security and privacy policy the world has changed! common solutions group jack mccredie january 9,...

12
Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Upload: marjory-flynn

Post on 16-Jan-2016

213 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Security and Privacy PolicyThe World Has Changed!

Common Solutions GroupJack McCredie

January 9, 2004

Page 2: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

AgendaShare Progress & Request HelpSecurity and privacy policy framework at UCRecommended policy structure & processSpecter of emerging legislation

- Illustration: CA SB-1386Security policy evolution at UC Berkeley

- Illustration: minimum security standards policy

Request for help – are we nuts?

Page 3: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Recommended structurePurposeScopePolicyRoles and responsibilitiesConsequencesRequests for exceptionAppendices that can be easily modifiedSet of standing committees to contribute and review, and approveCommunicate, communicate, communicate

Page 4: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

University-wide policies

Campus-wide policies

Information technology policies

Security & Privacy Policies

Page 5: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

System & campus-wide policies

• UC Electronic Communications Policyhttp://www.ucop.edu/ucophome/policies/ec/html/

• UC Business and Finance Bulletin IS-3http://www.ucop.edu/ucophome/policies/bfb/bfbis.html

• Guide to Administrative Responsibilitieshttp://controller-fs.vcbf.berkeley.edu/TableofContents. html

Page 6: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Information Technology Policies

• Requirements for Protection of Computerized Personal Information (Implementation of SB 1386)http://socrates.berkeley.edu:7015/protected.data.html

• Guide to Selected Privacy and Confidentiality Regulationshttp://socrates.berkeley.edu:7015/privacy/guidelines.html

• Guidelines for Use of Campus Network Data Reportshttp://security.berkeley.edu:2002/CISC/gdlns.net.data.html

Page 7: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Security and Privacy Policies

• Campus Information Technology Security Policyhttp://socrates.berkeley.edu:2002/IT.sec.policy.html

• Minimum Security Standardshttp://socrates.berkeley.edu:2002/MinStds/policy.htm

• SNS Scanning of the UC Berkeley Campus Networkhttp://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/

Page 8: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Security and Privacy Policies

• Departmental Security Contact Policyhttp://socrates.berkeley.edu:2002/contacts.html

• Guidelines and Procedures for Blocking Network Accesshttp://socrates.berkeley.edu:2002/blocking.html

• IT Security “Best Practices”http://socrates.berkeley.edu:2002/bestpractices.html

Page 9: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Specter of emerging legislation

• Illustrative law: California SB 1386

• UC Berkeley incidents since July 1, 2003

• Campus and system-wide response

Page 10: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Policy Evolution:Have we gone over the top?

• UC electronic communications policy• Departmental security contact• Guidelines and procedures for blocking network access• Campus IT security policy• Requirements for protection of computerized personal information

• SNS Scanning of the UCB campus network

• Required minimum security standards

Page 11: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Required minimum security standards

• Software patch updates• Anti-virus software• Passwords• No unencrypted authentication• No unauthenticated email relays• No unauthenticated proxy servers• Physical security• Unnecessary services• HOST-BASED FIREWALL SOFTWARE REQUIRED

Page 12: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004

Are We Nuts?

• Questions and discussion