vancouver, BC July 2005.
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.
Chapter 2 Securing Network Server and User Workstations.

Chapter 2 Securing Network Server and User Workstations.

Similar presentations

Ads by Google