1 / 8

Security Issues

Security Issues. Steve Lovaas, ACNS IAC, 22 April 2008. The big issues this month…. Encryption Utimaco SafeGuard Enterprise SQL Injection, database attacks WatchFire AppScan User behavior and culture Risk Analysis Background Checks SSN rescan and purge. Colorado State University. 2.

mmarcella
Download Presentation

Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues Steve Lovaas, ACNS IAC, 22 April 2008 Colorado State University

  2. The big issues this month… Encryption Utimaco SafeGuard Enterprise SQL Injection, database attacks WatchFire AppScan User behavior and culture Risk Analysis Background Checks SSN rescan and purge Colorado State University 2

  3. Encryption: Utimaco SafeGuard • Disk encryption product, protecting sensitive data loss on mobile computers • Architecture in place, testing the deployment process • Departments that participated in the January training are beginning to deploy • Training for other departments coming soon • Network share encryption – new module expected next month Colorado State University

  4. Web Apps: WatchFire AppScan • Web application vulnerability scanner • SQL injections [just had one this month!] • Cross-site scripting • IIS/Apache/.NET vulnerabilities • Complex tool, requires consultation for setup and interpretation of results • Have scanned a number of departments, contact ACNS if you’re interested Colorado State University

  5. Behavior/Culture: Risk Analysis • Have a draft tool, reviewing with Internal Auditing • Goals for the first iteration • Responsibilities • Behavior • Controls • Test first round this summer Colorado State University

  6. Behavior/Culture: Background Checks • Last year, IAC strengthened sub-committee’s recommendation: check ALL employees w/ access to sensitive data • New committee working on University-wide policy • Seeking clarification on policy overlap • More details in April… Colorado State University

  7. Behavior/Culture: SSN scanning • Most colleges/departments are done • Removed a substantial number of SSNs (mostly from servers that didn’t get scanned last time around) • Huge amount of extra, unexpected work • Both necessary and greatly appreciated • A few larger departments are still finishing up with removal/remediation • Remaining SSNs require an exception request, and will need to be encrypted Colorado State University

  8. Please contact me • Dealing with security is my job – both planning to prevent issues and responding to issues after the fact… • Feel free! Steven.Lovaas@ColoState.edu 6th Floor, USC Building 297-3707 Colorado State University

More Related