1 / 13

Fy ‘08 NETWORK PLANNING TASK FORCE

Fy ‘08 NETWORK PLANNING TASK FORCE. Information Security Looking Forward . 10.29.07. NPTF Meetings – FY ‘08. 1:30-3:00pm in 337A Conference Room, 3 rd floor of 3401 Walnut Street Process Intake and Current Status Review – July 16 Agenda Setting & Discussion – September 17

lawandam
Download Presentation

Fy ‘08 NETWORK PLANNING TASK FORCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fy ‘08 NETWORK PLANNING TASK FORCE Information Security Looking Forward 10.29.07

  2. NPTF Meetings – FY ‘08 • 1:30-3:00pm in 337A Conference Room, 3rd floor of 3401 Walnut Street • Process • Intake and Current Status Review – July 16 • Agenda Setting & Discussion – September 17 • Strategy Discussions – October 1 • Security Strategy Discussions – October 29 • Security & Other Strategy Discussions – November 5 • Prioritization & FY’09 Rate Setting – November 19

  3. NPTF Meetings – FY ’09 • February 18-Operational review • April 21- Planning discussions • June 2- Security strategy session • July 21-Strategy discussions • August 4- Strategy discussions • September 15- Preliminary rates/security • October 6- Strategy discussion • November 3- FY’10 Rate setting

  4. Today’s Agenda • Security Strategy Discussions • Security Planning Today • Prevention • Defense in Depth • Increase Efficiency • Proposed 3 Year Plan

  5. Security Planning Today • Have a security strategy and plan • Rolling 3 year plan • Focus on prevention (not reactive) • Defense in depth • Goal: Find ways to say “yes” while minimizing risk, reducing vulnerabilities, and the overall cost of security

  6. Prevention • Continue to increase user awareness • Leverage Learning Management System to deliver security awareness and training to broad community • 75% of data breaches are caused by user error1 • Policies and controls • SPIA • Infrastructure and tools • Next generation PennKey • Central authorization • Laptop encryption 1. "Taking Action to Protect Sensitive Data", IT Policy Compliance Group, Feb, 2007

  7. Defense in Depth • Continue to Expand Layers of defense • Build and maintain a robust security infrastructure • Next generation PennKey • Central Authorization • Supplement strong authentication with logging • Security Event Management in place at 45.8% of peer institutions1 • Consider building upon logging initiative with fraud detection 1. "Taking Action to Protect Sensitive Data", IT Policy Compliance Group, Feb, 2007

  8. Increase Efficiency • Reduce costs to affiliate with third party systems • Shibboleth • Central authorization - centrally managed groups

  9. Security Approaches Implemented by Doctoral/Research (DR) Institutions1 1. Safeguarding the Tower: IT Security in Higher Education 2006 EDUCAUSE Center for Applied Research

  10. Proposed 3 Year Plan FY ‘08 • SPIA • LSP Training • SSN Policy • New Employee Awareness • Central Authorization Service (PennAccess) • Hard Drive Encryption • PennNet Gateway Pilot • File Sharing Policy • Shibboleth • GRADI / Remedy integration

  11. Proposed 3 Year Plan FY ‘09 • SPIA • System Administrator Awareness • Annual Security Awareness strongly encouraged for all staff • Next Generation PennKey • Desktop & Server HIPS • Logging Service • Intrusion Detection (local) • Local systems begin to utilize central authorization • Plan database encryption and logging • Investigate central SSN vaulting

  12. Proposed 3 Year Plan FY ‘10 • SPIA • Annual Security Awareness for all faculty • Database Encryption Policy • Central SSN Vaulting Service • Recommended Application Security Testing Tools • Always-on Critical Host Scanning • Database Logging • Logging Service • Fraud detection

  13. Discussion

More Related