Download presentation
Presentation is loading. Please wait.
Published byClarissa Janel Wilkins Modified over 9 years ago
1
1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID THE NETWORK SECURITY CHALLENGE Jack Suess CIO University of Maryland Baltimore County (UMBC)
2
222 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Achieving Nirvana - The Six Stages of Security A recent EDUCAUSE ECAR research bulletin - High Stakes for Optimal IT Security Staffing, cited Glenn Fourie’s Stages of Institutional Security Awareness Level 1 - Ignorance Level 2 - Awareness Level 3 - Vulnerability Level 4 - Intrusion Detection Level 5 - Forensics Level 6 - Practically Secure
3
333 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 1 -- Ignorance Blissfully ignorant of security issues. Common thoughts heard in this stage: There has never been an issue an my institution and we don’t need to worry about this. Security is something the IT people came up with to make us spend money -- just like that Y2K stuff We are too small for anyone to bother us
4
444 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 2 - Awareness Some event highlights institutional vulnerability. Common reasons in this stage: Hello this is the Chronicle of Higher Ed -- I’d like to discuss the recent release of Student ID’s on the web. The institutional web site is defaced with some pornographic picture. RIAA or MPAA brings a lawsuit against one of your students. A poor audit triggers questions from the trustees.
5
555 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 3 - Vulnerability Institution is still in a “reactive” mode. As you begin to take action the institution begins to grasp the extent of the problem. Common issues that arise in this level There are no policies to dictate what can or can’t be done. Security is weak throughout and there is no one the CIO can turn too and say “fix this”. Hiring someone to lead security becomes a priority Campuses begin to develop plans and budgets to “address the issue” Vulnerability can last many years!
6
666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 4 - Intrusion Detection Institutions begin to be “proactive” in addressing the problem. Common elements in this stage are: There is a person leading the security team. Campuses redesign their network and information services with security in mind. Policies and procedures are created to augment technology Campus considers IT security to be a requirement for new services Campuses start a security and awareness campaign
7
777 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 5 - Forensics The campus has developed a deep understanding of its IT infrastructure. Forensics provides a feedback loop to augment and adapt your security infrastructure -- people, policies, and technology. Real-time network security monitoring systems are introduced The network has been architected to support “defense in depth” Widely deployed host-based firewalls/IDS are deployed to protect systems Operating system patching is automated
8
888 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Level 6 - Practically Secure The institution is secure for current threats and has the adaptability to address new threats as they arise. No institution has reached this stage so there are no examples!
9
999 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID UMBC -- Where Are We We are in entering Level 4. We are focusing on technology and policy to make us “Proactive” We are spending 1.5 million to redesign our network and LAN architecture to support security AND performance We are revamping policies and procedures to address security and augment what we can’t do with technology We have a major program on security awareness under way based on “protecting yourself from Identity Theft” We are working with our academic units to connect security into our curriculum in CSEE and IS
10
10 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID EDUCAUSE/Internet2 Security Task Force Our goal is to help institutions improve their network and computer security -- regardless of the level they are at today Established in 2000, our goals are: –Education and Awareness –Standards, Policies, and Procedures –Security Architecture and Tools –Organization, Information Sharing, and Incident Response Our focus has been to engage government, corporations, and other higher education organizations in promoting security.
11
11 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Current Security Task Force Initiatives Education and Awareness Initiative Annual Security Professionals Workshop Legal Issues and Institutional Policies Risk Assessment Method and Tools Effective Security Practices Guide Research and Development Initiatives Vendor Engagement and Partnerships Research and Educational Networking Information Sharing & Analysis Center
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.