Presentation is loading. Please wait.

Presentation is loading. Please wait.

Northwestern University Information Technology Good Security is Good “Business” 08 April 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Northwestern University Information Technology Good Security is Good “Business” 08 April 2005."— Presentation transcript:

1 Northwestern University Information Technology Good Security is Good “Business” 08 April 2005

2 Northwestern University Information Technology Information and Systems Security/Compliance Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO Dave Kovarik Director Sharlene Mielke Disaster Recovery Roger Safian Information Security

3 Northwestern University Information Technology Dave Kovarik Office: (847) 467-5930 Email: david-kovarik@northwestern.edu 1800 Sherman Ave., Evanston, Suite 600 22 years in Information Security practice CISSP: Certified Info Systems Security Professional CISM: Certified Information Security Manager Information and Systems Security/Compliance

4 Northwestern University Information Technology Mission “Enable the University to Conduct Its Business in a Secure Mannner” Purpose “Maintain that delicate balance between service and security” Information and Systems Security/Compliance

5 Northwestern University Information Technology Primary Areas of Responsibility Security – Information Protection Services Compliance - Regulatory, University policy Disaster Recovery / Business Continuity Information and Systems Security/Compliance

6 Northwestern University Information Technology Business Defined…

7 Northwestern University Information Technology University “Business” Partnerships Research s Services Schools Finances Students Intranets, Internet… Can they be trusted? Alumni

8 Northwestern University Information Technology b Internet Every system must be secured Inside is almost as risky as outside Individual systems Intranet Intranet Data Center = Foundational Issues Ubiquitous connectivity PCs everywhere High mobility Are all assets protected? “Contingent” clients –Contractors –Vendors/consultants –Temporary users Links to partners, affiliates Diversity introduces Risk

9 Northwestern University Information Technology Trustees Schools Students Research Employees Regulatory & Client Demands Pressure mounting on universities to prove compliance with an increasing array of laws and regulations + Increasing demands for services = Security becomes ever more challenging. Web / Internet Databases Collaboration Wireless Mobile Devices Technologies StakeholdersLaws/Regulations Sarbanes-Oxley GLBA, HIPAA FERPA Patriot Act and more…

10 Northwestern University Information Technology Complexity Abounds

11 Northwestern University Information Technology Convergence We Are More Alike than Different… “You will be assimilated – resistance is futile.”

12 Northwestern University Information Technology 2005… Jan. 03 George Mason University Jan. 06 University of Kansas Jan. 18 Univ. of California, San Diego Feb. 02 Indiana University

13 Northwestern University Information Technology 2005… Mar. 11 Boston College Mar. 14 California State University, Chico Mar. 18 University of Nevada, Las Vegas Mar. 20 Northwestern University Mar. 28 University of California, Berkeley

14 Northwestern University Information Technology Why Are Universities Targets?

15 Northwestern University Information Technology Why Are Universities Targets?

16 Northwestern University Information Technology Why Are Universities Targets?

17 Northwestern University Information Technology What Can We Do? Passphrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

18 Northwestern University Information Technology Passwords The password is Passphrase

19 Northwestern University Information Technology Your passphrase Encrypted passphrase –Tf$/cgi3tcG.H Your passphrase –******** Matching them up –Does ******* == Tf$/cgi3tcG.H ?

20 Northwestern University Information Technology Sniffers Collects data –username and passphrase Widely available Available for many operating systems You won’t notice Often creates very large log files

21 Northwestern University Information Technology Passphrase Crackers Tools that “Crack” passphrases Widely Available Very efficient Uses system information Dictionary-based attack Has many rules for substitution

22 Northwestern University Information Technology Choosing a good passphrase Not based on personal information Don’t use anything in a dictionary Never tell it to anyone Change it regularly Your passphrase is like a toothbrush –Don’t share it, and change it when necessary

23 Northwestern University Information Technology NU,WPiP! Northwestern University, Where Parking is Plentiful!

24 Northwestern University Information Technology Passphrases You can find additional information on passphrases, E-mail, NetIDs, and related policies & guidelines at… http://www.it.northwestern.edu/accounts/index.html

25 Northwestern University Information Technology What Can We Do? Pass-Phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

26 Northwestern University Information Technology Security Awareness The Prince of Paranoia says: If It Walks Like A Duck... Trust, But Verify Identity Theft – pay attention or pay dearly! http://www.idtheftcenter.org/index.shtml

27 Northwestern University Information Technology Security Awareness Get Control! Junk mail – just trash it! Phishing… and now Pharming Privacy & Identity Theft http://www.it.northwestern.edu/security/index.html

28 Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

29 Northwestern University Information Technology Self-Assessment Get & Stay Patched!!! Keep Anti-virus Current!!! Run Anti-Spyware - FREQUENTLY Run Analysis Tools – FREQUENTLY http://www.it.northwestern.edu/security/index.html

30 Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

31 Northwestern University Information Technology Policy Compliance University Policies… Security, Privacy & Responsibilities Infrastructure Services Guidelines Best Practices http://www.it.northwestern.edu/policies/index.html

32 Northwestern University Information Technology What Can We Do? Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services

33 Northwestern University Information Technology NUIT Services Academic Technologies / Bob Taylor Supports NU faculty members' instructional and research needs and supplies educational technologies and multimedia resources to the entire NU community. http://www.it.northwestern.edu/about/departments/at/index.html

34 Northwestern University Information Technology NUIT Services Administration & Finance / Steve Beck Provides administrative and financial support for other IT units in the pursuit of NUIT's mission. http://www.it.northwestern.edu/about/departments/af/index.html

35 Northwestern University Information Technology NUIT Services Computing Services / Dana Nielsen Acquires, supports, and maintains the computing platforms for NU's administrative, instructional, and research systems. http://www.it.northwestern.edu/dss/abt-dept-itcs/

36 Northwestern University Information Technology NUIT Services Information Systems Architecture / Tom Board Oversees the design, maintenance, and improvement of University middleware http://www.it.northwestern.edu/about/departments/isa/index.html

37 Northwestern University Information Technology NUIT Services iCAIR – International Center for Advanced Internet Research / Joe Mambretti Teams with international partners to accelerate innovation and enhance global communications through leading-edge Internet research and pre-production deployment. http://www.it.northwestern.edu/about/departments/icair/index.html http://www.icair.org

38 Northwestern University Information Technology NUIT Services Management Systems / Betty Brugger Provides information systems support to assist University staff and faculty in the performance of business-related or administrative processes, primarily at the enterprise level. http://www.it.northwestern.edu/about/departments/itms/index.html

39 Northwestern University Information Technology NUIT Services Technology Support Services / Wendy Woodward Educates the NU community on computing and network resources available on campus and over the Internet as well as new and changing technology at Northwestern. http://www.it.northwestern.edu/about/departments/tss/index.html

40 Northwestern University Information Technology NUIT Services Telecommunications & Network Services / Dave Carr Designs, procures, installs, operates, and maintains the central voice, data, image, and video communication services for the NU network. http://www.it.northwestern.edu/about/departments/tns/index.html

41 Northwestern University Information Technology NUIT Services The Collaboratory Project / Gary Greenberg A Northwestern University initiative that provides project consulting, training, and technical advice to teachers interested in using the Collaboratory to advance education. http://www.it.northwestern.edu/about/departments/cp/index.html http://collaboratory.nunet.net/cwebdocs/index.html

42 Northwestern University Information Technology Back to the Beginning Competitive advantage – publicity is not necessarily a good thing Maximize profitability by minimizing loss Promote & preserve reputation

43 Northwestern University Information Technology Back to the Beginning Mandated by legislation – compliance minimizes vulnerability to adverse action Establishes “trust” required of partnerships It’s expected of a premier University

44 Northwestern University Information Technology ISS/C Information and Systems Security/Compliance Dave Kovarik (847) 467-5930 david-kovarik@northwestern.edu Sharlene Mielke (847) 467-7804 s-mielke@northwestern.edu Roger Safian (847) 467-4058 r-safian@northwestern.edu

Download ppt "Northwestern University Information Technology Good Security is Good “Business” 08 April 2005."

Similar presentations

CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.

CISSP Seeks CIPP Object: Mutual Compliance Marriage of Privacy and Security Professionals Under HIPAA David B. Nelson, CISSP Yolo County Woodland, California.
To ensure quality instruction and educational success, NVC Information Technology is committed to delivering high quality technical leadership, resources,

To ensure quality instruction and educational success, NVC Information Technology is committed to delivering high quality technical leadership, resources,
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
© Prentice Hall 2002 15.1 CHAPTER 15 Managing the IS Function.

© Prentice Hall CHAPTER 15 Managing the IS Function.
S UBSCRIPTION E NROLLMENTS U NDER T HE C AMPUS A ND S CHOOL A GREEMENT 5-license minimum order No institution-wide commitment Software Assurance optional.

S UBSCRIPTION E NROLLMENTS U NDER T HE C AMPUS A ND S CHOOL A GREEMENT 5-license minimum order No institution-wide commitment Software Assurance optional.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.

Internet2, CENIC and Merit: Partnering to Deliver Cloud Services to California.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Current Information Technology Issues Norbert Mika NJ Mika Consulting Inc.

Current Information Technology Issues Norbert Mika NJ Mika Consulting Inc.
This Is Northwestern University Information Technology 2005.

This Is Northwestern University Information Technology 2005.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Northwestern University Information Technology Information and Systems Security/Compliance February 2005.

Northwestern University Information Technology Information and Systems Security/Compliance February 2005.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.

Similar presentations

Ads by Google