Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Published byNorman Clarke Modified over 9 years ago

Similar presentations

Presentation on theme: "EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management."— Presentation transcript:

1 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management Infrastructure Presented by Lorraine Frost, Vice President Information Resources and Technology, CSUSB Kent McKinney, Director Information Systems, CSUEB Javier Torner, Ph.D. Information Security Officer, CSUSB Copyright CSUSB&CSUEB 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Agenda ● Information Security Issues ● Information Security Policies ● The Role of the Identity Management System ● Identity Management Systems at CSUSB ● Identity Management System at CSUEB

3 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Information Security Issues ● Top Information Security Risks – Unauthorized disclosures of personal and confidential information ● http://www.privacyrights.org/ar/ChronDataBreaches.htm – Unauthorized use of information systems ● Gramm-Leach-Bliley Act – GLBA ( The Financial Modernization Act of 1999) and others – Requires Monitoring and Detection of unauthorized access

4 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Distribution of Security Breaches From COPP – March-2006

5 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Types of Security Breaches From COPP – March-2006

6 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Information Security Issues To prevent and identify unauthorized access to confidential information institutions must ● know who is authorized to use/access ALL critical information system ● have an auditable and efficient process to provide/change/modify/remove access to ALL critical resources ● limit number and restrict unnecessary access to information repositories containing personal and confidential information

7 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Information Security Policies Information security policies are based on maintaining ● Confidentiality – Information is restricted to only those authorized to access it ● Integrity – Information can only be changed/modified/destroyed by those authorized to do it ● Availability – Information must be available to those who need access to the information ● Auditability – Information should be collected in a manner that would enable to verify access controls, integrity and availability

8 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Information Security Policies Compliance requires ● Appropriate mechanisms for user authentication ● Access controls and authorizations consistent with user’s define roles ● Continuous monitoring that only authorized users access critical information systems

9 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … The Role of the Identity Management Infrastructure ● Provides a centralized system to reconcile and manage ALL known users and their roles ● Provides a centralized system to authenticate and authorize users to access/use information systems ● Provides an efficient mechanism to provision and de-provision users to access information systems

10 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … The Role of the Identity Management Infrastructure ● Provides a centralized auditing facility for verifying compliance ● Changes/updates of information become available in almost Real Time ● Minimizes the number of repositories with personal or confidential information.

11 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Identity Management ● CSUEB was exploring the potential of SUN Java Enterprise System (JES) toolset to address their needs for supporting an Identity Management System (IdM). ● CSUSB evaluated Oracle and SUN’s Identity Management solution – SUN’s was selected because of the the current knowledge and expertise in SUN products on the campus ● CSUEB and CSUEB recognized their common goals on the use of SUN’s IdM solution an a collaborative project was established.

12 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Collaborative IdM at CSUEB and CSUSB ● Identify approaches to address two campuses, with separate operations, common problems ● Develop common solutions to address IdM strategies ● Develop provisioning and de-provisioning policies and procedures for campus enterprise systems ● Identity strengths and weaknesses of the SUN JES Identity Management System toolset ● Determine benefits and costs of working together ● Publicize lessons learned and advantages of using a secure Identity Management System toolset, such as Sun JES

13 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Identity Management Systems at CSUSB ● Identify campus constituents and their roles ● Develop and implement provisioning and de- provisioning policies and procedures for campus enterprise systems ● Enhance security surrounding access to enterprise information systems and applications

14 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Identity Management Systems at CSUSB ● Establish appropriate authentication and authorizations to campus resources ● Develop single sign-on strategy to address upcoming campus portal implementation ● Synchronize the enterprise directory with Active Directory to provide a uniform access policy to decentralized information systems

15 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Identity Management System at CSUEB ● Core identity management system in place; independent single access control identifier (NetID) ● Registry of student, employee and other source records; enterprise directory (SUN LDAP) ● User tools for NetID activation, password reset & recovery - Admin tools for mgmt and reporting ● LDAP authentication for email, Blackboard LMS, student self service info, 15 other enterprise apps ● www.csueastbay.edu/netid

16 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Identity Management System at CSUEB ● Standardize home grown provisioning process, user and admin tools using a vendor supported product ● Expand current single NetID sign-on capabilities to other applications; particularly to departmental applications ● Synchronize the enterprise directory with Active Directory to provide a uniform access policy to departmental information systems

17 EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Questions? Contact Information Lorraine Frost, lfrost@csusb.edu Kent McKinney, kent.mckinney@csueastbay.edu Javier Torner, jtorner@csusb.edu

Download ppt "EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management."

Similar presentations

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
Provisioning 101: Cutting Costs, Enhancing Security, and Improving Service David Lavenda VP Marketing & Product Strategy June 19, 2003 © Business Layers.

Provisioning 101: Cutting Costs, Enhancing Security, and Improving Service David Lavenda VP Marketing & Product Strategy June 19, 2003 © Business Layers.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey 2007. This work is the intellectual property.

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.

Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Presented by: Mark Hendricks

Presented by: Mark Hendricks
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
ERP Security Checklist ENT 2007 Joy R. Hughes VPIT and CIO George Mason University Co-chair STF.

ERP Security Checklist ENT 2007 Joy R. Hughes VPIT and CIO George Mason University Co-chair STF.
Steve Neiheisel Industry Consultant Creating a Technology Forum for the Whole Campus Presented by Executive Services of Jenzabar (c) Copyright 2006 Jenzabar,

Steve Neiheisel Industry Consultant Creating a Technology Forum for the Whole Campus Presented by Executive Services of Jenzabar (c) Copyright 2006 Jenzabar,
NLII - 2003 Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.

NLII Mapping the Learning Space New Orleans, LA Colleen Carmean NLII Fellow Information Technology Director, ASU West Editor, MERLOT Faculty Development.
1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Web Portal Development with uPortal or.Net Midwest Educause: March 24-26, 2003 David B. Williams Mark Troester

Web Portal Development with uPortal or.Net Midwest Educause: March 24-26, 2003 David B. Williams Mark Troester
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Similar presentations

Ads by Google