Upload
garey-roberts
View
218
Download
1
Tags:
Embed Size (px)
Citation preview
End User Security End User Security Awareness ProgramAwareness Program
University of ToledoUniversity of ToledoEducational and Information TechnologyEducational and Information Technology
Presented by: Interim Chief Information Officer, Joseph SawaskyPresented by: Interim Chief Information Officer, Joseph Sawasky Communications Administrator, Melissa CrabtreeCommunications Administrator, Melissa Crabtree
What’s in an end user security What’s in an end user security program for you?program for you?
Despite IT’s best efforts (firewall, passwords, encryption, Despite IT’s best efforts (firewall, passwords, encryption, directory permissions, anti-virus, anti-spyware, facility controls, directory permissions, anti-virus, anti-spyware, facility controls, video surveillance etc…), one careless or malicious end user video surveillance etc…), one careless or malicious end user can cause major problems for you – it will happen on your can cause major problems for you – it will happen on your campus!campus!
Ensures IT AND end user departments have shared “skin in Ensures IT AND end user departments have shared “skin in the game”the game”
Shows due diligenceShows due diligence Shows IT is proactively addressing area of high potential Shows IT is proactively addressing area of high potential
security risk outside the data centersecurity risk outside the data center It’s relatively cheap It’s relatively cheap You’ll have ready answers when the local media visits and You’ll have ready answers when the local media visits and
when angry students, parents, employees and bosses callwhen angry students, parents, employees and bosses call (and it reduces the chances that the previous bullet will occur!)(and it reduces the chances that the previous bullet will occur!) Steal with pride! That’s what OHECC is for!Steal with pride! That’s what OHECC is for!
““It’s not It’s not ifif it will happen.. it will happen..it’s it’s whenwhen!”!”
Stolen laptop at University of CA, Berkeley causes Stolen laptop at University of CA, Berkeley causes breach of 98,400 SSN’sbreach of 98,400 SSN’s
Hacker comprises security at Boston College, breach of Hacker comprises security at Boston College, breach of 120,000120,000
Dishonest insider at University of Hawaii leaks 150,000 Dishonest insider at University of Hawaii leaks 150,000 SSN’sSSN’s
Ohio Incidents – Closer to HomeOhio Incidents – Closer to Home University of ToledoUniversity of Toledo
Faculty member posts grades and SSN’s of 56 studentsFaculty member posts grades and SSN’s of 56 students Faculty member posts grades and SSN’s of 155 studentsFaculty member posts grades and SSN’s of 155 students 4 stolen laptops breach approximately 2,200 SSN’s4 stolen laptops breach approximately 2,200 SSN’s
Rule of thumb – notification costs ~$2.00 per record Rule of thumb – notification costs ~$2.00 per record compromisedcompromised
Data Source: Privacy Rights Clearninghouse - http://www.privacyrights.org/ar/ChronDataBreaches.htmData Source: Privacy Rights Clearninghouse - http://www.privacyrights.org/ar/ChronDataBreaches.htm
What we’ll talk about todayWhat we’ll talk about today
The University of Toledo – Educational The University of Toledo – Educational and Information Technologyand Information Technology
End User Awareness Training and Best End User Awareness Training and Best Practices “Recommendations”Practices “Recommendations”
Departmental Auditing ProceduresDepartmental Auditing ProceduresCyberAngel and PowerGREPCyberAngel and PowerGREPLooking to the futureLooking to the future
The University of ToledoThe University of Toledo
20,000 Students20,000 Students 2,200 Faculty and Staff2,200 Faculty and Staff 10,000+ computers10,000+ computers Educational and Information TechnologyEducational and Information Technology
79 FTE’s79 FTE’s 1 Full Time Network Security Analyst1 Full Time Network Security Analyst Team created from existing employees for security Team created from existing employees for security
awareness and audit procedureawareness and audit procedure Central Response Unit for security breachesCentral Response Unit for security breaches Provide University-wide information security best practicesProvide University-wide information security best practices Promote Security Awareness and Education of EmployeesPromote Security Awareness and Education of Employees
Security Awareness Security Awareness and Training Programand Training Program
Lunch and Learn ProgramLunch and Learn ProgramThe PresentationThe Presentation
What is Sensitive Information?What is Sensitive Information?Their role and responsibilityTheir role and responsibilityThree methods of security – Physical, Computer, Three methods of security – Physical, Computer,
and Procedural (Social Engineering)and Procedural (Social Engineering)Guidelines for Information Security for Faculty/Staff Guidelines for Information Security for Faculty/Staff
tri-foldtri-foldVideo on Information SecurityVideo on Information Security
Security Awareness Security Awareness and Training Programand Training Program
Lunch and Learn Program ContinuedLunch and Learn Program ContinuedParticipant’s Next StepsParticipant’s Next Steps
Personal Security Action PlanPersonal Security Action Plan Each user should go through their computers and verify Each user should go through their computers and verify
that all “Sensitive Data” is secure using the PSAPthat all “Sensitive Data” is secure using the PSAP
Computer Security ChecklistComputer Security Checklist Prepares user for and Information Security AuditPrepares user for and Information Security Audit
Information Security AuditInformation Security Audit Send follow up email to Business Unit Manager and Send follow up email to Business Unit Manager and
request audit of departmentrequest audit of department
Security Awareness Security Awareness and Training Programand Training Program
Statistics on Lunch and Learn ProgramStatistics on Lunch and Learn ProgramConducted six targeted programs since Conducted six targeted programs since
program inception (January 2006)program inception (January 2006)3 future programs planned3 future programs plannedOver 180 Faculty and Staff have gone through Over 180 Faculty and Staff have gone through
the programthe programLed to the audit of 5 major business unitsLed to the audit of 5 major business units
Information SecurityInformation SecurityAudit ProcedureAudit Procedure
Announcement Letter or Web Audit RequestAnnouncement Letter or Web Audit Request Preliminary ReviewPreliminary Review
Date of Audit, Time, Mgr. uses checklist to choose what should Date of Audit, Time, Mgr. uses checklist to choose what should be audited, and any special detailsbe audited, and any special details
AuditAudit Audit team uses Security Checklist to complete the audit of the Audit team uses Security Checklist to complete the audit of the
selected usersselected users Remote audit of PC’s and Servers conducted using PowerGREPRemote audit of PC’s and Servers conducted using PowerGREP Audit results sent to Mgr. and CIOAudit results sent to Mgr. and CIO
Includes all supporting documentationIncludes all supporting documentation Follow-up ReviewFollow-up Review
EIT conducts follow-up audit on any security issues foundEIT conducts follow-up audit on any security issues found Installation of CyberAngel for users that handle large amounts of Installation of CyberAngel for users that handle large amounts of
sensitive datasensitive data
Information SecurityInformation SecurityAudit ProcedureAudit Procedure
Sample DocumentationSample DocumentationE-mail of Audit ResultsE-mail of Audit ResultsCompiled Security ChecklistCompiled Security ChecklistPowerGREP resultsPowerGREP results
Information SecurityInformation SecurityAudit ProcedureAudit Procedure
Audit Statistics/BenefitsAudit Statistics/BenefitsAudited 5 major business units (including Audited 5 major business units (including
Enrollment Services, EIT, and ERP which Enrollment Services, EIT, and ERP which include 65% of data owners)include 65% of data owners)
Proactively found 108,000 SSN’s in over Proactively found 108,000 SSN’s in over 15,000 documents15,000 documents
Awareness is branching out to other Awareness is branching out to other departmentsdepartments
4 audits in queue4 audits in queue
CyberAngel Security SoftwareCyberAngel Security Software Creates an encrypted drive – preventing unauthorized Creates an encrypted drive – preventing unauthorized
access to files if computer is stolenaccess to files if computer is stolen 8 different available algorithms, including Rijndael-AES 2568 different available algorithms, including Rijndael-AES 256 If an incorrect or no password is given, users don’t see the drive If an incorrect or no password is given, users don’t see the drive
or files stored thereor files stored there HIPAA, GLB, FERPA, and new Sub HB 104 compliantHIPAA, GLB, FERPA, and new Sub HB 104 compliant
Offers Single or Two-Factor AuthenticationOffers Single or Two-Factor Authentication Tracks, Locates and Recovers Lost or Stolen ComputersTracks, Locates and Recovers Lost or Stolen Computers
92% return rate92% return rate CyberAngel Incident Report used to obtain search warrants and CyberAngel Incident Report used to obtain search warrants and
subpoena’ssubpoena’s
CyberAngel Security SoftwareCyberAngel Security Software
Provides “Real-Time” Security for Data Provides “Real-Time” Security for Data and Information Protectionand Information ProtectionProhibits Unauthorized VPN AccessProhibits Unauthorized VPN AccessPrevents Unauthorized Application UsePrevents Unauthorized Application UseLocks Communication PortsLocks Communication PortsSends Notification of Unauthorized Access Sends Notification of Unauthorized Access
CyberAngel Security SoftwareCyberAngel Security Software
Simple and Customizable Login ScreenSimple and Customizable Login Screen
Encrypted “P:\Drive” works like a standard Encrypted “P:\Drive” works like a standard folder, making it easy folder, making it easy for your Staff to usefor your Staff to use
CyberAngel Security SoftwareCyberAngel Security Software 24-hour support hotline and theft reporting – IT 24-hour support hotline and theft reporting – IT
involvement is not necessaryinvolvement is not necessary Customizable hotkey to disable and re-enable Customizable hotkey to disable and re-enable
encrypted driveencrypted drive CyberAngel Configuration ManagerCyberAngel Configuration Manager
Does not have to be installed on machineDoes not have to be installed on machine Create a “Master” password for UniversityCreate a “Master” password for University Assign a different drive letterAssign a different drive letter Change encrypted size of driveChange encrypted size of drive Uninstall and reinstall softwareUninstall and reinstall software User can change passwordUser can change password
CyberAngel Security SoftwareCyberAngel Security Software
Statistics/BenefitsStatistics/BenefitsAlready installed on 125 “data owner” Already installed on 125 “data owner”
machinesmachinesPurchases are being made by the Purchases are being made by the
departmentsdepartments$62.50 for a 5-year license (when 100 – 500 $62.50 for a 5-year license (when 100 – 500
are purchased)are purchased)Discount pricing for students – CyberAngel Discount pricing for students – CyberAngel
assumes all responsibilityassumes all responsibility
PowerGREP SoftwarePowerGREP Software
A powerful Windows grep toolA powerful Windows grep toolAbility to extract statistics and knowledge Ability to extract statistics and knowledge
from log files and large data setsfrom log files and large data setsFind files and information anywhere on a Find files and information anywhere on a
PC or networkPC or networkSimple user interfaceSimple user interfaceFull-featured text and hex built-in editorFull-featured text and hex built-in editor
PowerGREP SoftwarePowerGREP Software
Unique AbilitiesUnique Abilities Search through specific file sectionsSearch through specific file sections Split files into records before searchingSplit files into records before searching Post-process replacement textPost-process replacement text Permanent Undo HistoryPermanent Undo History
CompatibilitiesCompatibilities Perl, Java and .Net compatible regular expressionsPerl, Java and .Net compatible regular expressions Extensive text encoding supportExtensive text encoding support Search through zip archivesSearch through zip archives
PowerGREP SoftwarePowerGREP Software
PowerGREP SoftwarePowerGREP Software
PowerGREP SoftwarePowerGREP Software
Statistics/BenefitsStatistics/BenefitsProactively found 108,000 instances of SSN’s Proactively found 108,000 instances of SSN’s
in first round of auditin first round of auditEasily identify file locations for usersEasily identify file locations for usersUses beyond just PC searchesUses beyond just PC searches80-gig hard drive in just under an hour and 80-gig hard drive in just under an hour and
half (on the network!)half (on the network!)Only $149Only $149
Looking to the FutureLooking to the Future
Likelihood of more rigorous external Likelihood of more rigorous external requirements and more severe penaltiesrequirements and more severe penalties
Expanded auditsExpanded audits Increased faculty awarenessIncreased faculty awarenessMore automation in audit processMore automation in audit processChallenge of providing information to Challenge of providing information to
decision-makers and providing more decision-makers and providing more securitysecurity
SummarySummary
Be proactive and provide leadership – create Be proactive and provide leadership – create your own end user security programyour own end user security program
Promote it across campus – market and Promote it across campus – market and communicatecommunicate
You’ll be happy you did WHEN the next incident You’ll be happy you did WHEN the next incident occursoccurs
Reduce the MTBsFReduce the MTBsF Borrow anything you can from UT – we’re happy Borrow anything you can from UT – we’re happy
to helpto help
Any Questions?Any Questions? Joseph Sawasky: [email protected] Sawasky: [email protected] Melissa Crabtree: [email protected] Melissa Crabtree: [email protected] ““Motivational” backgroundsMotivational” backgrounds
The Sourcefire Computer Security CalendarThe Sourcefire Computer Security Calendar Security Breaches - Privacy Rights ClearninghouseSecurity Breaches - Privacy Rights Clearninghouse
http://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.privacyrights.org/ar/ChronDataBreaches.htm The CyberAngel Inc – The CyberAngel Inc –
http://www.thecyberangel.com/http://www.thecyberangel.com/ PowerGREPPowerGREP
http://www.powergrep.com/http://www.powergrep.com/ UT - Educational and Information Technology UT - Educational and Information Technology
http://www.eit.utoledo.eduhttp://www.eit.utoledo.edu http://www.eitnetwork.utoledo.edu/security.asp http://www.eitnetwork.utoledo.edu/security.asp