UAB IT Security ProgramUAB IT Security Program

Sallie WrightSallie WrightUAB AVP, Information TechnologyUAB AVP, Information Technology

AgendaAgendaUAB Cyber Security Awareness Symposium

October 20, 2009

9:00 – 9:05 Welcome Dr. Doug Rigney, Interim Vice President9:05 – 9:15 Current State of IT Security at UAB Sallie Wright, Assistant Vice President9:15 – 9:20 Recognition of CISSPs Sallie Wright, Assistant Vice President

9:20 – 9:40 Security & EmailJeff Jessee, Asst. Director, Infrastructure Services

9:40 – 10:00 Data Loss/ARRA/HIPAATerrell Herzig, Information Security Officer, HSIS

10:00 – 11:00 Implementing ISO 27001/27002 in Higher Education Tammy Clark, Georgia State11:00 – 11:20 Break

11:20 – 12:00 Dell’s Approach to Enterprise Information SecurityDale Whiteaker-Lewis, Dell IT Security Consultant

12:00 – 12:20 High Performance Computing/caBIGJohn Sandefur, Information Systems ManagerJohn-Paul Robinson, System Programmer Lead

12:20 – 12:40 Break/Lunch12:40 – 1:00 Equipment Surplus Michael Thorn, Information Security Specialist

1:00 – 1:20 Infrastructure SecurityDavid Wolford, Communications Network Specialist

1:20 – 1:40 Encryption & Pod Slurping Sean Maher, Information Security Coordinator1:40 – 2:00 Software Bundles Chris Green, Information Security Specialist2:00 – 2:10 Break2:10 – 2:40 *Security/Forensics Careers - NCFI TBD

2:40 – 3:05 *Safety in Social NetworkingBrandon Cain, Information Security Coordinator

3:05 – 3:30 *Securing Your ComputerBrandon Cain, Information Security Coordinator

3:30 – 3:30 Wrap-up Sallie Wright, Assistant Vice President*of interest to students

UAB Information SecurityUAB Information Security

Mission Protected computing everywhere Support the University’s mission of research,

education and service Objectives

World class security program Recognized as the national leader for excellence in

information assurance across higher education

3

Higher Ed Trends in IT PrioritiesHigher Ed Trends in IT Priorities

1

5

10

IT Priorities at UABIT Priorities at UAB

Security ProgramsSecurity Programs Stages of ExcellenceStages of Excellence

Stage 4

Stage 3

Stage 2

Stage 1

•World Class program•Excellent results

•World Class program•Excellent results

•Advanced security program •Limited fire fighting, most processes in place

•Advanced security program •Limited fire fighting, most processes in place•Basic security

program •Fire fighting with some processes in place

•Basic security program •Fire fighting with some processes in place

•No real security program •Mostly fighting fires

•No real security program •Mostly fighting fires Stages of

Excellence

Stage 1Stage 1

• No real information security Program• Mostly fighting fires

Stage 2Stage 2

• Basic security program• Fire-fighting with some processes in place

• Basic security program• Fire-fighting with some processes in place

Stage 3Stage 3

• Advanced security program

• Limited fire fighting, most processes in place

• Advanced security program

• Limited fire fighting, most processes in place

Stage 4Stage 4

• World Class program • Excellent results

• World Class program • Excellent results

11

IT Security Central ResourcesIT Security Central Resources

14

UAB Security Initiatives 2007-08UAB Security Initiatives 2007-08

15

2008-2009 UAB Security Initiatives2008-2009 UAB Security Initiatives

Accomplishments In Process On the Horizon

Electronic Messaging Security

Research Security Planning

UAB Information Security Enterprise Council

Application Penetration Testing Facility

JRE Upgrades Cell Phone and Removable Media Encryption Deployment

Electronic Media Destruction

2 Factor Authentication IT Technical Coordinators

Forensics Service Center PCI Compliance Policies, policies, policies

Campus Wide Security Training and Certifications

ARRA HIPAA Privacy Breach Notifications

IDM

caBig Security Framework Bundle Images

Laptop Encryption

Security ServicesSecurity Services

Computer Forensics & Investigations Application Penetration Testing Risk Vulnerability Assessments Incident Response Security Planning Security Architecture Electronic Messaging Security Anti-Virus Protection

17

IT Technical CoordinatorsIT Technical Coordinators

Deans appointed IT technical coordinators

Build communications and partnerships with the schools

Ensure coordination of university-wide solutions with school-based initiatives

UAB Computer Incident Response Team membership

Participate in the selection of new UAB-wide solutions

18

UAB Security StatsUAB Security Stats

Computer Forensics

Risk AssessmentsPen Tests

Help TicketsCopyright ViolationsVirus Infections

Information Security CertificationsInformation Security Certifications

CISSP – Certified Information Systems Security Professionals Course attended by 29 participants Testing completed by 26; 2 scheduled for

December Confirmed 15 New CISSP’s across campus

20

UAB Information Security Enterprise UAB Information Security Enterprise CouncilCouncil Purpose

To provide insight into the IT security needs of UAB To assist with ensuring IT security posture

continues to be strengthened across UAB To help identify opportunities to improve IT

security To participate in the review of the IT security plan

and to recommend the priorities for best meeting the information security needs of UAB

Congratulations to….CISSP’sCongratulations to….CISSP’s

Phillip Cotton Ashley Fleming Fran Fabrizio

Chris Green Ed Harris Terrell Herzig

Jerry Lawrence Sean Maher Larry Owen

Rajesh Pillai Brian Rosenow Eric Rzeszut

John Sandefur Dr. Feng Sun Michael Thorn