security policy development for college of it l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Policy Development for College of IT PowerPoint Presentation
Download Presentation
Security Policy Development for College of IT

Loading in 2 Seconds...

play fullscreen
1 / 11

Security Policy Development for College of IT - PowerPoint PPT Presentation


  • 189 Views
  • Uploaded on

Security Policy Development for College of IT Rich Larsen UNC-Charlotte College of IT Information Security Administrator rlarsen@uncc.edu x4566 Security Policy Framework Policies define “appropriate behavior” Policies set the stage for developing procedures and standards

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security Policy Development for College of IT


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security policy development for college of it
Security Policy Development for College of IT

Rich Larsen

UNC-Charlotte College of IT

Information Security Administrator

rlarsen@uncc.edu

x4566

security policy framework
Security Policy Framework
  • Policies define “appropriate behavior”
  • Policies set the stage for developing procedures and standards
  • Policies communicate a consensus
  • Policies provide a basis for action in response to inappropriate behavior
  • Policies assist in prosecution of cases
who should be concerned
Who should be concerned?
  • Users- policies impact them the most
  • Tech Support staff- they are required to implement, comply with and support policy
  • Management- concerned with the cost associated with implementing the policy
  • Lawyers/Auditors- they are concerned with the impact to the organization’s reputation as a result of an “incident”
security policy design best practices from sans institute
Security Policy Design Best Practices(from SANS Institute)
  • A cross-section of people affected by the policy should have an opportunity to review/comment
  • Tech Support staff should be involved in development and should review policy
  • Policies should be discussed as part of orientation process and should be posted in accessible locations (e.g., Intranet)
  • Provide refresher training on policies periodically
security policy requirements
Security Policy Requirements
  • Policies must:
    • Be enforceable and feasible to implement
    • Be concise and understandable
    • Balance protection with productivity
  • Policies should:
    • Clearly state the policy’s purpose
    • Describe the scope of the policy
    • Define roles and responsibilities
    • Discuss how violations will be handled
    • Provide a basis for audit
security policy structure
Security Policy Structure
  • Depends on size of the organization and its mission
  • Some policies are appropriate for all types of organizations; others are specific to a a particular environment
  • Some key policies for all organizations:
    • Acceptable use
    • Remote Access
    • Network security/perimeter security
coit policy framework development
COIT Policy Framework Development
  • Plan to use the ISO 17799 standard which is considered the current industry standard
  • Work in conjunction with ITS to ensure no conflicts
  • Proposed policies will be reviewed by the COIT Task Force on Information Security and Privacy before being submitted to all faculty
  • Standards/procedures will be discussed by COIT Task Force but will not be submitted to all faculty
  • “Top-down” approach
proposed research lab security policy
Proposed Research Lab Security Policy
  • COIT research labs are greatest potential security risks
  • Nature of research requires experimentation, formulation and testing
  • Security incident in a COIT lab could have detrimental effect on external funding and reputation of college
  • Balancing act
proposed research lab security policy9
Proposed Research Lab Security Policy
  • Roles:
    • Lab Director/Manager
    • Lab Administrator
    • Primary User
  • Managed vs. Unmanaged computers
  • Each “network-capable device” associated with a primary user (single point accountability)
  • User is accountable for security issues occurring on their assigned device(s) as a result of willful disregard of policy and/or negligence
  • Labs cannot host “production” IT services
proposed anti virus policy
Proposed Anti-virus Policy
  • All Windows and Macintosh-based computers required to have approved anti-virus software loaded at all times
    • This includes laptops/home computers which are used for remote access to campus
  • Users required to check for updates daily (or setting automatic updates to run daily)
  • UNIX/Linux –based computers exempt
coit tech update
COIT Tech Update
  • Streaming Media/ E-LAT
  • WebCT Upgrade
  • COIT Modem Bank
  • Reminder: ITS Migration Presentation/Demo tomorrow 9-12 in 125 Atkins