1 / 8

ITSS at University of Michigan: Enhancing Security Services and Expertise

Explore the Information Technology Security Services at the University of Michigan with Chief Information Technology Security Officer Paul Howell. Discover service offerings, security council functions, initial activities, and more. Learn about ITSS offerings, the Security Council, and key initial activities including incident response, security assessments, and staff sharing program goals for scaling security skills. Dive into the ITSS realm with a focus on risk management, policy recommendations, and overall security enhancement efforts.

thao
Télécharger la présentation

ITSS at University of Michigan: Enhancing Security Services and Expertise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Security Services atThe University of Michigan Paul Howell Chief Information Technology Security Officer

  2. ITSS Overview • Service offerings • Security council • Initial activities • Questions

  3. ITSS Offerings

  4. Security Council Cross University membership consisting of a few Deans, business owners, UMHS, and several faculty. • Makes policy recommendations to Provost, CFO, and EVP for Medial Affairs. • Dialog & sane decisions around risk management. • Provides general direction for ITSS.

  5. Initial Activities • Planning for • Staff sharing / training (discussed later) • Incident response • Security assessments • Hiring for several security positions. • Join FIRST. • Prompt reporting of all computer security incidents.

  6. Initial Activities – cont. • Establish an Incident Response Oversight Team. • Vulnerability scans of all wired & Wi-Fi campus networks. • ITSS Web site. • Dark IP space for identifying scanning and other activity.

  7. Initial Activities – cont. • NetFlow collection / processing at all UM-Internet interconnects. • Document and maintain network contacts for all wired & Wi-Fi networks. • Tools and procedures to locate a Wi-Fi computer / AP.

  8. Staff Sharing Program Goals • Scale security skills within the existing workforce • Medium level of competency • Training done over a 4 to 6 month period, consisting of a combination of self-paced, lecture & lab, and on-the-job • Pre-testing and post-testing measure progress • New security job title and compensation, fraction determined by local needs • Periodic rotation through ITSS for 4 to 6 months at half-time for on-going skills updating

More Related