1 / 15

UW Information Systems Security Policy

UW Information Systems Security Policy. Stephen Rondeau Institute of Technology Computing Labs Administrator 18 Nov 2005. Agenda. Components Sampling of Laws Complying with the Law Consideration of Ethics Consequences References. Computing Device. input. output. Hub. Components.

abbate
Download Presentation

UW Information Systems Security Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UW Information Systems Security Policy Stephen Rondeau Institute of Technology Computing Labs Administrator 18 Nov 2005

  2. Agenda • Components • Sampling of Laws • Complying with the Law • Consideration of Ethics • Consequences • References

  3. Computing Device input output Hub Components • Computing Device • takes some input • processes it • OS, services, applications • provides some output • Network • connects device • Data • ?

  4. Computing Devices: Reality In Human K/M/touch,etc. Out Human A/V Data Scanner/GPS In/Out Data Storage Device, PC Card, Network, Printer, Etc.

  5. Computing Devices: Connections • removable media • floppy,CD/DVD,flash,microdrive • PC Card • wired • serial/parallel,USB,Firewire,IDE,SCSI,twisted pair • wireless • radio (802.11, cellular, Bluetooth) • Infrared (IR) • Ultrasound

  6. Lab Network Environment H/S R C C C C AP H/S C Server C Time- Share C C Internet UW Net R C

  7. Data Issues • Sensitivity: public or confidential • confidential • minimal, more sensitive, most sensitive • owned by someone • specific statements for access, distribution, storage, disposal and penalties for disclosure • Criticality: how important to function

  8. Key Security Concepts • Must protect: • Services/Use • Functionality: perform function or use device • Availability: device or data is ready for use on demand and at operational speed and capacity • Data • Confidentiality: prevent disclosure to unauthorized people • Integrity: unaltered, intact

  9. Sampling of Laws • International, federal, state, UW • statutes and regulations • Federal • privacy, wiretapping, fraud, disclosure, surveillance, counterterrorism • grant-related policy • WA State • privacy, malicious mischief, public records, spam, disclosure • UW Administrative Code • student and general conduct, records access

  10. Complying with the Laws • Comply: take action to conform • Law => Policies + Standards + Guidelines • Policies state what needs to be done • Standards define how to implement the policy (via procedures) • Guidelines are strongly-recommended practices to assist in adhering to standards

  11. Roles and Responsibilities • System owners and operators • comply with laws, policies, guidelines • maintain confidentiality of sensitive data • grant access based on “least privilege” and “separation of duties” principles • report security incidents and perform incident response • Data Custodians • Users

  12. Policies • May monitor user accounts, files and access • Understand nature of data on systems, and manage it appropriately • Provide logical and physical access control and logging commensurate with sensitivity and criticality of computing devices, networks and data • Document procedures for issuing, altering and revoking access privileges • Implement minimum computer and network measures and practices

  13. Consideration of Ethics • Ethics are the principles of conduct that are harmonious with society • arguably higher than policy • notable examples • whistleblowing • preventing conflicts of interest • protecting life • Use of university resources; data sensitivity

  14. Consequences • Worm/Virus authoring and release • Trojans • Unauthorized wireless access • Keylogging • Botnets

  15. References • UW Information Systems Security • http://www.washington.edu/admin/rules/APS/02.01TOC.html • UW Minimum Computing Security Standards • http://www.washington.edu/computing/security/pass/MinCompSec.html • UW Electronic Information Privacy Policy • http://www.washington.edu/computing/rules/privacypolicy.html • SANS Institute Policy Templates • http://www.sans.org/resources/policies/

More Related