Fy 08 NETWORK PLANNING TASK FORCE - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Fy 08 NETWORK PLANNING TASK FORCE

Description:

Focus on prevention (not reactive) Defense in depth ... Always-on Critical Host Scanning. Database Logging. Logging Service. Fraud detection ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 14
Provided by: nail7
Category:

less

Transcript and Presenter's Notes

Title: Fy 08 NETWORK PLANNING TASK FORCE


1
Fy 08 NETWORK PLANNING TASK FORCE
  • Information Security Looking Forward

10.29.07
2
NPTF Meetings FY 08
  • 130-300pm in 337A Conference Room, 3rd floor
    of 3401 Walnut Street
  • Process
  • Intake and Current Status Review July 16
  • Agenda Setting Discussion September 17
  • Strategy Discussions October 1
  • Security Strategy Discussions October 29
  • Security Other Strategy Discussions November
    5
  • Prioritization FY09 Rate Setting November 19

3
NPTF Meetings FY 09
  • February 18-Operational review
  • April 21- Planning discussions
  • June 2- Security strategy session
  • July 21-Strategy discussions
  • August 4- Strategy discussions
  • September 15- Preliminary rates/security
  • October 6- Strategy discussion
  • November 3- FY10 Rate setting

4
Todays Agenda
  • Security Strategy Discussions
  • Security Planning Today
  • Prevention
  • Defense in Depth
  • Increase Efficiency
  • Proposed 3 Year Plan

5
Security Planning Today
  • Have a security strategy and plan
  • Rolling 3 year plan
  • Focus on prevention (not reactive)
  • Defense in depth
  • Goal Find ways to say yes while minimizing
    risk, reducing vulnerabilities, and the overall
    cost of security

6
Prevention
  • Continue to increase user awareness
  • Leverage Learning Management System to deliver
    security awareness and training to broad
    community
  • 75 of data breaches are caused by user error1
  • Policies and controls
  • SPIA
  • Infrastructure and tools
  • Next generation PennKey
  • Central authorization
  • Laptop encryption

1. "Taking Action to Protect Sensitive Data", IT
Policy Compliance Group, Feb, 2007
7
Defense in Depth
  • Continue to Expand Layers of defense
  • Build and maintain a robust security
    infrastructure
  • Next generation PennKey
  • Central Authorization
  • Supplement strong authentication with logging
  • Security Event Management in place at 45.8 of
    peer institutions1
  • Consider building upon logging initiative with
    fraud detection

1. "Taking Action to Protect Sensitive Data", IT
Policy Compliance Group, Feb, 2007
8
Increase Efficiency
  • Reduce costs to affiliate with third party
    systems
  • Shibboleth
  • Central authorization - centrally managed groups

9
Security Approaches Implemented by
Doctoral/Research (DR) Institutions1
1. Safeguarding the Tower IT Security in Higher
Education 2006 EDUCAUSE Center for Applied
Research
10
Proposed 3 Year Plan FY 08
  • SPIA
  • LSP Training
  • SSN Policy
  • New Employee Awareness
  • Central Authorization Service (PennAccess)
  • Hard Drive Encryption
  • PennNet Gateway Pilot
  • File Sharing Policy
  • Shibboleth
  • GRADI / Remedy integration

11
Proposed 3 Year Plan FY 09
  • SPIA
  • System Administrator Awareness
  • Annual Security Awareness strongly encouraged for
    all staff
  • Next Generation PennKey
  • Desktop Server HIPS
  • Logging Service
  • Intrusion Detection (local)
  • Local systems begin to utilize central
    authorization
  • Plan database encryption and logging
  • Investigate central SSN vaulting

12
Proposed 3 Year Plan FY 10
  • SPIA
  • Annual Security Awareness for all faculty
  • Database Encryption Policy
  • Central SSN Vaulting Service
  • Recommended Application Security Testing Tools
  • Always-on Critical Host Scanning
  • Database Logging
  • Logging Service
  • Fraud detection

13
Discussion
Write a Comment
User Comments (0)
About PowerShow.com