110 likes | 188 Views
IT Compliance Coordinators. Kick-Off Meeting May 19, 2008. Agenda . Welcome and Introductions Jim Davis Ed Pierce Amy Blum Goals and Responsibilities Metrics and Reports What do you need? Website Training Information Tools Open Discussion on roles and expectations.
E N D
IT Compliance Coordinators Kick-Off Meeting May 19, 2008
Agenda • Welcome and Introductions • Jim Davis • Ed Pierce • Amy Blum • Goals and Responsibilities • Metrics and Reports • What do you need? • Website • Training • Information • Tools • Open Discussion on roles and expectations
Robert Kilgore College Bob Park Athletics Mitra Ashtari SumSes/CO/SA Eric Chang UNEX Andrea Korn External Affairs Tito Deveyra TFT Kamran Mehdian ASUCLA Mike Kusunoki Anderson Sean Pine Law Jackson Jeng Research Grant Yano Dentistry Terry Ryan Library Julie Austin SEAS Ann Chang Medical Bill Jepson A&A Tom Phelan SSC David Snow Medical/SPH Don Worth Admin Mike Schilling Admin Max Kopelovich Phys Sci Dave Curry Internal Audit Peter Kovaric GSEIS Bryant Ng Nursing Harold Shin Humanities C. Cunningham OIT Mark Jenkins Cap. Programs Kaya Mentesoglu Internat. Inst Vincent Riggs SPA Babak Saberi Life Sciences Amy Blum Resource, Legal Ross Bollens Resource, OIT Kent Wada Resource, OIT Jim Davis Sponsor Ed Pierce Sponsor ITCC Membership
Oversight Committee Internal Audit and Controls • Expectations of Committee - Ed Pierce • Security standing agenda item • Report on security through OIT & in partnership with the medical enterprise • ITCC formal campus entity for institutional regulatory practice in a federated environment • Reporting, education, communication, institutional practice, meaningful policy implementation
ITCC Broad in Scope • Security practice • Web accessibility • Privacy • E-discovery • Records retention • Public Records Act • HIPAA
IT Security Categories • IDs & PWs, authorized practice • Cyber attacks • Loss through individual responsibility
IT Security Practice • Management: credentialing, IDs & PWs, authorized behaviors • Prevention: policy, protocols, culture, incentives, monitoring, tracking, scanning • Incident Response: detection, protocol, mitigation, reporting
Initial Metrics Ideas • % of systems that are 401 compliant 2. % of critical assets or functions residing on compliant systems 3. % of systems hold sensitive/restricted data that are compliant 4. % of above systems that are monitored or have activity logs • % of machines and peripherals that meet standards for secure disposal • Number of people in your unit without a UCLA email address & number not in directory
IT Compliance Website (DRAFT) • Contents • Tone • Critical Link Locations http://safecomputing.ucla.edu/new.htm
Security Administrator Topics • April – Web Vulnerabilities (+ follow-up) • May – eEye • June – Secure Disposal • July – Secure Server Configurations • August – Implementing NAC • Future: • Cisco • Patchlink • Macafee • Secure Macs • RSA/Verisign/2-Factor security