uab it security program sallie wright uab avp, information technology
TRANSCRIPT
UAB IT Security ProgramUAB IT Security Program
Sallie WrightSallie WrightUAB AVP, Information TechnologyUAB AVP, Information Technology
AgendaAgendaUAB Cyber Security Awareness Symposium
October 20, 2009
9:00 – 9:05 Welcome Dr. Doug Rigney, Interim Vice President9:05 – 9:15 Current State of IT Security at UAB Sallie Wright, Assistant Vice President9:15 – 9:20 Recognition of CISSPs Sallie Wright, Assistant Vice President
9:20 – 9:40 Security & EmailJeff Jessee, Asst. Director, Infrastructure Services
9:40 – 10:00 Data Loss/ARRA/HIPAATerrell Herzig, Information Security Officer, HSIS
10:00 – 11:00 Implementing ISO 27001/27002 in Higher Education Tammy Clark, Georgia State11:00 – 11:20 Break
11:20 – 12:00 Dell’s Approach to Enterprise Information SecurityDale Whiteaker-Lewis, Dell IT Security Consultant
12:00 – 12:20 High Performance Computing/caBIGJohn Sandefur, Information Systems ManagerJohn-Paul Robinson, System Programmer Lead
12:20 – 12:40 Break/Lunch12:40 – 1:00 Equipment Surplus Michael Thorn, Information Security Specialist
1:00 – 1:20 Infrastructure SecurityDavid Wolford, Communications Network Specialist
1:20 – 1:40 Encryption & Pod Slurping Sean Maher, Information Security Coordinator1:40 – 2:00 Software Bundles Chris Green, Information Security Specialist2:00 – 2:10 Break2:10 – 2:40 *Security/Forensics Careers - NCFI TBD
2:40 – 3:05 *Safety in Social NetworkingBrandon Cain, Information Security Coordinator
3:05 – 3:30 *Securing Your ComputerBrandon Cain, Information Security Coordinator
3:30 – 3:30 Wrap-up Sallie Wright, Assistant Vice President*of interest to students
UAB Information SecurityUAB Information Security
Mission Protected computing everywhere Support the University’s mission of research,
education and service Objectives
World class security program Recognized as the national leader for excellence in
information assurance across higher education
3
Higher Ed Trends in IT PrioritiesHigher Ed Trends in IT Priorities
1
5
10
IT Priorities at UABIT Priorities at UAB
Security ProgramsSecurity Programs Stages of ExcellenceStages of Excellence
Stage 4
Stage 3
Stage 2
Stage 1
•World Class program•Excellent results
•World Class program•Excellent results
•Advanced security program •Limited fire fighting, most processes in place
•Advanced security program •Limited fire fighting, most processes in place•Basic security
program •Fire fighting with some processes in place
•Basic security program •Fire fighting with some processes in place
•No real security program •Mostly fighting fires
•No real security program •Mostly fighting fires Stages of
Excellence
Stage 1Stage 1
• No real information security Program• Mostly fighting fires
Stage 2Stage 2
• Basic security program• Fire-fighting with some processes in place
• Basic security program• Fire-fighting with some processes in place
Stage 3Stage 3
• Advanced security program
• Limited fire fighting, most processes in place
• Advanced security program
• Limited fire fighting, most processes in place
Stage 4Stage 4
• World Class program • Excellent results
• World Class program • Excellent results
11
IT Security Central ResourcesIT Security Central Resources
14
UAB Security Initiatives 2007-08UAB Security Initiatives 2007-08
15
2008-2009 UAB Security Initiatives2008-2009 UAB Security Initiatives
Accomplishments In Process On the Horizon
Electronic Messaging Security
Research Security Planning
UAB Information Security Enterprise Council
Application Penetration Testing Facility
JRE Upgrades Cell Phone and Removable Media Encryption Deployment
Electronic Media Destruction
2 Factor Authentication IT Technical Coordinators
Forensics Service Center PCI Compliance Policies, policies, policies
Campus Wide Security Training and Certifications
ARRA HIPAA Privacy Breach Notifications
IDM
caBig Security Framework Bundle Images
Laptop Encryption
Security ServicesSecurity Services
Computer Forensics & Investigations Application Penetration Testing Risk Vulnerability Assessments Incident Response Security Planning Security Architecture Electronic Messaging Security Anti-Virus Protection
17
IT Technical CoordinatorsIT Technical Coordinators
Deans appointed IT technical coordinators
Build communications and partnerships with the schools
Ensure coordination of university-wide solutions with school-based initiatives
UAB Computer Incident Response Team membership
Participate in the selection of new UAB-wide solutions
18
UAB Security StatsUAB Security Stats
Computer Forensics
Risk AssessmentsPen Tests
Help TicketsCopyright ViolationsVirus Infections
Information Security CertificationsInformation Security Certifications
CISSP – Certified Information Systems Security Professionals Course attended by 29 participants Testing completed by 26; 2 scheduled for
December Confirmed 15 New CISSP’s across campus
20
UAB Information Security Enterprise UAB Information Security Enterprise CouncilCouncil Purpose
To provide insight into the IT security needs of UAB To assist with ensuring IT security posture
continues to be strengthened across UAB To help identify opportunities to improve IT
security To participate in the review of the IT security plan
and to recommend the priorities for best meeting the information security needs of UAB
Congratulations to….CISSP’sCongratulations to….CISSP’s
Phillip Cotton Ashley Fleming Fran Fabrizio
Chris Green Ed Harris Terrell Herzig
Jerry Lawrence Sean Maher Larry Owen
Rajesh Pillai Brian Rosenow Eric Rzeszut
John Sandefur Dr. Feng Sun Michael Thorn