Gale fritsche
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Gale Fritsche PowerPoint PPT Presentation


  • 60 Views
  • Uploaded on
  • Presentation posted in: General

0. Securing Sensitive Information Across Campus. ACM SIGUCCS Computer Services Management Symposium April 9, 2006. Tim Foley. Gale Fritsche. Lehigh University. Library and Technology Services. Lehigh Overview. 0. Founded in 1865. Private research university located 90 miles west of NYC

Download Presentation

Gale Fritsche

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Gale fritsche

0

Securing Sensitive Information Across Campus

ACM SIGUCCS

Computer Services Management Symposium

April 9, 2006

Tim Foley

Gale Fritsche

Lehigh University

Library and Technology Services


Gale fritsche

Lehigh Overview

0

  • Founded in 1865. Private research university located 90 miles west of NYC

  • Ranks 32th out of 248 national universities in US News and World Report’s annual survey

  • Approx 4700 undergraduates, 1200 graduate students, 450 faculty and 1200 staff

  • Approx 90% Windows PCs, 5% Mac and 5% other (Linux etc.)


Library technology services organizational structure

  • 0

Library & Technology ServicesOrganizational Structure

Vice Provost

Library & Technology

Client Services

Administration &

Advancement

Library Systems &

Collections

Enterprise Systems

Technology

Management

Distance Education &

Faculty Development


Presentation agenda

The Problem

Lehigh’s Committee Structure

Process & Recommendation

Issues and Concerns

Other Data Security Initiatives

0

Presentation Agenda


Why do you need secure information

0

Why do you need secure information?

  • Stolen Cal Berkeley laptop exposes personal data of nearly 100,000 (AP March 29, 2005)

  • A laptop with personal information of students and applicants was stolen from the Cleveland State University admissions office (WKYC-TV, June 3, 05)

  • Two laptops were stolen from UW Medical Center office with the personal data of about 1,600 patients (Seattle Post-Intelligencer, Jan 24, 2006)

  • 6000 affected at the University of Northern Iowa when laptop computer holding W-2 forms of student employees and faculty was illegally accessed (AP Feb 18, 2006)


Gale fritsche

23 states with security breach laws

Consumers Union report as of 11/30/05

Reported breaches - 53,533,214 people affected since 2/15/05 see: http://www.privacyrights.org/ar/ChronDataBreaches.htm


Gale fritsche

0

Committee Structure

Advisory Council for

Information Services

Data Advisory

Council

Data Standards

Committee

E-Security

Committee

Account Opening

Sub Committee

Firewall

Sub Committee

Data Encryption

Sub Committee

Identity Mgmt

Sub Committee


Gale fritsche

0

Committee Charge

Data Encryption

Sub Committee

  • Systems Analysts

  • Security and Policy Officer

  • Computing Consultants

  • Database Manager

  • Enterprise Information Consultant

  • Client Services Team Leaders

Examine current encryption technologies to address the best way to encrypt PCs, Macs, PDAs and other portable devices, and LTS backups to comply with the Lehigh University security plan

Members


Gale fritsche

Subgroups Formed

0

  • Basic file access to LTS shares

  • Removable media

  • PDAs (Palms and Pocket PCs)

  • Desktop PC encryption (Windows and Macs)

  • Backups (Windows and Enterprise)

  • Encryption of Unix, and Oracle

  • Encryption of network traffic

  • Microsoft SQL Server security

  • Encryption keys

  • End user training


Gale fritsche

0

Process & Recommendations

  • Off campus visits

  • Web research

  • Software testing

    • EFS encryption, Truecrypt, WinMagic

  • Encryption webpage development

  • Data security seminars

  • Various meetings with clients

  • Data security blog for staff

  • Identified University apps needing compliance with FERPA and HIPAA


Gale fritsche

0

Final Recommendations

  • Whole disk encryption for PCs

  • Encrypted disk images for Macintosh

  • Folder encryption using Windows EFS encryption

  • Truecrypt for Pocket PCs and removable media

    • Good.com software for Treos (Investigating)

  • Password protect Palm devices or Pocket PCs

  • Backup encryption (EFS Encryption and MS Backup)

  • Restricting local logins (XP local security policies) for users with Banner reporting roles

  • Enterprise backups are secure in machine room and transit. Still examining options for enterprise backup

  • Terminal Server for FERPA and HIPAA applications (Police Database, Counseling Services)


Gale fritsche

Issues and Concerns

0

  • Cost of software

  • Recovering data on drives using whole disk encryption

  • Management of encryption keys

  • Privileges to download banner/access reports to PCs

  • Other places sensitive data reside on a hard drive

    • The recycle bin, temporary internet files

    • Laptop sleep mode (writes desktop to temporary files)

  • Management of shared encrypted resources


Gale fritsche

0

Other Data Security Initiatives

  • Campus firewall

  • Secure wireless implementation

  • Procedures for wiping computer hard drives prior to disposal

  • Campus Police registration database

  • Windows Vista testing (Bit Blocker Encryption)


Do you have file encryption requirements at your college or university if so what do you encrypt

Discussion Questions

Do you have file encryption requirements at your College or University ? If so, what do you encrypt?

  • Desktop PCs

  • PDAs

  • Backups

  • All of the Above


Have you implemented a identity management system if so what vendor did you use

Have you implemented a Identity Management System? If so, what vendor did you use?

  • IBM

  • Computer Associates

  • Microsoft

  • Novell

  • SUN

  • Other


How many of you have implemented a firewall for your campus network

How many of you have implemented a firewall for your campus network?

  • Yes

  • No


How many of you have experienced a recent security breach stolen laptop hacker

How many of you have experienced a recent security breach (Stolen Laptop, Hacker)?

  • Yes

  • No


What type of information do you feel need to be the most secure

What type of Information do you feel need to be the most secure?

  • Employee SSNs

  • Student Medical Info

  • Alumni Donor Info

  • Athlete Recruiting Info


Contact information

Contact Information

Tim Foley – [email protected]

Gale Fritsche – [email protected]


  • Login