security policy development for college of it
Download
Skip this Video
Download Presentation
Security Policy Development for College of IT

Loading in 2 Seconds...

play fullscreen
1 / 11

Security Policy Development for College of IT - PowerPoint PPT Presentation


  • 179 Views
  • Uploaded on

Security Policy Development for College of IT Rich Larsen UNC-Charlotte College of IT Information Security Administrator [email protected] x4566 Security Policy Framework Policies define “appropriate behavior” Policies set the stage for developing procedures and standards

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Policy Development for College of IT' - sandra_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security policy development for college of it
Security Policy Development for College of IT

Rich Larsen

UNC-Charlotte College of IT

Information Security Administrator

[email protected]

x4566

security policy framework
Security Policy Framework
  • Policies define “appropriate behavior”
  • Policies set the stage for developing procedures and standards
  • Policies communicate a consensus
  • Policies provide a basis for action in response to inappropriate behavior
  • Policies assist in prosecution of cases
who should be concerned
Who should be concerned?
  • Users- policies impact them the most
  • Tech Support staff- they are required to implement, comply with and support policy
  • Management- concerned with the cost associated with implementing the policy
  • Lawyers/Auditors- they are concerned with the impact to the organization’s reputation as a result of an “incident”
security policy design best practices from sans institute
Security Policy Design Best Practices(from SANS Institute)
  • A cross-section of people affected by the policy should have an opportunity to review/comment
  • Tech Support staff should be involved in development and should review policy
  • Policies should be discussed as part of orientation process and should be posted in accessible locations (e.g., Intranet)
  • Provide refresher training on policies periodically
security policy requirements
Security Policy Requirements
  • Policies must:
    • Be enforceable and feasible to implement
    • Be concise and understandable
    • Balance protection with productivity
  • Policies should:
    • Clearly state the policy’s purpose
    • Describe the scope of the policy
    • Define roles and responsibilities
    • Discuss how violations will be handled
    • Provide a basis for audit
security policy structure
Security Policy Structure
  • Depends on size of the organization and its mission
  • Some policies are appropriate for all types of organizations; others are specific to a a particular environment
  • Some key policies for all organizations:
    • Acceptable use
    • Remote Access
    • Network security/perimeter security
coit policy framework development
COIT Policy Framework Development
  • Plan to use the ISO 17799 standard which is considered the current industry standard
  • Work in conjunction with ITS to ensure no conflicts
  • Proposed policies will be reviewed by the COIT Task Force on Information Security and Privacy before being submitted to all faculty
  • Standards/procedures will be discussed by COIT Task Force but will not be submitted to all faculty
  • “Top-down” approach
proposed research lab security policy
Proposed Research Lab Security Policy
  • COIT research labs are greatest potential security risks
  • Nature of research requires experimentation, formulation and testing
  • Security incident in a COIT lab could have detrimental effect on external funding and reputation of college
  • Balancing act
proposed research lab security policy9
Proposed Research Lab Security Policy
  • Roles:
    • Lab Director/Manager
    • Lab Administrator
    • Primary User
  • Managed vs. Unmanaged computers
  • Each “network-capable device” associated with a primary user (single point accountability)
  • User is accountable for security issues occurring on their assigned device(s) as a result of willful disregard of policy and/or negligence
  • Labs cannot host “production” IT services
proposed anti virus policy
Proposed Anti-virus Policy
  • All Windows and Macintosh-based computers required to have approved anti-virus software loaded at all times
    • This includes laptops/home computers which are used for remote access to campus
  • Users required to check for updates daily (or setting automatic updates to run daily)
  • UNIX/Linux –based computers exempt
coit tech update
COIT Tech Update
  • Streaming Media/ E-LAT
  • WebCT Upgrade
  • COIT Modem Bank
  • Reminder: ITS Migration Presentation/Demo tomorrow 9-12 in 125 Atkins
ad