Network Planning Task Force - PowerPoint PPT Presentation

Network planning task force l.jpg
Download
1 / 11

Schools/Centers must identify Personal Computing Devices that pose a significant ... threats: theft of portable computing devices, if used in conjunction ...

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Network Planning Task Force

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Network planning task force l.jpg

Network Planning Task Force

Information Security Strategy


Nptf fy 07 members l.jpg

Mary Alice Annecharico/Rod MacNeil, SOM

Robin Beck, ISC

Chris Bradie/Dave Carrol, Business Services

Cathy DiBonaventura, School of Design

Geoff Filinuk, ISC

John Keane/ Grover McKenzie, Library

John Irwin, GSE

Marilyn Jost, ISC

Deke Kassabian /Melissa Muth, ISC

Doug Berger/ Manuel Pena, Housing and Conference Services

Mike Weaver, Budget Mgmt. Analysis

Dominic Pasqualino, OAC

James Kaylor, CCEB

Helen Anderson, SEAS

Kayann McDonnell, Law

Donna Milici, Nursing

Dave Millar, ISC

Michael Palladino, ISC (Chair)

Jeff Fahnoe, Dental

Mary Spada, VPUL

Marilyn Spicer, College Houses

Steve Stines / Joseph Shannon, Div. of Finance

Ira Winston, SEAS, SAS, School of Design

Mark Aseltine/ Mike Lazenka, ISC

Ken McCardle, Vet School

Brian Doherty, SAS

Richard Cardona, Annenberg

Deirdre Woods/Bob Zarazowski, Wharton

NPTF FY ’07 Members


Meeting schedule fy 07 l.jpg

Meeting Schedule – FY ‘07

  • Meetings 1:30-3:00pm, 3401 Walnut Street

  • Fall Meetings / Process

    • Intake and Current Status Review – August 21

    • Agenda Setting & Focus Group Planning – September 18

    • Strategy Discussions – October 2

    • Security Strategy Discussions – October 16 (357A)

    • Strategy Discussions – October 30

    • Prioritization – November 6

    • Focus Group Feedback – November 20

    • Rate Setting – December 04


Security feedback from 8 21 l.jpg

Security Feedback from 8/21

  • Review of what we are currently doing and where we are going and policy impact on LSPs.

  • Review of each step and our response/procedures including prevention, detection, escalation, impact of incidents and forensics.

  • Connecting the appropriate people – having a local security provider and a privacy security liaison.

  • A need for low probability / high catastrophe case studies with a playbook type response. (Business continuity type tabletop exercises) Brown bag lunch?

  • Encryption

  • Scan and Block


Other security concerns or priorities l.jpg

Other security concerns or priorities?


Fy07 information security initiatives l.jpg

FY07 Information Security Initiatives

  • Achieve Full Payment Card Industry Standards Compliance

  • Scan and Block available for implementation in 5 or more University areas.

    • SPIA

    • Complete Early Adopters project

    • Implement Risk Management and Reporting

  • Pilot Campus Authorization Service

  • Evaluate Security Incident Tracking and Management

  • LSP Security Certification

  • 2007 SANS Windows Security Class


Possible policy directions l.jpg

Possible Policy Directions


Encryption l.jpg

Encryption

  • Pros

    • Encrypting disks or file systems are now widely available within operating systems of all supported platforms.

    • Offers considerable protection from some of our most likely threats: theft of portable computing devices, if used in conjunction with other methods.

  • Cons

    • Associated support cost and limited pilot experience

    • Risk of total loss of data requires backup of encrypting keys.

    • Will require additional spending on storage.

    • Not widely available as standard option in common PDAs.


Personal computing device security l.jpg

Personal Computing Device Security

  • Scope: Laptops, PDAs, Blackberries, Treos, USB storage, iPods, etc.

  • Background/Issues

    • Specifically included in “risk assessment” section of proposed critical host policy.

    • PDAs not as mature a market as desktops/laptops w/r/t security. Solutions are many and varied. No silver bullets -- lots of point solutions for many and varied devices. Sometimes security can be achieved with configuration changes, but sometimes requires 3rd party products.

    • Personal ownership and shared family use at home complicates matters.


Possible personal computing device security strategy l.jpg

Possible Personal Computing Device Security Strategy

  • Short-term

    • Require basic protections such as encryption, strong passwords, anti-virus (where available) and best practice configuration.

  • Long-term

    • Preference to keep confidential data off of personal computing devices.

    • Otherwise, waiver required with compensating controls.

    • Provide secure remote access to secure, decentralized servers

    • May require broad use of virtual private networks or comparable feature.

    • Standards apply irrespective of ownership

    • Devices are for exclusive use of employee


Possible plans l.jpg

Possible Plans


  • Login