it security policies and campus networks the dilemma of translating good security policies to...
TRANSCRIPT
![Page 1: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/1.jpg)
IT Security Policies and Campus Networks
The dilemma of translating good security policies to practical campus networking
Sara McAneneyIT Security OfficerTrinity College Dublin22/05/2007
![Page 2: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/2.jpg)
Overview
• Creating the Security Policy
• The Implementation Dilemma
• What makes the Campus Environment Different?
• The Answer
• Case Study: Trinity College Dublin
![Page 3: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/3.jpg)
Campus Networks and Security
Cultural Resistance
Gradual infiltration
Acceptance
Period of rapid catch up
Maturity?
![Page 4: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/4.jpg)
Policies Implemented 2006
*ECAR – Educause Centre for Applied Research - 2006 IT Security Survey 492 Respondents
![Page 5: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/5.jpg)
Creating the Security Policy
• ISO 27001• Relevant Legislation• Organisational Environment• Identify Assets• Resources E.g. USICA Information
Security Toolkit
![Page 6: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/6.jpg)
Policy
• Main Policy• Supporting policy areas:
–Email–Internet use–System development etc
![Page 7: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/7.jpg)
![Page 8: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/8.jpg)
Implementation….
• Governing Body Approval• Communication to Users• Translation to Operational Procedures• Enforcement
![Page 9: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/9.jpg)
Campus Implementation Difficulties
• Traditional ethos of free & open access to systems and information
• Diverse user base - Admin, teaching, research, grids, commerce, corporations, clubs, societies, college life, public guests
• Complex collaborative arrangements - institutions, individuals and industry
• Need to facilitate the rapid adoption of emerging & often immature technologies
• Diversity and decentralised management…
![Page 10: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/10.jpg)
Traditional Implementation
Management
Area Head Area Head
End User End User
Policy Dissemination
![Page 11: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/11.jpg)
University Structure
• Governing Body
• Committees
• Schools/Faculties
• Admin Areas
• Student Representatives
• Commercial Entities
![Page 12: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/12.jpg)
Governing Body
CommitteesAdmin Body
Academic Body
Admin AreasSchool/Faculty
Campus Company
Research Affiliates
Student Body
Student Society
Student clubs
Committees
User Groups
Committees
User Groups
End User End User
End User End User
End User
![Page 13: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/13.jpg)
Helpful to Focus on Similarities with all Large Networks
• Provide High Quality, Flexible Services
• Protect Confidential data
• Protect against Internal and External Security Threats
• Comply with Legislation
• Contingency and Disaster Recovery Planning
![Page 14: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/14.jpg)
• Despite/Because of complexity and diversity vital to implement IT Security Framework
• Framework which facilitates & protects
Goal
![Page 15: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/15.jpg)
The Answer?• Management Structure - Establish IT Security
Governance/Management Structure
• Involve Stakeholders - Identify key stakeholders and involve in creating policy, encourage ongoing communication.
• High Value Assets - Identify core IT Assets and prioritise
• Segregation - Functional and Security Boundaries
• Flexibility – make provision for high risk activity - Research, new technology etc
![Page 16: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/16.jpg)
Case Study: Trinity College Dublin
• July 2003 - IT Security Policy Approved by College Governing Body
• 2004 - Awareness Exercises- Email, Booklet, website
• 2004-2006 - Translation to Operational procedures
• Ongoing - Adoption of Security Technologies
![Page 17: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/17.jpg)
Security Management System
![Page 18: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/18.jpg)
Implementation- College IT Security Governance
Governing Committee
Autonomous Network
Trinity College
Data Network
Autonomous Network
Local Area IT Support reps
End Users
End User End User
![Page 19: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/19.jpg)
Implementation
• Internal Agreements - Central computing department & local IT interests.
• Regular Communication• Dissemination to IT Administration Staff &
End Users• Adoption of Technologies
![Page 20: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/20.jpg)
Supporting Documentation
• Network Security • Internet Use • Email Use • Authentication/Passwords• Virus and Spam • Software Development • Data Backup • Disaster Recovery • Remote Access • Third Party Access • Legal Compliance Guidelines
![Page 21: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/21.jpg)
Adopting Technologies
• Network Security– VPN, VLANs, Firewall, IDS, NAC,802.1x, guest network services, eduroam
• Host Security– Automatic Updates, Centrally Managed AV
• Enterprise Directory – secure Authentication• Removal Insecure Protocols
![Page 22: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/22.jpg)
Wireless Services
Specialized Research
Specialized Production,
Cash Registers etc
AutonomousNetworks
Student Services
Teaching & General
Research
Central Services
Web, Mail, Proxy etc
Security Boundaries
![Page 23: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/23.jpg)
Assessing the Progress
• Improved communications – move away from duplication of service
• Improved focus – strategic planning• Incident Reporting• Internal Audit – systems, applications,• External Audit• ISO27001 Certification
![Page 24: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/24.jpg)
Future Challenges
• Exploding User Numbers – students/public on network, Guests, Eduroam
• Non traditional networked devices - PDA’s, phones, Xboxes, cameras, CEPOS
• Disappearing Network Boundary• Rapid Adoption New technology • Changing Threat profile• Data privacy concerns – Help users protect their
personal/financial data• More important than ever to deal with these
challenges via a strong IT Security Framework
![Page 25: IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer](https://reader034.vdocuments.mx/reader034/viewer/2022051621/5697bf9d1a28abf838c93f54/html5/thumbnails/25.jpg)
References:
http://www.tcd.ie/itsecurity/policies/index.php
http://www.educause.edu/ecar
http://www.ucisa.ac.uk/