Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010.

Published byBlaze Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010."— Presentation transcript:

1 Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010

2 Security Tools Update Incident response plan unit template released in 2009 Audit log practices – training in September 2010 Physical security – new security template released in 2009 Security awareness training – 2010 system-wide workgroup Equipment release - multi-function printing device guidance released to campus/UCDHS in 2010 Web application security vulnerability scanning – security lifecycle development training in August 2010

3 2010 Cyber-safety Policy Revisions Clarify mobile devices integration within CS standards Broaden reference to “computers” to include mobile devices Require firmware updates for mobile devices Remove AV requirement for mobile devices Require mobile devices to use at least a four character password, where available Require mobile devices to support remote wipe capability, where available Modify annual survey items to include mobile devices Modify annual survey password references to include passphrases

4 Recommended Cyber-safety Survey Revisions Update definition of “restricted information” Existing definition: Restricted information is defined as data that is considered sensitive to some degree and may include personal information or information whose unauthorized access, modification or loss could seriously or adversely affect the university. Proposed definition: Restricted information describes any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit. (BFB IS-3, 5/20/2009)

5 2010 Cyber-safety Survey Items SOFTWARE PATCHES AV Software Removal of insecure services Secure authentication PERSONAL INFORMATION PROTECTION* Firewall Services* PHYSICAL SECURITY* Open email relays Proxy services AUDIT LOGS* BACKUP/RECOVERY* Security training* Anti-spyware* EQUIPMENT RELEASE* INCIDENT RESPONSE PLAN* WEB APPLICATION SECURITY* 2009 survey items Underline: needed improvement areas

6 Cyber-safety Survey Schedule October through December 2010: Survey data collection January through February 2011: Analysis and reporting to units, as appropriate March 2011: Reporting to CS oversight committee, Technical Infrastructure Forum and Campus Council for Information Technology April 2011: Report to Chancellor’s cabinet

7 Continued Support of Organizational Effectiveness Web application scanning service Anti-malware licensing Computer host vulnerability scanning and reporting Intrusion prevention capability at network border Network firewalls at network border Authentication services and identity and access management Personal identity information scanner – licensed for Windows and Mac OS X InCommon certificates for SSL Encryption for email with restricted content Forensic investigation and reporting assistance

Download ppt "Robert Ono Office of the Vice Provost, Information and Educational Technology September 9, 2010 TIF-Security Cyber-safety Plans for 2010."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Controls for Information Security

Controls for Information Security
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Security Standards in Higher Education Presented by: Karen Eft, IT Policy Manager University of California, Berkeley Robert Ono, IT Security Coordinator.

Security Standards in Higher Education Presented by: Karen Eft, IT Policy Manager University of California, Berkeley Robert Ono, IT Security Coordinator.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.

Sybase Confidential Propriety.iAnywhere ConfidentialiAnywhere Confidential Proprietary.Sybase Confidential Propriety. Addressing the Challenges of Device.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.

Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google