1 / 44

Good Security is Good “Business”

Good Security is Good “Business”. 08 April 2005. Information and Systems Security/Compliance. Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO. Dave Kovarik Director. Sharlene Mielke Disaster Recovery. Roger Safian Information Security. Dave Kovarik

deanna
Download Presentation

Good Security is Good “Business”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Good Security is Good “Business” 08 April 2005

  2. Information and Systems Security/Compliance Office of the Vice President Mort Rahimi, VP & CTO Pat Todus, AVP & Deputy CIO Dave Kovarik Director Sharlene Mielke Disaster Recovery Roger Safian Information Security

  3. Dave Kovarik Office: (847) 467-5930 Email: david-kovarik@northwestern.edu 1800 Sherman Ave., Evanston, Suite 600 22 years in Information Security practice CISSP: Certified Info Systems Security Professional CISM: Certified Information Security Manager Information and Systems Security/Compliance

  4. Mission “Enable the University to Conduct Its Business in a Secure Mannner” Purpose “Maintain that delicate balance between service and security” Information and Systems Security/Compliance

  5. Primary Areas of Responsibility Security – Information Protection Services Compliance - Regulatory, University policy Disaster Recovery / Business Continuity Information and Systems Security/Compliance

  6. Business Defined…

  7. University “Business” Schools Partnerships Intranets, Internet… Can they be trusted? Finances Research Students Services Alumni

  8. Intranet Data Center Individual systems = Diversity introduces Risk b • Foundational Issues • Ubiquitous connectivity • PCs everywhere • High mobility • Are all assets protected? • “Contingent” clients • Contractors • Vendors/consultants • Temporary users • Links to partners, affiliates Internet Every system must be secured Inside is almost as risky as outside

  9. Web / Internet Databases Collaboration Wireless Mobile Devices Laws/Regulations Technologies Trustees Schools FERPA GLBA, HIPAA Students Sarbanes-Oxley Research Patriot Act and more… Employees Regulatory & Client Demands Stakeholders Pressure mounting on universities to prove compliance with an increasing array of laws and regulations + Increasing demands for services = Security becomes ever more challenging.

  10. Complexity Abounds

  11. We Are More Alike than Different… “You will be assimilated – resistance is futile.” Convergence

  12. Jan. 03 George Mason University Jan. 06 University of Kansas Jan. 18 Univ. of California, San Diego Feb. 02 Indiana University 2005…

  13. Mar. 11 Boston College Mar. 14 California State University, Chico Mar. 18 University of Nevada, Las Vegas Mar. 20 Northwestern University Mar. 28 University of California, Berkeley 2005…

  14. Why Are Universities Targets?

  15. Why Are Universities Targets?

  16. Why Are Universities Targets?

  17. Passphrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services What Can We Do?

  18. The password is Passphrase Passwords

  19. Encrypted passphrase Tf$/cgi3tcG.H Your passphrase ******** Matching them up Does ******* == Tf$/cgi3tcG.H ? Your passphrase

  20. Collects data username and passphrase Widely available Available for many operating systems You won’t notice Often creates very large log files Sniffers

  21. Tools that “Crack” passphrases Widely Available Very efficient Uses system information Dictionary-based attack Has many rules for substitution Passphrase Crackers

  22. Not based on personal information Don’t use anything in a dictionary Never tell it to anyone Change it regularly Your passphrase is like a toothbrush Don’t share it, and change it when necessary Choosing a good passphrase

  23. NU,WPiP! Northwestern University, Where Parking is Plentiful!

  24. You can find additional information on passphrases, E-mail, NetIDs, and related policies & guidelines at… http://www.it.northwestern.edu/accounts/index.html Passphrases

  25. Pass-Phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services What Can We Do?

  26. The Prince of Paranoia says: If It Walks Like A Duck... Trust, But Verify Identity Theft – pay attention or pay dearly! http://www.idtheftcenter.org/index.shtml Security Awareness

  27. Get Control! Junk mail – just trash it! Phishing… and now Pharming Privacy & Identity Theft http://www.it.northwestern.edu/security/index.html Security Awareness

  28. Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services What Can We Do?

  29. Get & Stay Patched!!! Keep Anti-virus Current!!! Run Anti-Spyware - FREQUENTLY Run Analysis Tools – FREQUENTLY http://www.it.northwestern.edu/security/index.html Self-Assessment

  30. Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services What Can We Do?

  31. University Policies… Security, Privacy & Responsibilities Infrastructure Services Guidelines Best Practices http://www.it.northwestern.edu/policies/index.html Policy Compliance

  32. Pass-phrases Security Awareness Self-Assessment Policy Compliance Use NUIT Services What Can We Do?

  33. Academic Technologies / Bob Taylor Supports NU faculty members' instructional and research needs and supplies educational technologies and multimedia resources to the entire NU community. http://www.it.northwestern.edu/about/departments/at/index.html NUIT Services

  34. Administration & Finance / Steve Beck Provides administrative and financial support for other IT units in the pursuit of NUIT's mission. http://www.it.northwestern.edu/about/departments/af/index.html NUIT Services

  35. Computing Services / Dana Nielsen Acquires, supports, and maintains the computing platforms for NU's administrative, instructional, and research systems. http://www.it.northwestern.edu/dss/abt-dept-itcs/ NUIT Services

  36. Information Systems Architecture / Tom Board Oversees the design, maintenance, and improvement of University middleware http://www.it.northwestern.edu/about/departments/isa/index.html NUIT Services

  37. iCAIR – International Center for Advanced Internet Research / Joe Mambretti Teams with international partners to accelerate innovation and enhance global communications through leading-edge Internet research and pre-production deployment. http://www.it.northwestern.edu/about/departments/icair/index.html http://www.icair.org NUIT Services

  38. Management Systems / Betty Brugger Provides information systems support to assist University staff and faculty in the performance of business-related or administrative processes, primarily at the enterprise level. http://www.it.northwestern.edu/about/departments/itms/index.html NUIT Services

  39. Technology Support Services / Wendy Woodward Educates the NU community on computing and network resources available on campus and over the Internet as well as new and changing technology at Northwestern. http://www.it.northwestern.edu/about/departments/tss/index.html NUIT Services

  40. Telecommunications & Network Services / Dave Carr Designs, procures, installs, operates, and maintains the central voice, data, image, and video communication services for the NU network. http://www.it.northwestern.edu/about/departments/tns/index.html NUIT Services

  41. The Collaboratory Project / Gary Greenberg A Northwestern University initiative that provides project consulting, training, and technical advice to teachers interested in using the Collaboratory to advance education. http://www.it.northwestern.edu/about/departments/cp/index.html http://collaboratory.nunet.net/cwebdocs/index.html NUIT Services

  42. Competitive advantage – publicity is notnecessarily a good thing Maximize profitability by minimizing loss Promote & preserve reputation Back to the Beginning

  43. Mandated by legislation – compliance minimizes vulnerability to adverse action Establishes “trust” required of partnerships It’s expected of a premier University Back to the Beginning

  44. Information and Systems Security/Compliance Dave Kovarik (847) 467-5930 david-kovarik@northwestern.edu Sharlene Mielke (847) 467-7804 s-mielke@northwestern.edu Roger Safian (847) 467-4058 r-safian@northwestern.edu ISS/C

More Related