Presentation is loading. Please wait.

Presentation is loading. Please wait.

UAB IT Security Program Sallie Wright UAB AVP, Information Technology.

Published byDorothy Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "UAB IT Security Program Sallie Wright UAB AVP, Information Technology."— Presentation transcript:

1 UAB IT Security Program Sallie Wright UAB AVP, Information Technology

2 Agenda UAB Cyber Security Awareness Symposium October 20, 2009 9:00–9:05WelcomeDr. Doug Rigney, Interim Vice President 9:05–9:15Current State of IT Security at UABSallie Wright, Assistant Vice President 9:15–9:20Recognition of CISSPsSallie Wright, Assistant Vice President 9:20–9:40Security & Email Jeff Jessee, Asst. Director, Infrastructure Services 9:40–10:00Data Loss/ARRA/HIPAATerrell Herzig, Information Security Officer, HSIS 10:00–11:00Implementing ISO 27001/27002 in Higher EducationTammy Clark, Georgia State 11:00–11:20Break 11:20–12:00Dell’s Approach to Enterprise Information Security Dale Whiteaker-Lewis, Dell IT Security Consultant 12:00–12:20High Performance Computing/caBIG John Sandefur, Information Systems Manager John-Paul Robinson, System Programmer Lead 12:20–12:40Break/Lunch 12:40–1:00Equipment SurplusMichael Thorn, Information Security Specialist 1:00–1:20Infrastructure Security David Wolford, Communications Network Specialist 1:20–1:40Encryption & Pod SlurpingSean Maher, Information Security Coordinator 1:40–2:00Software BundlesChris Green, Information Security Specialist 2:00–2:10Break 2:10–2:40*Security/Forensics Careers - NCFITBD 2:40–3:05*Safety in Social NetworkingBrandon Cain, Information Security Coordinator 3:05–3:30*Securing Your ComputerBrandon Cain, Information Security Coordinator 3:30– Wrap-upSallie Wright, Assistant Vice President *of interest to students

3 UAB Information Security  Mission  Protected computing everywhere  Support the University’s mission of research, education and service  Objectives  World class security program  Recognized as the national leader for excellence in information assurance across higher education 3

4 Higher Ed Trends in IT Priorities 1 5 10

5 IT Priorities at UAB  2001-2007 Top 3  Administrative and Student Information Systems (ERP)  Increased Support for Teaching and Learning  Increased Information Security  2008 – 2009 Top 3  Support for Research  Increased Support for Teaching and Learning  Increased Information Security

6 Security Programs Stages of Excellence Stage 4 Stage 3 Stage 2 Stage 1 World Class program Excellent results World Class program Excellent results Advanced security program Limited fire fighting, most processes in place Advanced security program Limited fire fighting, most processes in place Basic security program Fire fighting with some processes in place Basic security program Fire fighting with some processes in place No real security program Mostly fighting fires No real security program Mostly fighting fires Stages of Excellence

7 Stage 1 No real information security Program Mostly fighting fires

8 Stage 2 Basic security program Fire-fighting with some processes in place Basic security program Fire-fighting with some processes in place

9 Stage 3 Advanced security program Limited fire fighting, most processes in place Advanced security program Limited fire fighting, most processes in place

10 Stage 4 World Class program Excellent results World Class program Excellent results

11 11

12

13

14 IT Security Central Resources Sallie Wright Chris Green Michael Thorn Sean Maher Brandon Cain14

15 UAB Security Initiatives 2007-08 Recent Accomplishments Intrusion DetectionRESNET NACComputer Forensics LabWhole Disc Encryption In Process Electronic Messaging Security Application Penetration Testing Lab caBig Security Framework On the Horizon Campus Wide Security Training & Certifications PCI Compliance Risk & Security Assessments eDiscovery 15

16 2008-2009 UAB Security Initiatives AccomplishmentsIn ProcessOn the Horizon Electronic Messaging Security Research Security Planning UAB Information Security Enterprise Council Application Penetration Testing Facility JRE UpgradesCell Phone and Removable Media Encryption Deployment Electronic Media Destruction 2 Factor AuthenticationIT Technical Coordinators Forensics Service CenterPCI CompliancePolicies, policies, policies Campus Wide Security Training and Certifications ARRA HIPAA Privacy Breach Notifications IDM caBig Security FrameworkBundle Images Laptop Encryption

17 Security Services  Computer Forensics & Investigations  Application Penetration Testing  Risk Vulnerability Assessments  Incident Response  Security Planning  Security Architecture  Electronic Messaging Security  Anti-Virus Protection 17

18 IT Technical Coordinators  Deans appointed IT technical coordinators  Build communications and partnerships with the schools  Ensure coordination of university-wide solutions with school-based initiatives  UAB Computer Incident Response Team membership  Participate in the selection of new UAB-wide solutions 18

19 UAB Security Stats Computer Forensics Risk Assessments Pen Tests Help Tickets Copyright Violations Virus Infections

20 Information Security Certifications  CISSP – Certified Information Systems Security Professionals  Course attended by 29 participants  Testing completed by 26; 2 scheduled for December  Confirmed 15 New CISSP’s across campus 20

21 UAB Information Security Enterprise Council  Purpose  To provide insight into the IT security needs of UAB  To assist with ensuring IT security posture continues to be strengthened across UAB  To help identify opportunities to improve IT security  To participate in the review of the IT security plan and to recommend the priorities for best meeting the information security needs of UAB

22 Congratulations to….CISSP’s Phillip CottonAshley FlemingFran Fabrizio Chris GreenEd HarrisTerrell Herzig Jerry LawrenceSean MaherLarry Owen Rajesh PillaiBrian RosenowEric Rzeszut John SandefurDr. Feng SunMichael Thorn

Download ppt "UAB IT Security Program Sallie Wright UAB AVP, Information Technology."

Similar presentations

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.

Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Public Safety & Institutional Assurance COMMUNICATING EXCELLENCE TOGETHER 2011 INDIANA UNIVERSITY COMMUNICATIONS & MARKETING CONFERENCE.

Public Safety & Institutional Assurance COMMUNICATING EXCELLENCE TOGETHER 2011 INDIANA UNIVERSITY COMMUNICATIONS & MARKETING CONFERENCE.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.

Manage and Safeguard Your BC Career Cheyene Haase BC Management, Inc.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.

Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,

Systemic Barriers to IT Security Findings within The University of Texas System Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO Lewis Watkins,
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

Similar presentations

Ads by Google