Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Florida Incident Tracking and Reporting Kathy Bergsma

Published byIyana Cobb Modified over 9 years ago

Similar presentations

Presentation on theme: "University of Florida Incident Tracking and Reporting Kathy Bergsma"— Presentation transcript:

1 University of Florida Incident Tracking and Reporting Kathy Bergsma kbergsma@ufl.edu

2 About UF Land-grant institution Research, education, and extension Over 50,000 students Over 50,000 network nodes First dedicated IT security position in 1999. Now 4 FTE.

3 Your Institution How many are from institutions with greater than 30,000 students? Is your institution de-centralized? Does your institution… have incident response standards and procedures? track IT contacts? track incidents? deliver incident reports?

4 Contact Tracking Contact database Network managers Server managers Information Security Managers Information Security Administrators Much more

5 UF Incident Response Standard http://www.it.ufl.edu/policies/security/uf-it-sec-incident- response-rewrite.html An incident is “an event that impacts or has the potential to impact the confidentiality, availability, or integrity of UF IT resources.” Describes eight incident response steps from discovery to resolution Establishes UF Incident Response Team and their responsibility Defines Unit responsibility Specific procedures for each incident type

6 Incident Identification Sources IDS Email abuse complaints Flow data Honeypots

7 Incident Tracking Critical fields tracked IP address Unit Incident type Incident severity Time to contain Time to resolve

8 Ticket Creation Manual: Web form interface to Remedy on the backend. Some fields such as contacts are automatically populated Semi automated: Batch processing scripts for ircbots or IP lists Fully automated: Daedalus home-grown automated ticket creation.

9 Daedalus Message processor using threat configs Input IDS event Flow event Email notification Output Remedy ticket Email notification

10 Incident Resolution Daily reports to UF incident response team identifying open tickets Bi-weekly automated reminders about open tickets to ticket owners

11 Vulnerability Detection Continuous Nessus top-20 scans Results tracked in SQL No Remedy ticket because next scan will usually identify resolution Recidivism reports identify unresolved vulnerabilities.

12 Incident Reports Cover letter includes Request to update contact information List and description of graphs General campus trends Link to detailed ticket information Confidentiality statement Periodic survey of report value

13 Incident Reports Each of the following graphs compares the unit to the 5 most active units: Number of incidents Number of incidents adjusted for unit size Average number of days to contain incidents Number of critical vulnerabilities Number of critical vulnerabilities adjusted for unit size

14 Incident Reports Number of each incident type Comparison of current semester to same semester last year of: Number of incidents Average days to contain Number of critical vulnerabilities

15

16

17

18

19

20

21

22 Executive Incident Summary Table listing all units Total Number of Incidents Containment Time Total Number of Vulnerabilities

23 Survey of Report Value Of the units that responded to the survey: 100% found reports useful 85% approved of report frequency 46% made changes to their information security program as a result of the reports Ways in which the reports are used: 33% compliance review 26% risk assessment 22% strategic planning 19% budget planning

24 Survey of Report Value Cause of incident increase or decrease: 34% awareness and training 21% policy and procedures 21% security infrastructure 14% security staff 10% other 100% were familiar with UF policy Degree of policy compliance 57% very compliant 36% mostly compliant 7% somewhat compliant

25 Questions? Thank you, Kathy Bergsma kbergsma@ufl.edu

Download ppt "University of Florida Incident Tracking and Reporting Kathy Bergsma"

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Www.regoconsulting.comPhone: 1-888-813-0444 Interface Strategies and Methods.

Interface Strategies and Methods.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.

Your Logo Here An Administrative Framework for the Blackboard Academic Suite Presented By Chris J Jones University of Oklahoma HSC April 13, 2005.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology.

UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology.
Remedy HelpDesk Remedy HelpDesk IACC Presentation.

Remedy HelpDesk Remedy HelpDesk IACC Presentation.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.

1 Network Quarantine At Cornell University Steve Schuster Director, Information Security Office.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, 2006. This work is the intellectual property of the authors. Permission.

Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google