240 likes | 434 Views
MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING. Technology Projects July 1, 2015 – December 31, 2015. Technology and Instructional Equipment Modernization. Technology and Instructional Equipment Modernization. Technology Advisory Committee (TAC) Recommended: 127 projects
E N D
MEASURE ICITIZEN’S OVERSIGHT COMMITTEEMEETING Technology Projects July 1, 2015 – December 31, 2015
Technology and Instructional Equipment Modernization Technology Advisory Committee (TAC) Recommended: • 127 projects • One hundred classroom computers ($117K) • Podium upgrades ($31K) • Wireless upgrade ($40K) • One hundred thirty computers/printers/scanners for faculty/staff offices ($137K) • Seven digital signage systems ($12K) • Tree inventory system ($10K) • Latex wide-format printer ($23K)
VOIP Telephone Project - Completed IP 485G phone 30 purchased IP 655 phone 8 purchased
Why is Data Security Important? • To prevent data breaches • To protect Personal Identifiable Information (PII) • To maintain continuous operations • To avoid expenses associated with compromises • Maricopa County College District in Arizona computer hack tops $26M • Breach in 2011 never addressed lead to 2013 hacking incident
AHC Data Security Measures Physical Security and Environmental Controls • Solid HVAC system • Redundant electrical system • Controlled access • Clean room • Redundant servers • Secured cabinets
AHC Data Security Measures Cyber Security Controls • Redundant firewalls • Partitioned network • 802.1X port-based authentication • Business grade antivirus • Remote centers on secure connections • Business grade antivirus • Encrypted passwords • SPAM filters
AHC Data Security Measures IT Services Practices • Servers patched once a month • Regular data backups • Minimize 3rd party database access • 3rd party contracts reviewed for data security provisions • Computer surplus service includes disk wipe • Network and servers monitored
AHC Data Security Measures User Security Controls • Updated Board Policy 3720 Computer and Network Use • Password policy enforced • Separate system authorizations - Principle of least privilege (translates to giving people the lowest level of user rights that they can have and still do their jobs)
AHC Data Security Measures Education in addition to tools • Malware and strategies to mitigate their affect • Adware • Ransomware • Trojans • Spyware • Phishing
CCC information Security CenterThe CCC Information Security Center is funded by a grant from the California Community Colleges Chancellor's Office
Why the State Funds the CCC Security Center • 75% of California Community Colleges have no dedicated IT Security Staff. • 60% have no Security Awareness Programs. • 60% of Colleges ranked their Information security program as just starting out.
CCC Technology Center Vulnerability Scans of Web facing servers • Identify misconfigurations • Validate firewall rules • Identify out of date and vulnerable software.
CCC Technology Center – Awareness Training Firewalls Logging Staff IDS SSL Antivirus Authentication
CCC Technology Center Future Plans • Policy Reviews • Inside Vulnerability Scan • Architecture Review • Risk Analysis • Phishing Assessment
Cuesta College Data Breach • Human Resources analyst out on medical leave • Remotely accessed private information (addresses, phone numbers and SSNs) and emailed to private account without authorization • Discovered two weeks later • Raided home and found drugs • Lacy Fowler arrested June 17, 2015
AHC Response to Cuesta Data Breach • Updated VPN/Remote User Agreement • Reviewed list of all employees, contractors, and agents with remote access • Removed access for all except those with current business needs • Required a signed agreement to maintain access • Employee account disabled when: • An employee separates • ITS director notified by cabinet member for special circumstances
Disaster Recovery Plan – Securing the data • All critical data is backed up • Disk to disk copies are made daily from the Santa Maria (SM) data center to the LVC server room. • Disk to tape backup is still used for a few of the older servers. • A full backup to tape is made twice a year with the tapes transported to LVC for offsite storage.
Disaster Recovery Plan - Recovery • Rent or ‘borrow’ infrastructure • Cuesta College or Santa Barbara City College • Amazon Web Services (AWS) • Microsoft Azure • Rackspace • Recover services needed for business continuity