ISOs Road to Disclosure - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

ISOs Road to Disclosure

Description:

7. Recap: May 05 Oct 05. Completed. 431 - Deploy Anti-spyware software via MyAndrew ... DELIVERY: Windows Update Quarantine ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 25
Provided by: marylpre
Category:

less

Transcript and Presenter's Notes

Title: ISOs Road to Disclosure


1
ISOs Road to Disclosure
  • Lets do it all!

2
ISOs Road to Disclosure
  • Do we have the resources?
  • Do others???

3
ISOs Road to Disclosure

4
The Do it All Plan

5
The Do Some Plan

6
Concerns
  • FTE meaning
  • Estimate confidence
  • Unplanned events
  • Matching need with availability
  • Who else is counting on us?

7
Recap May 05 Oct 05
  • Completed
  • 431 - Deploy Anti-spyware software via MyAndrew
  • 435c - Intrusion Detection System (Phase 1
    Continuing into Phase 2)
  • Deferred
  • 432 - Bandwidth Service Groups
  • 433 - Cluster Firewalls
  • 437 - NetReg CompServ subgroups

8
Recap May 05 Oct 05
  • Carry Over into Fall 2005
  • 430 - ISO Web redesign
  • 434 - Data Security Policy Update
  • 436 - Initial Andrew Account Passwords
  • 438 - Password Policy
  • 439 - Policy update monitoring
  • 440 - Policy update for research data (network
    traffic)

9
Recap May 05 Oct 05
  • Hired Policy Coordinator
  • Hired Training Awareness Coordinator
  • Hired Director of Info Sec
  • Campus security survey
  • ISO Team Retreat (3 year plan coming)

10
ToDo Internal Nov 05 Apr 06
  • Create Incident Response Plan
  • Guideline/Policy Gap Analysis
  • Guideline Development
  • network data research
  • account data retention
  • IKON eCopy
  • TA Curriculum Plan
  • College/Dept GLB assessment
  • IT security assessment plan

11
ToDo Internal Nov 05 Apr 06
  • Staff Training Certifications
  • Document Internal Procedures
  • Convene Security Advisory Committee
  • Data Mining Strategies/Netnotify Analysis
  • IDS Outsourcing Analysis
  • Signed email for ISO

12
ToDo External Nov 05 Apr 06
  • DELIVERY Windows Update Quarantine
  • DELIVERY Computing Services Elimination of
    Clear Text Login of Andrew credentials
  • DELIVERY Desupporting Kerberos 4
  • DELIVERY DNS Black-hole for Malware

13
ToDo External Nov 05 Apr 06
  • DELIVERY Environment Scanning
  • DELIVERY Automated Welcome Messages for New
    Email Accounts
  • DISCOVERY Calea Compliance
  • DELIVERY Hire Security Engineer

14
Windows Update Quarantine
  • Provide suspended machines access to all patches.
  • Options to be investigated
  • Direct access to Windows Update via a proxy
    server
  • Access to a Windows Software Update Server
  • Risks support burden, client issues
  • .7 FTE 10,000

15
Elimination of Clear Text Login
  • The elimination/mitigation of clear text Andrew
    login/password for Computing Services
    applications.
  • Telnet, FTP, NiftyTelnet, IMAP, SMTP, GQL
  • Risks non-negotiable dependencies, VPN service
  • .65 FTE

16
Desupporting Kerberos 4
  • Decommission Kerb 4 and perhaps replace what has
    been reported as the only application depending
    on Kerb4, zephyr
  • Cryptographically weak, DES based, vulnerable to
    ticket fabrication
  • Risks user acceptance, degradation in
    communication
  • .07FTE

17
DNS Black-hole for Malware
  • Limit the spread of malware by blocking sites
    associated with the spread or control of malware.
  • Risks false positives, workarounds, user
    experience, lack of timely updates
  • .5 FTE 8,000

18
Environment Scanning
  • Build a system/methodology that attempts to
    passively identify operating systems, databases
    and applications on campus on a host-by-host
    basis.
  • Risks accuracy, time consuming, privacy
    concerns, insufficient coverage
  • .5 FTE 9,000

19
Automated Welcome Messages for New Email Accounts
  • Seed new inboxes with relevant security-related
    (and other) information designed for each user
    type, recognizing that the first message in the
    inbox may receive special intention and have
    lasting impact.
  • .1 FTE

20
CALEA Compliance
  • Communications Assistance for Law Enforcement Act
    (CALEA)
  • Conduct an impact analysis and develop a project
    roadmap for CALEA compliance
  • Risks misinterpretation of requirements, wasted
    effort
  • .1 FTE

21
Hire Security Engineer
  • Hire into the allocated Security Engineer
    position.
  • Risks Further increases detection capability
  • .03 FTE

22
ISO Fall 2005 Tactical Plan Resource Summary
23
Horizon May 06 May 07
  • Bandwidth Service Groups
  • NetReg CompServ subgroups
  • Self-scan Server
  • Malware Lab
  • UNIX Virus Scanning
  • Restricted Wireless
  • Darknet for Detecting Scanning and Worms

24
Rejected Plan to NOT Do
  • Cluster Firewalls
  • Replaced w/ ACLs project
  • Malware Removal Program
  • Missing the window of opportunity
  • Developing other mitigation
Write a Comment
User Comments (0)
About PowerShow.com