Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Published byMarjory Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,"— Presentation transcript:

1 Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins, CISSP Director of Information Resources

2 The University of Texas System Nine Academic Institutions Six Health Institutions ~ 175,000 Students ~ 16,000 Faculty ~ 72,000 Non-Faculty Staff

3 The Attention Grabber! ►Security breach resulting in the unauthorized collection of 50,000+ social security numbers raises awareness of risks to our systems. ►Chancellor writes letter to all Presidents asking them to conduct a security inventory.

4 The Process ► IT System Application Vulnerability Assessment ► Operational Review of IT Security

5 Information System Application Vulnerability Inventory Phase 1: Mission Critical and Centrally Managed Systems Inventory Action Plan Assurance Report Phase 2: Departmental Systems Inventory Action Plan Assurance Report

6 Security Vulnerability Findings

7 Phase 2 Vulnerability Inventory Findings. (Some Specific Measures) 9

8 Some Observations & Questions Many departments failed to respond to the inventory or to specific questions. What do we conclude from items not reported? ► Vulnerabilities don’t exist? ► Cover-up? ► Ignorance? ► Survey instrument or procedure weakness? ► All of the above? 10

9 Some Observations & Questions Maturity levels in terms of security awareness varies greatly among institutions and sub-units. Addressing all risks is a massive undertaking. To what degree does the culture need to change? How do we change it? 10

10 12 System-wide Operational Review Center for Infrastructure Assurance and Security (CIAS) The CIAS is designed to leverage San Antonio's Infrastructure Assurance and Security (IAS) strengths as part of the solution to the nation's Homeland Defense needs and deficit of IAS talent and resources.

11 System-wide Operational Review Phase 1: Organization and Development ► Develop comprehensive schedule. ► Develop list of interest items, data points, and metrics. ► Develop survey forms and questionnaires.

12 Phase 2: Information Gathering ► Questionnaires to points of contact. ► Visited to UT institutions. ► During campus visits conducted interviews and manual inspections. System-wide Operational Review

13 Phase 3: Analysis and Reporting ► Identify risks, problems, best practices, and barriers to remediation. ► Verify risk assessments. ► Develop metrics to allow measure risks and effectiveness of remediation efforts. ► Deliver report providing recommendations to address risks, barriers, and future security needs. 14 System-wide Operational Review

14 Findings 205 specific recommendations across the following subject areas: Budget Personnel Network Perimeter Software Patches Physical Security Anti-virus Telecommunications Backups Data Mgt. & Destruction Internal System Security Incident Response Policies and Procedures Lab Environments Wireless

15 Findings Executive Metrics – Reported to UT System. Operational Metrics – Tracked locally at the institution. Temporary Metrics – Used to track progress towards specific project goals until complete. 26 proposed metrics to measure security program activity and effectiveness.

16 Top Three Systemic Barriers 1.Resource Allocation: Institutions feel their security programs are under funded and do not have adequate staff to properly secure their information systems

17 Top Three Systemic Barriers 2.Decentralized IT: Independent and open nature of institutions creates pool of systems that are not under centralized control, are managed and maintained at different levels, and introduce significant security risks.

18 Top Three Systemic Barriers 3.Decentralized Accountability: The academic enterprise is an open and shared environment with little to no accountability for information security. This ingrained culture is counter to efforts to maintain IT security.

19 Next Steps ► Identify funding mechanism to support System-wide support for Information Security efforts. ► Develop and deploy a certification process to be required of all distributed Server Administrators. ► Deploy a pilot of Secure Watch software for later expansion system-wide.

20 Questions? 11 Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO cgoldsmith@utsystem.edu Lewis Watkins, CISSP Director of Information Resources lwatkins@utsystem.edu

21

Download ppt "Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,"

Similar presentations

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
CANHEIT | On the EDGE | June 15-18, 2008 | University of Calgary Collaborative Computing on an Institutional Level Steve Breeck, Harold Esche, Bill Richardson.

CANHEIT | On the EDGE | June 15-18, 2008 | University of Calgary Collaborative Computing on an Institutional Level Steve Breeck, Harold Esche, Bill Richardson.
University of Florida Incident Tracking and Reporting Kathy Bergsma

University of Florida Incident Tracking and Reporting Kathy Bergsma
Internal Audit Awareness

Internal Audit Awareness
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
BASIC SKILLS INITIATIVE Research & Professional Development for Improving “Academic Fundamentals” Background/HistoryBackground/History Research PhaseResearch.

BASIC SKILLS INITIATIVE Research & Professional Development for Improving “Academic Fundamentals” Background/HistoryBackground/History Research PhaseResearch.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Today’s Speakers  Diane Dagefoerde, CIO, Arts and Sciences, The Ohio State University  Butch Juelg, Associate Vice Chancellor, Technology Services,

Today’s Speakers  Diane Dagefoerde, CIO, Arts and Sciences, The Ohio State University  Butch Juelg, Associate Vice Chancellor, Technology Services,
Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.

Serving the Research Mission: An Approach to Central IT’s Role Matthew Stock University at Buffalo.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Innovative Instruction Transformation Team Jeffrey Bartkovich, Monroe Community College Kim Scalzo, SUNY Center for Professional Development Carey Hatch,

Innovative Instruction Transformation Team Jeffrey Bartkovich, Monroe Community College Kim Scalzo, SUNY Center for Professional Development Carey Hatch,
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Information Security Is it warranted on your campus? William C. Moore II, CISSP Chief Information Security Officer Valdosta State University.

Information Security Is it warranted on your campus? William C. Moore II, CISSP Chief Information Security Officer Valdosta State University.
ICPL Institute for Computer Policy & Law H. David Lambert Vice President for Information Services and Chief Information Officer Georgetown University e-Discovery:

ICPL Institute for Computer Policy & Law H. David Lambert Vice President for Information Services and Chief Information Officer Georgetown University e-Discovery:
 The Middle States Commission on Higher Education is a voluntary, non-governmental, membership association that is dedicated to quality assurance and.

 The Middle States Commission on Higher Education is a voluntary, non-governmental, membership association that is dedicated to quality assurance and.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Similar presentations

Ads by Google