End User Security Awareness Program University of Toledo Educational and Information Technology Presented by: Interim Chief Information Officer, Joseph

End User Security End User Security Awareness ProgramAwareness Program

University of ToledoUniversity of ToledoEducational and Information TechnologyEducational and Information Technology

Presented by: Interim Chief Information Officer, Joseph SawaskyPresented by: Interim Chief Information Officer, Joseph Sawasky Communications Administrator, Melissa CrabtreeCommunications Administrator, Melissa Crabtree

What’s in an end user security What’s in an end user security program for you?program for you?

Despite IT’s best efforts (firewall, passwords, encryption, Despite IT’s best efforts (firewall, passwords, encryption, directory permissions, anti-virus, anti-spyware, facility controls, directory permissions, anti-virus, anti-spyware, facility controls, video surveillance etc…), one careless or malicious end user video surveillance etc…), one careless or malicious end user can cause major problems for you – it will happen on your can cause major problems for you – it will happen on your campus!campus!

Ensures IT AND end user departments have shared “skin in Ensures IT AND end user departments have shared “skin in the game”the game”

Shows due diligenceShows due diligence Shows IT is proactively addressing area of high potential Shows IT is proactively addressing area of high potential

security risk outside the data centersecurity risk outside the data center It’s relatively cheap It’s relatively cheap You’ll have ready answers when the local media visits and You’ll have ready answers when the local media visits and

when angry students, parents, employees and bosses callwhen angry students, parents, employees and bosses call (and it reduces the chances that the previous bullet will occur!)(and it reduces the chances that the previous bullet will occur!) Steal with pride! That’s what OHECC is for!Steal with pride! That’s what OHECC is for!

““It’s not It’s not ifif it will happen.. it will happen..it’s it’s whenwhen!”!”

Stolen laptop at University of CA, Berkeley causes Stolen laptop at University of CA, Berkeley causes breach of 98,400 SSN’sbreach of 98,400 SSN’s

Hacker comprises security at Boston College, breach of Hacker comprises security at Boston College, breach of 120,000120,000

Dishonest insider at University of Hawaii leaks 150,000 Dishonest insider at University of Hawaii leaks 150,000 SSN’sSSN’s

Ohio Incidents – Closer to HomeOhio Incidents – Closer to Home University of ToledoUniversity of Toledo

Faculty member posts grades and SSN’s of 56 studentsFaculty member posts grades and SSN’s of 56 students Faculty member posts grades and SSN’s of 155 studentsFaculty member posts grades and SSN’s of 155 students 4 stolen laptops breach approximately 2,200 SSN’s4 stolen laptops breach approximately 2,200 SSN’s

Rule of thumb – notification costs ~$2.00 per record Rule of thumb – notification costs ~$2.00 per record compromisedcompromised

Data Source: Privacy Rights Clearninghouse - http://www.privacyrights.org/ar/ChronDataBreaches.htmData Source: Privacy Rights Clearninghouse - http://www.privacyrights.org/ar/ChronDataBreaches.htm

What we’ll talk about todayWhat we’ll talk about today

The University of Toledo – Educational The University of Toledo – Educational and Information Technologyand Information Technology

End User Awareness Training and Best End User Awareness Training and Best Practices “Recommendations”Practices “Recommendations”

Departmental Auditing ProceduresDepartmental Auditing ProceduresCyberAngel and PowerGREPCyberAngel and PowerGREPLooking to the futureLooking to the future

The University of ToledoThe University of Toledo

20,000 Students20,000 Students 2,200 Faculty and Staff2,200 Faculty and Staff 10,000+ computers10,000+ computers Educational and Information TechnologyEducational and Information Technology

79 FTE’s79 FTE’s 1 Full Time Network Security Analyst1 Full Time Network Security Analyst Team created from existing employees for security Team created from existing employees for security

awareness and audit procedureawareness and audit procedure Central Response Unit for security breachesCentral Response Unit for security breaches Provide University-wide information security best practicesProvide University-wide information security best practices Promote Security Awareness and Education of EmployeesPromote Security Awareness and Education of Employees

Security Awareness Security Awareness and Training Programand Training Program

Lunch and Learn ProgramLunch and Learn ProgramThe PresentationThe Presentation

What is Sensitive Information?What is Sensitive Information?Their role and responsibilityTheir role and responsibilityThree methods of security – Physical, Computer, Three methods of security – Physical, Computer,

and Procedural (Social Engineering)and Procedural (Social Engineering)Guidelines for Information Security for Faculty/Staff Guidelines for Information Security for Faculty/Staff

tri-foldtri-foldVideo on Information SecurityVideo on Information Security


Lunch and Learn Program ContinuedLunch and Learn Program ContinuedParticipant’s Next StepsParticipant’s Next Steps

Personal Security Action PlanPersonal Security Action Plan Each user should go through their computers and verify Each user should go through their computers and verify

that all “Sensitive Data” is secure using the PSAPthat all “Sensitive Data” is secure using the PSAP

Computer Security ChecklistComputer Security Checklist Prepares user for and Information Security AuditPrepares user for and Information Security Audit

Information Security AuditInformation Security Audit Send follow up email to Business Unit Manager and Send follow up email to Business Unit Manager and

request audit of departmentrequest audit of department


Statistics on Lunch and Learn ProgramStatistics on Lunch and Learn ProgramConducted six targeted programs since Conducted six targeted programs since

program inception (January 2006)program inception (January 2006)3 future programs planned3 future programs plannedOver 180 Faculty and Staff have gone through Over 180 Faculty and Staff have gone through

the programthe programLed to the audit of 5 major business unitsLed to the audit of 5 major business units

Information SecurityInformation SecurityAudit ProcedureAudit Procedure

Announcement Letter or Web Audit RequestAnnouncement Letter or Web Audit Request Preliminary ReviewPreliminary Review

Date of Audit, Time, Mgr. uses checklist to choose what should Date of Audit, Time, Mgr. uses checklist to choose what should be audited, and any special detailsbe audited, and any special details

AuditAudit Audit team uses Security Checklist to complete the audit of the Audit team uses Security Checklist to complete the audit of the

selected usersselected users Remote audit of PC’s and Servers conducted using PowerGREPRemote audit of PC’s and Servers conducted using PowerGREP Audit results sent to Mgr. and CIOAudit results sent to Mgr. and CIO

Includes all supporting documentationIncludes all supporting documentation Follow-up ReviewFollow-up Review

EIT conducts follow-up audit on any security issues foundEIT conducts follow-up audit on any security issues found Installation of CyberAngel for users that handle large amounts of Installation of CyberAngel for users that handle large amounts of

sensitive datasensitive data


Sample DocumentationSample DocumentationE-mail of Audit ResultsE-mail of Audit ResultsCompiled Security ChecklistCompiled Security ChecklistPowerGREP resultsPowerGREP results


Audit Statistics/BenefitsAudit Statistics/BenefitsAudited 5 major business units (including Audited 5 major business units (including

Enrollment Services, EIT, and ERP which Enrollment Services, EIT, and ERP which include 65% of data owners)include 65% of data owners)

Proactively found 108,000 SSN’s in over Proactively found 108,000 SSN’s in over 15,000 documents15,000 documents

Awareness is branching out to other Awareness is branching out to other departmentsdepartments

4 audits in queue4 audits in queue

CyberAngel Security SoftwareCyberAngel Security Software Creates an encrypted drive – preventing unauthorized Creates an encrypted drive – preventing unauthorized

access to files if computer is stolenaccess to files if computer is stolen 8 different available algorithms, including Rijndael-AES 2568 different available algorithms, including Rijndael-AES 256 If an incorrect or no password is given, users don’t see the drive If an incorrect or no password is given, users don’t see the drive

or files stored thereor files stored there HIPAA, GLB, FERPA, and new Sub HB 104 compliantHIPAA, GLB, FERPA, and new Sub HB 104 compliant

Offers Single or Two-Factor AuthenticationOffers Single or Two-Factor Authentication Tracks, Locates and Recovers Lost or Stolen ComputersTracks, Locates and Recovers Lost or Stolen Computers

92% return rate92% return rate CyberAngel Incident Report used to obtain search warrants and CyberAngel Incident Report used to obtain search warrants and

subpoena’ssubpoena’s

CyberAngel Security SoftwareCyberAngel Security Software

Provides “Real-Time” Security for Data Provides “Real-Time” Security for Data and Information Protectionand Information ProtectionProhibits Unauthorized VPN AccessProhibits Unauthorized VPN AccessPrevents Unauthorized Application UsePrevents Unauthorized Application UseLocks Communication PortsLocks Communication PortsSends Notification of Unauthorized Access Sends Notification of Unauthorized Access


Simple and Customizable Login ScreenSimple and Customizable Login Screen

Encrypted “P:\Drive” works like a standard Encrypted “P:\Drive” works like a standard folder, making it easy folder, making it easy for your Staff to usefor your Staff to use

CyberAngel Security SoftwareCyberAngel Security Software 24-hour support hotline and theft reporting – IT 24-hour support hotline and theft reporting – IT

involvement is not necessaryinvolvement is not necessary Customizable hotkey to disable and re-enable Customizable hotkey to disable and re-enable

encrypted driveencrypted drive CyberAngel Configuration ManagerCyberAngel Configuration Manager

Does not have to be installed on machineDoes not have to be installed on machine Create a “Master” password for UniversityCreate a “Master” password for University Assign a different drive letterAssign a different drive letter Change encrypted size of driveChange encrypted size of drive Uninstall and reinstall softwareUninstall and reinstall software User can change passwordUser can change password


Statistics/BenefitsStatistics/BenefitsAlready installed on 125 “data owner” Already installed on 125 “data owner”

machinesmachinesPurchases are being made by the Purchases are being made by the

departmentsdepartments$62.50 for a 5-year license (when 100 – 500 $62.50 for a 5-year license (when 100 – 500

are purchased)are purchased)Discount pricing for students – CyberAngel Discount pricing for students – CyberAngel

assumes all responsibilityassumes all responsibility

PowerGREP SoftwarePowerGREP Software

A powerful Windows grep toolA powerful Windows grep toolAbility to extract statistics and knowledge Ability to extract statistics and knowledge

from log files and large data setsfrom log files and large data setsFind files and information anywhere on a Find files and information anywhere on a

PC or networkPC or networkSimple user interfaceSimple user interfaceFull-featured text and hex built-in editorFull-featured text and hex built-in editor


Unique AbilitiesUnique Abilities Search through specific file sectionsSearch through specific file sections Split files into records before searchingSplit files into records before searching Post-process replacement textPost-process replacement text Permanent Undo HistoryPermanent Undo History

CompatibilitiesCompatibilities Perl, Java and .Net compatible regular expressionsPerl, Java and .Net compatible regular expressions Extensive text encoding supportExtensive text encoding support Search through zip archivesSearch through zip archives




Statistics/BenefitsStatistics/BenefitsProactively found 108,000 instances of SSN’s Proactively found 108,000 instances of SSN’s

in first round of auditin first round of auditEasily identify file locations for usersEasily identify file locations for usersUses beyond just PC searchesUses beyond just PC searches80-gig hard drive in just under an hour and 80-gig hard drive in just under an hour and

half (on the network!)half (on the network!)Only $149Only $149

Looking to the FutureLooking to the Future

Likelihood of more rigorous external Likelihood of more rigorous external requirements and more severe penaltiesrequirements and more severe penalties

Expanded auditsExpanded audits Increased faculty awarenessIncreased faculty awarenessMore automation in audit processMore automation in audit processChallenge of providing information to Challenge of providing information to

decision-makers and providing more decision-makers and providing more securitysecurity

SummarySummary

Be proactive and provide leadership – create Be proactive and provide leadership – create your own end user security programyour own end user security program

Promote it across campus – market and Promote it across campus – market and communicatecommunicate

You’ll be happy you did WHEN the next incident You’ll be happy you did WHEN the next incident occursoccurs

Reduce the MTBsFReduce the MTBsF Borrow anything you can from UT – we’re happy Borrow anything you can from UT – we’re happy

to helpto help

Any Questions?Any Questions? Joseph Sawasky: [email protected] Sawasky: [email protected] Melissa Crabtree: [email protected] Melissa Crabtree: [email protected] ““Motivational” backgroundsMotivational” backgrounds

The Sourcefire Computer Security CalendarThe Sourcefire Computer Security Calendar Security Breaches - Privacy Rights ClearninghouseSecurity Breaches - Privacy Rights Clearninghouse

http://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.privacyrights.org/ar/ChronDataBreaches.htm The CyberAngel Inc – The CyberAngel Inc –

http://www.thecyberangel.com/http://www.thecyberangel.com/ PowerGREPPowerGREP

http://www.powergrep.com/http://www.powergrep.com/ UT - Educational and Information Technology UT - Educational and Information Technology

http://www.eit.utoledo.eduhttp://www.eit.utoledo.edu http://www.eitnetwork.utoledo.edu/security.asp http://www.eitnetwork.utoledo.edu/security.asp

Documents

End User Security Awareness Program University of Toledo Educational and Information Technology Presented by: Interim Chief Information Officer, Joseph