1 / 32

Departmental Security Framework Rutgers University Office of Information Technology

Departmental Security Framework Rutgers University Office of Information Technology Presented By: Bruce Rights Systems Programmer / Administrator Information Protection and Security brights@rutgers.edu Housekeeping Hours Bathrooms Fire exits Telephones Recycling Smoking

emily
Télécharger la présentation

Departmental Security Framework Rutgers University Office of Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Departmental Security Framework Rutgers University Office of Information Technology Presented By: Bruce Rights Systems Programmer / Administrator Information Protection and Security brights@rutgers.edu

  2. Housekeeping • Hours • Bathrooms • Fire exits • Telephones • Recycling • Smoking • Contact information IT Certificate Program – Departmental Security Framework

  3. Departmental Security Framework • Welcome • Introduction IT Certificate Program – Departmental Security Framework

  4. Agenda • Expectations and Objectives • Office of Information Technology Organization • Introduction to Security • Terms & Definitions • IPS Security Services • Other Services • Rutgers Policies and Procedures • Department Responsibilities • Conclusion IT Certificate Program – Departmental Security Framework

  5. Expectations and Objectives • What would you like to get out of this? • What are your past experiences • What has happened in the last month? http://www.rci.rutgers.edu/~brights/it_cert_ips/bbc.mpeg IT Certificate Program – Departmental Security Framework

  6. Office of Information Technology • http://www.rci.rutgers.edu/~brights/it_cert_ips/oit_org_chart.htm IT Certificate Program – Departmental Security Framework

  7. Introduction to Security • Why is security important? • What do you want protected about yourself? • Is confidentiality possible in today’s electronic world?? IT Certificate Program – Departmental Security Framework

  8. More intro. to Security • What is the security threat at Rutgers? Problems: Limited internet handoff firewall Limited firewall from ResNet Limited firewall from Administrative functions Lots of data stored locally No historical security awareness Limited local subnet firewalls No authoritarian security directives Routine pass thru of information so original data custodian does not know the full extent of data sharing No data classification No identification of what to keep confidential No money for security IT Certificate Program – Departmental Security Framework

  9. Even more intro. to Security • What protection is already here? Solutions in place: • Universal managed anti-virus • Local patching repository • RUSecure web pages • (including cirt, infoprotect, netsecurity, nppi, ruscan) IT Certificate Program – Departmental Security Framework

  10. Terms & Definitions • Authentication • Authorization • Best Practices • Critical Host • Data Custodian / Owner / User • Defense in Depth • Network Contact (NC) • Network Liaison (NL) IT Certificate Program – Departmental Security Framework

  11. Rutgers Terms & Definitions • Microcomputer Support Services Group (MSSG) • Rutgers University Computing Services (RUCS) (prior name for OIT) • Administrative Computing Services (ACS) (prior name for ESO and ADDM) • http://ucstoolkit.rutgers.edu/general/acronyms.html IT Certificate Program – Departmental Security Framework

  12. IPS Services • Security Awareness • Compliance • Training • Abuse Handling IT Certificate Program – Departmental Security Framework

  13. IPS ServicesSecurity Awareness • Webpages • http://rusecure.rutgers.edu • Online security survey: • https://webhost3.rutgers.edu/security_interview/ IT Certificate Program – Departmental Security Framework

  14. IPS ServicesSecurity Awareness • Q&A webpage for Directors • http://rusecure.rutgers.edu/department/administration/it-security-questions-you-should-be-asking/ • Mailing lists • https://email.rutgers.edu/mailman/listinfo/ • (Security_Admins and Security_Alerts) IT Certificate Program – Departmental Security Framework

  15. IPS ServicesCompliance • http://rusecure.rutgers.edu/department/techstaff/compliance/ • HIPAA, GLBA, SEVIS, FERPA, SOX, FACTA, PCI • NJ ID Theft Prevention Act • http://infoprotect.rutgers.edu/compl/njid.php http://www.rci.rutgers.edu/~brights/it_cert_ips/0304_desk.jpg http://www.rci.rutgers.edu/~brights/it_cert_ips/0304_desk_answer.jpg IT Certificate Program – Departmental Security Framework

  16. IPS Services Training • NBCS Education classes • Introduction to Security Awareness • ID Theft • http://edseries.rutgers.edu • Camden Education classes • http://edseries.camden.rutgers.edu • Newark Education series • http://www.ncs.rutgers.edu/helpdesk/edseries/index.htm • Other specialized/on demand IT Certificate Program – Departmental Security Framework

  17. IPS ServicesAbuse Handling • abuse@rutgers.edu • http://rusecure.rutgers.edu/department/techstaff/ih • RIAA, IFPI, MPAA, DMCA IT Certificate Program – Departmental Security Framework

  18. Subject: DMCA Notice (Ref: RZZZZ) 28 June 2005 Ref: RZZZZ Re: http://www.eden.rutgers.edu/~XXXXXXX/Music/ Dear Lance D Jordan, I am contacting you on behalf of the International Federation of the Phonographic Industry (IFPI) and its member record companies.  The IFPI is a trade association whose member companies are some 1,450 major and independent record companies in the US and internationally who create, manufacture and distribute sound recordings. Under penalty of perjury, we submit that the IFPI is authorized to act on behalf of its member companies in matters involving the infringement of their sound recordings, including enforcing their copyrights and common law rights on the Internet. We have learned that your service is hosting infringing files on its network (see above-referenced directory).  These files contain sound recordings by the artists known as Basement Jaxx, Jackson 5, Gorillaz and Kiss.  These sound recordings are owned by some of our member companies and have not been authorized for this kind of use.  We have a good faith belief that the above-described activity is not authorized by the copyright owner, its agent, or the law.  We assert that the information in this notification is accurate, based upon the data available to us. We are asking for your immediate assistance in stopping this unauthorized activity.  Specifically, we request that you remove the infringing files fromyour system or that you disable access to the infringing files.  In addition, please inform the site operator of the illegality of his or her conduct. You should understand that this letter constitutes notice to you that this site operator may be liable for the infringing activity occurring on your service. In addition, under the Digital Millennium Copyright Act, if you ignore this notice, you and/or your company may also be liable for any resulting infringement. This letter does not constitute a waiver of any right to recover damages incurred by virtue of any such unauthorized activities, and such rights as well as claims for other relief are expressly retained. You may contact me at IFPI Secretariat, 54 Regent Street, London W1B 5RE, United Kingdom or email Notices@ifpi.org, to discuss this notice.  We await your response.

  19. Other OIT Services • Lan Support Services: • http://lss.rutgers.edu/ • ACL’s on Switches • http://www.td.rutgers.edu/documentation/Policies/Switch_Access_Guideline.pdf • Web On-Line Payment • http://ua.rutgers.edu/unrestricted/CurrUnrestricted.php IT Certificate Program – Departmental Security Framework

  20. Other OIT Services, pt 2. • Safeword • http://rusecure.rutgers.edu/services/authentication-token-cards/safeword/ • SecureID • http://rusecure.rutgers.edu/services/authentication-token-cards/securid-authentication/ http://www.rci.rutgers.edu/~brights/it_cert_ips/password.gif IT Certificate Program – Departmental Security Framework

  21. Services outside of OIT • ID Theft 911 • http://uhr.rutgers.edu/ben/AddBenIdentityTheft.htm • http://www.identitytheft911-sunj.com/home.htm • Credit Cards • http://www.rci.rutgers.edu/~univcont/creditsecurity/index.htm IT Certificate Program – Departmental Security Framework

  22. Services outside of OIT (2) • Information Protection Evaluation Team (IPET) • http://policies.rutgers.edu/PDF/Section50/50.3.9-current.pdf • http://policies.rutgers.edu/PDF/Section50/50.3.9-IDTheftGuidelines-current.pdf • RUID instead of SSN • http://studentaffairs.rutgers.edu/ruid.html IT Certificate Program – Departmental Security Framework

  23. Rutgers Policies • Rutgers Policies http://policies.rutgers.edu/ • Data destruction/disposal • http://policies.rutgers.edu/PDF/Section20/20.1.12-current.pdf • Copyright • http://policies.rutgers.edu/PDF/Section50/50.3.7-current.pdf • Computer policies (All are under review) • http://policies.rutgers.edu/contents70.shtml IT Certificate Program – Departmental Security Framework

  24. Rutgers Procedures, etc • Confidentiality • http://ruweb.rutgers.edu/oldqueens/employ.pdf • Proper Use • http://ruweb.rutgers.edu/oldqueens/properuse.pdf • Acceptable Use Policy (AUP) • http://oit.rutgers.edu/acceptable-use.html • Wireless • http://wireless.rutgers.edu/policy.php • http://oit.rutgers.edu/wireless-policy.html IT Certificate Program – Departmental Security Framework

  25. Rutgers Procedures (cont.) • (computer security) • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-information-security-classification-policy/ • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-minimum-security-standards-for-networked-devices/ IT Certificate Program – Departmental Security Framework

  26. Department Responsibilities • Policies and procedures • Security planning • Secure operations http://www.rci.rutgers.edu/~brights/it_cert_ips/balance.jpg IT Certificate Program – Departmental Security Framework

  27. DepartmentPolicies and Procedures • What are your departmental policies? • What are your departmental procedures? • What are your computer policies and procedures? http://www.rci.rutgers.edu/~brights/it_cert_ips/to_catch_a_thief.mp3 IT Certificate Program – Departmental Security Framework

  28. Department Security Planning • Security planning • http://rusecure.rutgers.edu/department/administration/developing-an-it-security-plan/ • Baseline security • http://oit.rutgers.edu/security-9-23-2003.html • Advanced security • http://rusecure.rutgers.edu/draft-policies-and-standards/draft-minimum-security-standards-for-networked-devices/ IT Certificate Program – Departmental Security Framework

  29. DepartmentSecure Operations • Incident handling • Abuse@rutgers.edu • Incident detention and handling • http://rusecure.rutgers.edu/department/techstaff/ih IT Certificate Program – Departmental Security Framework

  30. Questions • What questions do you have that I did not answer? • What does the future hold? IT Certificate Program – Departmental Security Framework

  31. Thank you for coming • This course is a component of the IT Certificate Program, a collaborative effort of the Office of Information Technology, University Human Resources, and the Internal Audit Department IT Certificate Program – Departmental Security Framework

  32. Information Protection & Security(A Division of the Office of Information Technology [OIT]) • ASB Annex 1 Room 102 Busch campus 56 Bevier road Piscataway, NJ 08854 phone: (732) 445-8011 fax: (732) 445-8023 rusecure@rutgers.edu IT Certificate Program – Departmental Security Framework

More Related