Presentation is loading. Please wait.

Presentation is loading. Please wait.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Published byAdam Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted."— Presentation transcript:

1 Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Educause Security 2007ISC Information Security Security Reporting University of Pennsylvania Joshua Beeman jbeeman@isc.upenn.edu

3 Educause Security 2007ISC Information Security Overview Penn’s environment Version 1 (duct tape, chewing gum…) Version 2 (less gum, more tape…) Results

4 Educause Security 2007ISC Information Security Environment A private university in Philadelphia, PA founded in 1740 22,000 students/4,000 faculty/13,000 staff 7500 students live on campus 9000+ students, staff and faculty live in the surrounding community Health System has separate management –IT division outsourced/15,000 users

5 Educause Security 2007ISC Information Security Environment Computing mostly decentralized over 40 cost centers Some services are managed or coordinated centrally by Information Systems and Computing (ISC) Administrative Systems Support & Security Networking & Telecommunications

6 Educause Security 2007ISC Information Security Environment Open network Decentralized computing Information security concerns continually growing Limited funding Does this sound familiar to anyone?

7 Educause Security 2007ISC Information Security Environment Why a Security Report? Awareness Identify larger trends Develop security “hawks” Improve customer service

8 Educause Security 2007ISC Information Security Report – v.1 Incident Tracking via Excel Spreadsheet: Date IP address Center name Incident source Incident type Handler comments (optional)

9 Educause Security 2007ISC Information Security Report – v.1 Key Elements – Compromises: Total number of compromises Total number of IP addresses Ratio of Compromises/IP’s Ranking (based on ratio) Average (based on ratio)

10 Educause Security 2007ISC Information Security Report – v.1 Key Elements – Critical Hosts: Total number of Critical Hosts registered Total number of IP addresses Ratio of Critical Hosts/IP’s Ranking (based on ratio) Average (based on ratio)

11 Educause Security 2007ISC Information Security Report – v.1 Key Elements – Management Reports: Summary tables –Compromise ranking –Critical Host ranking Summary graphs –Incident source –Overall distribution

12 Educause Security 2007ISC Information Security

13 Educause Security 2007ISC Information Security

14 Educause Security 2007ISC Information Security

15 Educause Security 2007ISC Information Security

16 Educause Security 2007ISC Information Security

17 Educause Security 2007ISC Information Security

18 Educause Security 2007ISC Information Security

19 Educause Security 2007ISC Information Security

20 Educause Security 2007ISC Information Security Report – v.2 GRADI (web-based incident tracking system) Captures previous fields plus… Case Status (Pending, closed, etc.) MAC Address Wallplate Port List User PennKey …and more for certain case types

21 Educause Security 2007ISC Information Security Report – v.2 GRADI (continued) In addition provides automated processes for: DNS & host contact lookup Custom handling based on incident type Emailing/routing Searching, export, etc.

22 Educause Security 2007ISC Information Security Report – v.2 Previous Key Elements: Compromises Critical Hosts Critical Events Management reports

23 Educause Security 2007ISC Information Security Report – v.2 Plus New Elements: Wireless, Wired DMCA, non-DMCA Critical Vulnerabilities New management reports Comparative studies

24 Educause Security 2007ISC Information Security

25 Educause Security 2007ISC Information Security

26 Educause Security 2007ISC Information Security

27 Educause Security 2007ISC Information Security Results Provided senior management with tools and data Increased information security awareness Identified larger trends, problem areas Improved Universities overall security posture Created security “hawks”

28 Educause Security 2007ISC Information Security

29 Educause Security 2007ISC Information Security

30 Educause Security 2007ISC Information Security

31 Educause Security 2007ISC Information Security Results Remember that v.1 was based on: Individual Excel spreadsheets 5 data fields

Download ppt "Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted."

Similar presentations

A Successful Help Desk Process for all IT Support

A Successful Help Desk Process for all IT Support
“Build It and They Will Come, But Will They? A Poster Presentation by Abdul Shibli Harvard Graduate School of Education Cambridge, Massachusetts

“Build It and They Will Come," But Will They? A Poster Presentation by Abdul Shibli Harvard Graduate School of Education Cambridge, Massachusetts
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
© Copyright Computer Lab Solutions 2006. All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.

© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.

Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,

The Academic Computing Assessment Data Repository: A New (Free) Tool for Program Assessment Heather Stewart, Director, Institute for Technology Development,
Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.

Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.
Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, 2003. This work is the intellectual.

Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, This work is the intellectual.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Copyright Statement Copyright Crit Stuart, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared.

Copyright Statement Copyright Crit Stuart, This work is the intellectual property of the author. Permission is granted for this material to be shared.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Virtualization Across The Enterprise Rob Lowden Director, Enterprise Infrastructure Indiana University 23 May 2007.

Virtualization Across The Enterprise Rob Lowden Director, Enterprise Infrastructure Indiana University 23 May 2007.
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.

Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College Copyright Penn State University-2008. This work is the intellectual.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.

1 EDUCAUSE 2002 IT Support Community Training Model University of Colorado at Boulder.
Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.

Moving Out of The Shadows: Shining a Light on Data David Rotman Director of Computer Services Mark Mazelin Web Development Coordinator Copyright David.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Similar presentations

Ads by Google