100 likes | 117 Views
Detailed schedule of Fall 2006 sessions, stakeholders, goals, and discussions focusing on security priorities and strategic initiatives for information security planning at the University of Pennsylvania.
E N D
Meeting Schedule – FY 2006 • Summer Planning Sessions (2) • July 18 • August 01 • Summer Focus Groups (2) • September 19 • Fall Meetings (6) • October 03 –Security Discussions/ Setting Security Priorities • October 17 – Focus Group Feedback/ Establishing the Fall Priorities • October 31 – Strategic Security Discussions • November 07 – Strategic Discussions • November 21 – Strategic Discussions • December 5 – Consensus/Prioritization/Rate Setting
Mary Alice Annecharico / Rod MacNeil, SOM Robin Beck, ISC Chris Bradie/Dave Carrol, Business Services Cathy DiBonaventura, School of Design Geoff Filinuk, ISC Bonnie Gibson, Office of Provost John Keane/ Grover McKenzie , Library John Irwin, GSE Marilyn Jost, ISC Deke Kassabian / Melissa Muth, ISC Doug Berger/ Manuel Pena, Housing and Conference Services Mike Weaver, Budget Mgmt. Analysis Dominic Pasqualino, OACP James Kaylor, CCEB Reni Roberts, ISC Kayann McDonnell, Law Donna Milici, Nursing Dave Millar, ISC Michael Palladino, ISC (Chair) Dan Shapiro, Dental Mary Spada, VPUL Marilyn Spicer, College Houses Steve Stines / Joseph Shannon, Div. of Finance Andrew Selden, PCBI Ira Winston / Helen Anderson, SEAS, SAS, School of Design Mark Aseltine/ Mike Lazenka, ISC Eric Snyder, Vet School Brian Doherty/John Yates, SAS Richard Cardona, Annenberg Deirdre Woods/ Bob Zarazowski, Wharton NPTF Fall ’05 Members
Preliminary FY ’06 NPTF Goals • Evaluate alternative central service fee funding models. • Share and address focus group themes. • Determine new strategic initiatives/directions. • Hold as many rates flat as possible for FY ’07. • Depending on outcome of 100Mbps pilots, lower rate in January 2006. • Deploy next generation wireless APs that include capitalization in monthly ongoing rate. (ISC owned) • Identify opportunities to retire/scale back services so that resources may be redeployed to higher priorities and/or lower costs
NPTF Informationwww.upenn.edu/computing/group/nptf • Current principles • Current assumptions • Status of major projects and initiatives (forthcoming)
Stakeholders Feedback • We received a wide range of input including focus groups and individual feedback. • We have listened intently, are considering suggestions in our planning and will reflect your input for both the NPTF process and overall strategies. • We hope you will see a refreshed approach towards NPTF discussion this year as a result including: • Less presentation time and more discussion. • More suggestions from participants on issues to be discussed. • Discussion must come to cost/benefits within NPTF process but before we get here we need to discuss your priorities and the drivers of N&T services and products. • We all have identified Security as one of the biggest drivers.
NETWORK PLANNING TASK FORCE “Information Security Planning” 10/03/05
Discussion • What are Penn’s major security problems? • Why do you think Penn has security problems? • START: What should we be doing that we’re not already? • STOP: What are we doing that doesn’t work well? • CONTINUE: What are we doing that works well?
Current Information Security Initiatives • Incident response • Legal compliance with HIPAA, GLBA, and Payment Card Industry Standards • Critical host and campus-wide scanning • Critical host policy • SUS service • Anti-virus software licensing • Secure out of the box • Training & Awareness (SANS training, quiz, brochure, articles, emails, security day, etc.) • Network registration • PennKey network authentication • Websec network authentication • Standard authorization queries
New, or near-term initiatives • Critical Security Incident Reports • Best practice documents • SPIA Risk assessment • Quarterly Security Reports • Critical Host Registration Application • Incident Tracking System • Local security officers • Local security scanning • Firewalls for critical hosts • Encrypting file systems