80 likes | 160 Views
Information Technology Security Services at The University of Michigan. Paul Howell Chief Information Technology Security Officer. ITSS Overview. Service offerings Security council Initial activities Questions. ITSS Offerings. Security Council.
E N D
Information Technology Security Services atThe University of Michigan Paul Howell Chief Information Technology Security Officer
ITSS Overview • Service offerings • Security council • Initial activities • Questions
Security Council Cross University membership consisting of a few Deans, business owners, UMHS, and several faculty. • Makes policy recommendations to Provost, CFO, and EVP for Medial Affairs. • Dialog & sane decisions around risk management. • Provides general direction for ITSS.
Initial Activities • Planning for • Staff sharing / training (discussed later) • Incident response • Security assessments • Hiring for several security positions. • Join FIRST. • Prompt reporting of all computer security incidents.
Initial Activities – cont. • Establish an Incident Response Oversight Team. • Vulnerability scans of all wired & Wi-Fi campus networks. • ITSS Web site. • Dark IP space for identifying scanning and other activity.
Initial Activities – cont. • NetFlow collection / processing at all UM-Internet interconnects. • Document and maintain network contacts for all wired & Wi-Fi networks. • Tools and procedures to locate a Wi-Fi computer / AP.
Staff Sharing Program Goals • Scale security skills within the existing workforce • Medium level of competency • Training done over a 4 to 6 month period, consisting of a combination of self-paced, lecture & lab, and on-the-job • Pre-testing and post-testing measure progress • New security job title and compensation, fraction determined by local needs • Periodic rotation through ITSS for 4 to 6 months at half-time for on-going skills updating