1 / 12

Security and Privacy Policy The World Has Changed!

Security and Privacy Policy The World Has Changed!. Common Solutions Group Jack McCredie January 9, 2004. Agenda Share Progress & Request Help. Security and privacy policy framework at UC Recommended policy structure & process Specter of emerging legislation - Illustration: CA SB-1386

cerise
Download Presentation

Security and Privacy Policy The World Has Changed!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy PolicyThe World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

  2. AgendaShare Progress & Request Help • Security and privacy policy framework at UC • Recommended policy structure & process • Specter of emerging legislation - Illustration: CA SB-1386 • Security policy evolution at UC Berkeley - Illustration: minimum security standards policy • Request for help – are we nuts?

  3. Recommended structure • Purpose • Scope • Policy • Roles and responsibilities • Consequences • Requests for exception • Appendices that can be easily modified • Set of standing committees to contribute and review, and approve • Communicate, communicate, communicate

  4. Security & Privacy Policies Information technology policies Campus-wide policies University-wide policies

  5. System & campus-wide policies • UC Electronic Communications Policy http://www.ucop.edu/ucophome/policies/ec/html/ • UC Business and Finance Bulletin IS-3 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html • Guide to Administrative Responsibilities http://controller-fs.vcbf.berkeley.edu/TableofContents. html

  6. Information Technology Policies • Requirements for Protection of Computerized Personal Information (Implementation of SB 1386) http://socrates.berkeley.edu:7015/protected.data.html • Guide to Selected Privacy and Confidentiality Regulations http://socrates.berkeley.edu:7015/privacy/guidelines.html • Guidelines for Use of Campus Network Data Reports http://security.berkeley.edu:2002/CISC/gdlns.net.data.html

  7. Security and Privacy Policies • Campus Information Technology Security Policy http://socrates.berkeley.edu:2002/IT.sec.policy.html • Minimum Security Standards http://socrates.berkeley.edu:2002/MinStds/policy.htm • SNS Scanning of the UC Berkeley Campus Network http://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/

  8. Security and Privacy Policies • Departmental Security Contact Policy http://socrates.berkeley.edu:2002/contacts.html • Guidelines and Procedures for Blocking Network Access http://socrates.berkeley.edu:2002/blocking.html • IT Security “Best Practices” http://socrates.berkeley.edu:2002/bestpractices.html

  9. Specter of emerging legislation • Illustrative law: California SB 1386 • UC Berkeley incidents since July 1, 2003 • Campus and system-wide response

  10. Policy Evolution:Have we gone over the top? • UC electronic communications policy • Departmental security contact • Guidelines and procedures for blocking network access • Campus IT security policy • Requirements for protection of computerized personal information • SNS Scanning of the UCB campus network • Required minimum security standards

  11. Required minimum security standards • Software patch updates • Anti-virus software • Passwords • No unencrypted authentication • No unauthenticated email relays • No unauthenticated proxy servers • Physical security • Unnecessary services • HOST-BASED FIREWALL SOFTWARE REQUIRED

  12. Are We Nuts? • Questions and discussion

More Related