120 likes | 285 Views
Security and Privacy Policy The World Has Changed!. Common Solutions Group Jack McCredie January 9, 2004. Agenda Share Progress & Request Help. Security and privacy policy framework at UC Recommended policy structure & process Specter of emerging legislation - Illustration: CA SB-1386
E N D
Security and Privacy PolicyThe World Has Changed! Common Solutions Group Jack McCredie January 9, 2004
AgendaShare Progress & Request Help • Security and privacy policy framework at UC • Recommended policy structure & process • Specter of emerging legislation - Illustration: CA SB-1386 • Security policy evolution at UC Berkeley - Illustration: minimum security standards policy • Request for help – are we nuts?
Recommended structure • Purpose • Scope • Policy • Roles and responsibilities • Consequences • Requests for exception • Appendices that can be easily modified • Set of standing committees to contribute and review, and approve • Communicate, communicate, communicate
Security & Privacy Policies Information technology policies Campus-wide policies University-wide policies
System & campus-wide policies • UC Electronic Communications Policy http://www.ucop.edu/ucophome/policies/ec/html/ • UC Business and Finance Bulletin IS-3 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html • Guide to Administrative Responsibilities http://controller-fs.vcbf.berkeley.edu/TableofContents. html
Information Technology Policies • Requirements for Protection of Computerized Personal Information (Implementation of SB 1386) http://socrates.berkeley.edu:7015/protected.data.html • Guide to Selected Privacy and Confidentiality Regulations http://socrates.berkeley.edu:7015/privacy/guidelines.html • Guidelines for Use of Campus Network Data Reports http://security.berkeley.edu:2002/CISC/gdlns.net.data.html
Security and Privacy Policies • Campus Information Technology Security Policy http://socrates.berkeley.edu:2002/IT.sec.policy.html • Minimum Security Standards http://socrates.berkeley.edu:2002/MinStds/policy.htm • SNS Scanning of the UC Berkeley Campus Network http://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/
Security and Privacy Policies • Departmental Security Contact Policy http://socrates.berkeley.edu:2002/contacts.html • Guidelines and Procedures for Blocking Network Access http://socrates.berkeley.edu:2002/blocking.html • IT Security “Best Practices” http://socrates.berkeley.edu:2002/bestpractices.html
Specter of emerging legislation • Illustrative law: California SB 1386 • UC Berkeley incidents since July 1, 2003 • Campus and system-wide response
Policy Evolution:Have we gone over the top? • UC electronic communications policy • Departmental security contact • Guidelines and procedures for blocking network access • Campus IT security policy • Requirements for protection of computerized personal information • SNS Scanning of the UCB campus network • Required minimum security standards
Required minimum security standards • Software patch updates • Anti-virus software • Passwords • No unencrypted authentication • No unauthenticated email relays • No unauthenticated proxy servers • Physical security • Unnecessary services • HOST-BASED FIREWALL SOFTWARE REQUIRED
Are We Nuts? • Questions and discussion