1 / 26

ITS/CLO Partnership In IT Security Implementation By Kent Leung Chief Computing Officer

ITS/CLO Partnership In IT Security Implementation By Kent Leung Chief Computing Officer Information Technology Services office. ITS/CLO Partnership. CLO = CLO/DSO CLO = Computer Liaison Officer DSO = Departmental Security Officer. Recommendations on IT Security from IAU.

lotte
Download Presentation

ITS/CLO Partnership In IT Security Implementation By Kent Leung Chief Computing Officer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITS/CLO Partnership In IT Security Implementation By Kent Leung Chief Computing Officer Information Technology Services office

  2. ITS/CLO Partnership CLO = CLO/DSO CLO = Computer Liaison Officer DSO = Departmental Security Officer

  3. Recommendations on IT Security from IAU IAU recommendations in April 2002: • Establish and enforce an Institutional Computer Security Policy • Establish Security Incident Handling Procedures

  4. Recommendations on IT Security from IAU IAU recommendations in April 2002: • Assist Departments to develop Departmental Security Policy, Guidelines and Procedures • Conduct security awareness and training programs

  5. Establish an Institutional Computer Security Policy • ITS promulgated the PolyU Computer Systems Security Policy in 1999 • It is not only for ITS but for ALL users in PolyU • Department has the responsibility to compliant with • Endorsed by the internal and external auditors in 2000 • Endorsed by ITSC in April 2002 • Available on the PolyU Security Website

  6. Establish an Institutional Computer Security Policy • ITS promulgated the network policy for student hostel in 2002 • http://www.polyu.edu.hk/its/services_facilities/HALL_Reg.html

  7. Enforcement of the PolyU Systems Security Policy • ITS reviews the PolyU Systems Security Policy annually to cope with changing circumstances • Departments should also review departmental system security policy annually to cope with changing circumstances

  8. Enforcement of the PolyU Systems Security Policy • Ensure all service providers comply with PolyU SSP and departmental SSP • New services should comply with SSP before put into production

  9. Establish Security Incident Handling Procedures • ITS has in place security incident handling procedures • ITS security team handles all security related incidents, e.g., Virus infection, Hacking and etc • Lead by Mr. P.F. Chan • Users only need to report IT Security related incidents via HOTS • All cases kept confidential

  10. ITS assists Departments to develop Departmental Computer Security Policy, Guidelines and Procedures

  11. Departmental Computer Security Policy, Guidelines and Procedures • Establish the scope of the Policy by identifying the extent of IT assets • Information, service, software and hardware • Perform risk and threat analysis on each identified asset

  12. Risk Analysis

  13. Risk Levels

  14. Threat Analysis Summary

  15. Departmental Computer Security Policy, Guidelines and Procedures • Helps available from: • ITS (contact Mr. P.F. Chan) • NetDefence • Your own choice of vendor

  16. Departmental Computer Security Policy, Guidelines and Procedures • Decide in joint consultative meetings if the PolyU Systems Security Policy is sufficient to protect the perceived risks in the Department • If ‘Yes’, adopt and enforce the PolyU Systems Security Policy • If ‘No’, add additional rules and guidelines for department

  17. Departmental Computer Security Policy, Guidelines and Procedures • File copy of the Departmental Policy, Guidelines and Procedures in ITS and IAU for record • The PolyU Systems Security Policy is the ‘minimum’ security standard that must be complied by Departments

  18. Security Awareness and Training • ITS/CLO shall conduct and encourage departmental staff to attend security briefings regularly • ITS/CLO shall regularly brief their staff and students of prevailing external threats, virus attacks and the security update of the software they are using

  19. What Has ITS Done? • Access Control on Routers • Use switches instead of hub in Campus Network • Provide VPN Service • Provide transparent proxy • Maintain an IT Security Website • Dedicated team on IT Security

  20. What Has ITS Done? • Implement firewalls • Require users to register their Web servers, e-mail servers etc • Firewall Bypass Registration • Firewall bypass requests effective from 29 Nov 2002 • If your department has not registered, all firewall bypass rules will be removed • Remind and encourage users to change passwords regularly

  21. What Has ITS Done? • Provide anti-virus software on PC client to all users • Implement virus filtering on GroupWise and Campus E-mail • Require remote user to authenticate before using PolyU E-mail servers • Send virus alert notices to all users

  22. The Role of CLO/DSO • Advisor to the Department Head • Partner of ITS • Mentor on IT security issues in Department • Departmental Representative on IT security issues • Oversees Departmental IT security related matters

  23. The Role of CLO/DSO Oversees Departmental IT security matters: • Manage IP assignment • Assign IP address within the departmental VLAN • Keep an up-to-date list of the location, owner and contact person of each IP address

  24. The Role of CLO/DSO Oversees Departmental IT security matters: • Coordinate departmental firewall registrations • Examine and authorize firewall bypass requirements • Maintain an up-to-date firewall bypass records • Renew firewall bypass applications annually

  25. The Role of CLO/DSO • Keep abreast of security updates on various OS platforms • Alert departmental users on new virus attacks and the latest anti-virus tools • Coordinate replies to security related queries on attacks originated from the department

  26. The Role of CLO/DSO • Provide information and assist in the investigation of security incidents • Work closely with ITS on all security and IT related issues • Report IT security incidents to ITS

More Related