security and privacy policy the world has changed n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security and Privacy Policy The World Has Changed! PowerPoint Presentation
Download Presentation
Security and Privacy Policy The World Has Changed!

Loading in 2 Seconds...

play fullscreen
1 / 12

Security and Privacy Policy The World Has Changed! - PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on

Security and Privacy Policy The World Has Changed!. Common Solutions Group Jack McCredie January 9, 2004. Agenda Share Progress & Request Help. Security and privacy policy framework at UC Recommended policy structure & process Specter of emerging legislation - Illustration: CA SB-1386

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security and Privacy Policy The World Has Changed!' - cerise


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security and privacy policy the world has changed

Security and Privacy PolicyThe World Has Changed!

Common Solutions Group

Jack McCredie

January 9, 2004

agenda share progress request help
AgendaShare Progress & Request Help
  • Security and privacy policy framework at UC
  • Recommended policy structure & process
  • Specter of emerging legislation

- Illustration: CA SB-1386

  • Security policy evolution at UC Berkeley

- Illustration: minimum security standards policy

  • Request for help – are we nuts?
recommended structure
Recommended structure
  • Purpose
  • Scope
  • Policy
  • Roles and responsibilities
  • Consequences
  • Requests for exception
  • Appendices that can be easily modified
  • Set of standing committees to contribute and review, and approve
  • Communicate, communicate, communicate
slide4

Security & Privacy Policies

Information technology policies

Campus-wide policies

University-wide policies

system campus wide policies
System & campus-wide policies
  • UC Electronic Communications Policy

http://www.ucop.edu/ucophome/policies/ec/html/

  • UC Business and Finance Bulletin IS-3

http://www.ucop.edu/ucophome/policies/bfb/bfbis.html

  • Guide to Administrative Responsibilities

http://controller-fs.vcbf.berkeley.edu/TableofContents. html

information technology policies
Information Technology Policies
  • Requirements for Protection of Computerized Personal Information (Implementation of SB 1386)

http://socrates.berkeley.edu:7015/protected.data.html

  • Guide to Selected Privacy and Confidentiality Regulations

http://socrates.berkeley.edu:7015/privacy/guidelines.html

  • Guidelines for Use of Campus Network Data Reports

http://security.berkeley.edu:2002/CISC/gdlns.net.data.html

security and privacy policies
Security and Privacy Policies
  • Campus Information Technology Security Policy

http://socrates.berkeley.edu:2002/IT.sec.policy.html

  • Minimum Security Standards

http://socrates.berkeley.edu:2002/MinStds/policy.htm

  • SNS Scanning of the UC Berkeley Campus Network

http://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/

security and privacy policies1
Security and Privacy Policies
  • Departmental Security Contact Policy

http://socrates.berkeley.edu:2002/contacts.html

  • Guidelines and Procedures for Blocking Network Access

http://socrates.berkeley.edu:2002/blocking.html

  • IT Security “Best Practices”

http://socrates.berkeley.edu:2002/bestpractices.html

specter of emerging legislation
Specter of emerging legislation
  • Illustrative law: California SB 1386
  • UC Berkeley incidents since July 1, 2003
  • Campus and system-wide response
policy evolution have we gone over the top
Policy Evolution:Have we gone over the top?
  • UC electronic communications policy
  • Departmental security contact
  • Guidelines and procedures for blocking network access
  • Campus IT security policy
  • Requirements for protection of computerized personal information
  • SNS Scanning of the UCB campus network
  • Required minimum security standards
required minimum security standards
Required minimum security standards
  • Software patch updates
  • Anti-virus software
  • Passwords
  • No unencrypted authentication
  • No unauthenticated email relays
  • No unauthenticated proxy servers
  • Physical security
  • Unnecessary services
  • HOST-BASED FIREWALL SOFTWARE REQUIRED
are we nuts
Are We Nuts?
  • Questions and discussion