Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Published byEvan Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer."— Presentation transcript:

1 IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer Trinity College Dublin 22/05/2007

2 Overview Creating the Security Policy The Implementation Dilemma What makes the Campus Environment Different? The Answer Case Study: Trinity College Dublin

3 Campus Networks and Security Cultural Resistance Gradual infiltration Acceptance Period of rapid catch up Maturity?

4 Policies Implemented 2006 *ECAR – Educause Centre for Applied Research - 2006 IT Security Survey 492 Respondents

5 Creating the Security Policy ISO 27001 Relevant Legislation Organisational Environment Identify Assets Resources E.g. USICA Information Security Toolkit

6 Policy Main Policy Supporting policy areas: –Email –Internet use –System development etc

7

8 Implementation…. Governing Body Approval Communication to Users Translation to Operational Procedures Enforcement

9 Campus Implementation Difficulties Traditional ethos of free & open access to systems and information Diverse user base - Admin, teaching, research, grids, commerce, corporations, clubs, societies, college life, public guests Complex collaborative arrangements - institutions, individuals and industry Need to facilitate the rapid adoption of emerging & often immature technologies Diversity and decentralised management…

10 Traditional Implementation Management Area Head End User Area Head End User Policy Dissemination

11 University Structure Governing Body Committees Schools/Faculties Admin Areas Student Representatives Commercial Entities

12 Governing Body Admin Body Admin Areas End User Committees User Groups Committees Academic Body School/ Faculty End User Committees User Groups Student Body Student Society Student clubs End User Campus Company End User Research Affiliates End User

13 Helpful to Focus on Similarities with all Large Networks Provide High Quality, Flexible Services Protect Confidential data Protect against Internal and External Security Threats Comply with Legislation Contingency and Disaster Recovery Planning

14 Despite/Because of complexity and diversity vital to implement IT Security Framework Framework which facilitates & protects Goal

15 The Answer? Management Structure - Establish IT Security Governance/Management Structure Involve Stakeholders - Identify key stakeholders and involve in creating policy, encourage ongoing communication. High Value Assets - Identify core IT Assets and prioritise Segregation - Functional and Security Boundaries Flexibility – make provision for high risk activity - Research, new technology etc

16 Case Study: Trinity College Dublin July 2003 - IT Security Policy Approved by College Governing Body 2004 - Awareness Exercises - Email, Booklet, website 2004-2006 - Translation to Operational procedures Ongoing - Adoption of Security Technologies

17 Security Management System

18 Implementation- College IT Security Governance Governing Committee Autonomous Network End User Autonomous Network End User Trinity College Data Network Local Area IT Support reps End Users

19 Implementation Internal Agreements - Central computing department & local IT interests. Regular Communication Dissemination to IT Administration Staff & End Users Adoption of Technologies

20 Supporting Documentation Network Security Internet Use Email Use Authentication/Passwords Virus and Spam Software Development Data Backup Disaster Recovery Remote Access Third Party Access Legal Compliance Guidelines

21 Adopting Technologies Network Security– VPN, VLANs, Firewall, IDS, NAC,802.1x, guest network services, eduroam Host Security– Automatic Updates, Centrally Managed AV Enterprise Directory – secure Authentication Removal Insecure Protocols

22 Central Services Web, Mail, Proxy etc Teaching & General Research Student Services Autonomous Networks Specialized Production, Cash Registers etc Specialized Research Wireless Services Security Boundaries

23 Assessing the Progress Improved communications – move away from duplication of service Improved focus – strategic planning Incident Reporting Internal Audit – systems, applications, External Audit ISO27001 Certification

24 Future Challenges Exploding User Numbers – students/public on network, Guests, Eduroam Non traditional networked devices - PDA’s, phones, Xboxes, cameras, CEPOS Disappearing Network Boundary Rapid Adoption New technology Changing Threat profile Data privacy concerns – Help users protect their personal/financial data More important than ever to deal with these challenges via a strong IT Security Framework

25 References: http://www.tcd.ie/itsecurity/policies/ind ex.php http://www.educause.edu/ecar http://www.ucisa.ac.uk/ http://www.tcd.ie/itsecurity/policies/ind ex.php http://www.educause.edu/ecar http://www.ucisa.ac.uk/

Download ppt "IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
RISK ADVISORY SERVICES Green State IT Strictly Private and Confidential 29 September 2014 An initiative towards higher maturity for managing software.

RISK ADVISORY SERVICES Green State IT Strictly Private and Confidential 29 September 2014 An initiative towards higher maturity for managing software.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Secure Computing Network

Secure Computing Network
IT Security Policies and Campus Networks Translating security policy to practical campus networking Sara McAneney IT Security Officer Trinity College Dublin.

IT Security Policies and Campus Networks Translating security policy to practical campus networking Sara McAneney IT Security Officer Trinity College Dublin.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.

Similar presentations

Ads by Google