Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota."— Presentation transcript:

1 Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota

2 What we’ll cover today Assumed: A security function exists A security function exists You have the technical basics covered (policy,process,people,technology,etc) You have the technical basics covered (policy,process,people,technology,etc) You sometimes have problems getting from technical analysis to a decision You sometimes have problems getting from technical analysis to a decision

3 I have the technical analysis done…now what? Preliminary steps: Reality check with others inside/outside (compliance issues, expense, staff time) Reality check with others inside/outside (compliance issues, expense, staff time) Survey the landscape (who is affected, how big a change is required, etc) Survey the landscape (who is affected, how big a change is required, etc) Keep your management informed Keep your management informed

4 Now what? (cont’d) Collaborate with others to determine potential solutions Collaborate with others to determine potential solutions Communicate the risks and possible solutions widely Communicate the risks and possible solutions widely Build consensus on a solution or let people know the most likely solution Build consensus on a solution or let people know the most likely solution Sell your management on the need to make a change Sell your management on the need to make a change

5 Making change palatable If possible, make it easy to comply If possible, make it easy to comply Communicate “why” for the change Communicate “why” for the change Expect a few complaints…be diplomatic & courteous Expect a few complaints…be diplomatic & courteous Over-communicate big changes...until everyone is tired of hearing about it Over-communicate big changes...until everyone is tired of hearing about it Expect change to take longer than anticipated Expect change to take longer than anticipated

6 Security Decisions: Balancing usability vs complete security Don’t burn bridges if the decision doesn’t go your way Don’t burn bridges if the decision doesn’t go your way Don’t expect to get support for every decision Don’t expect to get support for every decision Educate others on the “why’s”…use the misfortune of others Educate others on the “why’s”…use the misfortune of others Be a trusted teamplayer Be a trusted teamplayer Listen to the view of others Listen to the view of others How you handle today’s issue will influence if people trust you on tomorrow’s How you handle today’s issue will influence if people trust you on tomorrow’s

7 Example: Windows desktop security settings The problem: High risk of Windows password cracking from the U network (XP pre- SP2 days) High risk of Windows password cracking from the U network (XP pre- SP2 days) Too many picky security changes to make from default settings Too many picky security changes to make from default settings No way for typical desktop user to know if they were at risk or compliant No way for typical desktop user to know if they were at risk or compliant Too hard to do the right thing Too hard to do the right thing

8 Windows Desktop (cont’d) The process: Require the settings by policy for computers that work with private data Require the settings by policy for computers that work with private data Script the 30 or so changes to the setting Script the 30 or so changes to the setting Get feedback for the proposed solution at technical and other meetings Get feedback for the proposed solution at technical and other meetings Enlist early adopters to show it works Enlist early adopters to show it works Collaborate w/auditors to use a version of the script to check settings Collaborate w/auditors to use a version of the script to check settings Sell management on why needed Sell management on why needed

9 More examples… Border filters Border filters P2P on wireless P2P on wireless Log collection and review Log collection and review Password rules Password rules Encryption of laptops Encryption of laptops VMware VMware IPv6 traffic on campus IPv6 traffic on campus

10 Result: Enjoy both the turkey AND the dressing

11

12 Questions?

Download ppt "Seven Effective Habits of a Successful ITSO Ken Hanna University of Minnesota."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
{{} Giving Effective Feedback Early Career Faculty Development Program 29 August 2011 Francine Montemurro, Boston University Ombuds www.bu.edu/ombuds.

{{} Giving Effective Feedback Early Career Faculty Development Program 29 August 2011 Francine Montemurro, Boston University Ombuds
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Wireless.ubc.ca Balancing security and usability on the world’s largest Wi-Fi campus network Jonn Martell Wireless Project Manager, UBC Jonn@martell.ca.

Wireless.ubc.ca Balancing security and usability on the world’s largest Wi-Fi campus network Jonn Martell Wireless Project Manager, UBC
IT Retreat 2009 IT Security Controls and Initiatives.

IT Retreat 2009 IT Security Controls and Initiatives.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.

Similar presentations

Ads by Google