1 / 14

Practical Tips

Practical Tips. Enabling the College to meet its Goals. Risk Management What is your risk tolerance?. Know Your Assets Is your data classified and owned?. The Human Element People are a threat, t raining is key!. A New Cost Paradigm What Can You Purchase? What Can You Support?.

latashac
Download Presentation

Practical Tips

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Tips

  2. Enabling the College to meet its Goals

  3. Risk ManagementWhat is your risk tolerance?

  4. Know Your AssetsIs your data classified and owned?

  5. The Human ElementPeople are a threat, training is key!

  6. A New Cost ParadigmWhat Can You Purchase? What Can You Support?

  7. Policy Drives BehaviorThe Information Security Policy (ISP) defines a set of activities that the institution is expected to implement, control and monitorThe Acceptable Use Policy (AUP) defines a set of behaviors that users of the institution’s IT Resources are expected to uphold

  8. Regulations, Audits & Controls

  9. Cyber Insurance

  10. Key PositionsChief Information Security Officer (CISO)Cyber AnalystFirewall EngineerSpecialized Software AdministratorCompliance and Controls AdministratorData Owners/StewardsInternal Auditor

  11. Architecture ComponentsFirewallsNetwork Segmentation (Separation of Environments)End Point Protection/Malware ScannersSecurity Incident and Event Management (SIEM)Vulnerability AssessmentNetwork Monitoring (NOC/SOC)eDiscoveryForensics ToolMulti-Factor AuthenticationSecure Remote AccessDatabase EncryptionIAMInbound Email FilteringData Loss PreventionRisk Management & Workflow

  12. Industry OrganizationsEDUCAUSEREN-ISACNWACCOHSU Cyber Summit

  13. A Shared ResponsibilityMaking information security an institutional priority is the responsibility of the Board of Directors Ensuring the appropriate use of IT Resources is the responsibility of the College AdministrationImplementing and maintaining defense in depth is the responsibility of ITBeing responsible stewards of data is everyone’s responsibility!

  14. Make a plan! Make Information Security a part of your IT Strategy. Review Cyber Security insurance. Develop and publish Information Security and Acceptable Use policies. Identify all regulatory requirements with which the college must comply. Document Personally Identifiable Information (PII) and any other protected/sensitive data maintained by the college that is subject to compliance (both physical and digital). Identify all the ways in which data is accessed and do a full review of Access Controls. Develop a risk tolerance profile for the college for the different data categories. Document a “Defense in Depth” program that addresses the defined regulatory risks (this would include a project “road map” to address all areas of cyber defense). Once this program is in place perform internal control reviews, annual security audits, penetration tests and vulnerability assessments.

More Related