Presentation is loading. Please wait.

Presentation is loading. Please wait.

STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

Published byEmil Dean Modified over 8 years ago

Similar presentations

Presentation on theme: "STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE."— Presentation transcript:

1 STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE

2 NPTF Meeting dates 2 February 18-Operational review (Completed) April 21- Security strategy session (Completed) July 21-Updates & planning discussions (Completed) August 11- Strategy discussions (Completed) September 15- Security strategy discussion October 6- Strategy discussions/preliminary rates (ADDED) October 20- Strategy discussion November 3- FY’10 Finalize rate setting

3 Today’s Agenda 3 ■ Security Strategy Discussions ■ Security Planning Today ■ Defense in Depth ■ Prevention ■ Risk Assessment Update ■ Increase Efficiency ■ Proposed 3 Year Plan

4 Security Planning Today 4 ■ Continue to evolve a security strategy and plan ■ Goal: Find ways to say “yes” while minimizing risk, reducing vulnerabilities, and the overall cost of security

5 Security Planning Today 5 ■ Rolling 3 year plan ■ Defense in depth ■ Prevention ■ Update Risk Assessment ■ Increase Efficiency

6 Defense in Depth 6 ■ Continue to expand layers of defense ■ Maintain and enhance a robust security infrastructure ■ Strengthening PennKey Project ■ Central Authorization ■ Supplement strong authentication with logging and anomaly detection

7 Prevention 7 ■ Continue to increase user awareness ■ Leverage Learning Management System to deliver security awareness and training to broad community ■ Focus awareness on phishing in FY09 ■ Policies and controls ■ SSN policy ■ SPIA ■ Infrastructure and tools ■ Strengthening PennKey Project ■ Central authorization ■ Laptop encryption

8 Risk Assessment Update 8 College Opportunity and Affordability Act of 2008 Phishing Lost and stolen devices

9 Increase Efficiency 9 ■ Reduce costs to affiliate with third party systems ■ Shibboleth ■ Central authorization - centrally managed groups ■ Replace GRADI with RT-IR

10 Proposed 3 Year Plan 10 FY09 Focus Risk Assessment Behavior Changes Strengthen PennKey Passphrases Cosign FY10 Focus Risk Assessment Strengthen PennKey 2 factor FY11 Focus Risk Assessment Anomaly Detection FirmEvolving

11 Proposed 3 Year Plan FY ‘09 11 ■ SPIA Cohort 3 ■ Phishing awareness ■ Tips, articles, warnings ■ Online Privacy and Security Training ■ Staff & Faculty, followed by LSPs ■ Central Authorization Service (PennGroups) ■ Fall 08 general availability ■ Hard Drive Encryption ■ PGP selected, Volume license agreement ■ Shibboleth ■ Q4 FY09 ■ Streamlining PennKey

12 Proposed 3 Year Plan FY ’09 12 ■ RT-IR ■ New tracking system for ISC Information Security Team ■ Strengthening PennKey ■ Cosign replacing websec ■ Passphrases replacing passwords ■ SecureShare ■ Secure web based file sharing tool ■ Scanning ■ Considering Rapid7 NeXpose to replace ISS ■ Security Liaisons ■ SSN Compliance

13 Proposed 3 Year Plan FY ‘10 13 ■ SPIA ■ 2 Factor Authentication ■ Authentication Logging ■ Hard Drive Encryption for Laptops ■ Strongly encouraged for all laptops ■ Evaluate DKIM (Domain Keys Identified Mail) to mitigate spam & phishing ■ Strengthen 3rd party email phishing filtering and broaden adoption ■ Explore technical measures to combat illegal file sharing

14 Proposed 3 Year Plan FY ‘11 14 ■ SPIA ■ Anomaly Detection ■ Policy governing storage of, and access to, University Data from machines not owned by Penn

15 Discussion 15

Download ppt "STRATEGY SESSION SEPTEMBER 15, 2008 3-YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
IT Retreat 2009 IT Security Controls and Initiatives.

IT Retreat 2009 IT Security Controls and Initiatives.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.

Active Directory Production Pilot Project Department of Administration Enterprise Technology Services (ETS) ETS is a customer based team that provides.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.

1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.
NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.

NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.
1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.
CMS Fall Forum Fall 2003 November 18, 2003 Lorraine Frost.

CMS Fall Forum Fall 2003 November 18, 2003 Lorraine Frost.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep

Similar presentations

Ads by Google