Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Published byGeorge Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015."— Presentation transcript:

1 Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015

2 Information Security Confidential MSU Information Security Vision and Mission Statement Vision Diminish IT security risks to an acceptable level and become the most effective IT function; enable the University to make informed decisions based on risk. Mission Design, implement and maintain an information security program that protects the University’s resources against unauthorized use, modification and loss. Establish a practical information security program that enables MSU to be the best public research University in the world. 2

3 Information Security Confidential Two-Factor Goals Safe guard MSU employee data Safe guard MSU HR/Payroll and Finance data Provide additional security on EBS applications to prevent susceptibility to phishing attacks 3

4 Information Security Confidential Information Security Risks for MSU 4 Who’s perpetrating breaches? How do breaches occur? What commonalities exist? *Verizon Data Breach Investigations Report – 2013 (+) Is an increase of 10% or greater from last year (-) Is a decrease of 10% or greater from last year

5 Information Security Confidential Payroll Incident Summary 5 Millions of attempts to hack into MSU computer systems every day (>20 million prevented during month of May 2014) Millions of SPAM and phishing scams every day, some faculty, staff, and students take the bait Current safeguards in place: – Email SPAM filtering – Over 5 million SPAM and phishing emails blocked per day – Anti-virus installed on workstations – Security awareness training Two Payroll Incident Examples – October 2013 and March 2014 – Phishing emails are suspected of compromising the users’ EBS login credentials (user name and password) – No breach of MSU systems/network appears to have occurred – Risk currently mitigated by disabling online direct deposit changes People and process changes recommended to further improve prevention, detection, and response Context:

6 Information Security Confidential Addressing Security Risks at MSU 6 Two-Factor Authentication Security Policy Dedicated Incident Response Security Awareness Security Incident and Event Management Vulnerability Management Defense in Depth Approach – Multiple layers of controls to reduce overall risk Business enablement combined with risk reduction

7 Information Security Confidential Two-Factor Authentication Overview 7 Two-factor authentication requires the use of two of the three authentication factors: Something only the user: 1.Knows (e.g. password, PIN, secret answer) 2.Has (e.g. ATM card, mobile phone, hard token) 3.Is (e.g. biometric – iris, fingerprint, etc.)

8 Information Security Confidential Who Uses Two-Factor? 8

9 Information Security Confidential How Two-Factor Authentication Helps Credentials are commonly stolen through: – Phishing attacks targeted at MSU – Third-party sites compromised and same username/password used for MSU applications Adobe, Yahoo, LinkedIn, Forbes, Zappos, and eHarmony were breached in past year, 32 million usernames and passwords stolen – 15,000+ users registered with MSU email addresses, unknown how many used MSU password to register with these sites Two-factor authentication prevents attackers from accessing your account even if they obtain your username and password. 9

10 Information Security Confidential Two-Factor Strategy at MSU Second Factor will be a“soft” Token Identify an Industry Leader for the Two-Factor Components Enhance MSU’s single sign-on solution (Sentinel) to integrate with Industry Leaders Solution to provide Two- Factor Enable Two-Factor for EBS applications (portal, HR, Payroll, Finance, BI) for all current employees. 10

11 Information Security Confidential Multiple deployment options available for MSU users: 1.Mobile application 2.SMS text message 3.Voice call made to desk, mobile, or home phone Two-Factor Authentication Deployment Options 11

12 Information Security Confidential Appendix A – Scope diagram 12

13 Information Security Confidential Appendix B – Enrollment: Step 1 13

14 Information Security Confidential Appendix B – Enrollment: Step 2 14

15 Information Security Confidential Appendix B – Enrollment: Step 3 15

16 Information Security Confidential Appendix B – Enrollment: Step 3 16

17 Information Security Confidential Appendix B – Enrollment: Step 4 17

18 Information Security Confidential Appendix C – Login 18

Download ppt "Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015."

Similar presentations

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in e-mails Integrated.

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.

Payment Fraud Trends : What Can you do? Protect Yourself and Your Business from Financial Fraud.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
The Office of Information Technology Two-Factor Authentication.

The Office of Information Technology Two-Factor Authentication.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Similar presentations

Ads by Google