2012 Risk Assessment Workshop

Transcription

1 2012 Risk Assessment Workshop Agenda Risk Assessment Strategy for Texas State Device Registration Application Risk Assessment using ISAAC Review Server Management responsibilities 1

2 Risk Assessment Strategy at Texas State What s happening in 2012 Device Registration ISAAC (Information Security Awareness, Assessment, and Compliance) minor modifications Penetration Testing by IT Security Core Impact, open source tools, 3 rd party assessment Confidential Information Discovery Identity Finder Firewall exception process - new Risk Assessment Strategy at Texas State Results from 2011 Review trend data 2

3 ISAAC Risk Assessment what s new Modified questions reflecting the updated TAC 202 Using the Template method for your ISAAC assessment again this year Device Registration Device Registration application Secure application (HTTPS) Search feature Activate/Inactivate feature 3

4 ISAAC ISAAC Assess Texas Administration Code (TAC) 202 compliance Accepted method for conducting risk assessment Risk Assessment Checklist Update Device Registration Make sure all current devices registered for your department are active Update ISAAC Registration Open your 2012 assessment templates Review questions in ISAAC and mark complete 4

5 Server Management Responsibilities Policies UPPS Security policy UPPS Server Management 09.html DIR Requirements annual risk assessment Confidential information handling Disposal of electronic media Risk Assessments and Compliance Annual process for all servers Servers are considered devices that offers services to other computers such as: Web and secure-web services (http, https) File sharing services and secure print servers (devices storing confidential data) Completed by Data Custodian (sysadmin) and Data Owner Other compliance issues PCI, HIPAA 5

6 Services and Protocols Services that are not required for the server to meet its mission must be disabled whenever the server is connected to the university network Demonstrate how to disable services and protocols in Windows Server 2008 Services and Protocols 6

7 User Account Management Demonstrate disabling, renaming, deleting user accounts in Windows Server 2008 Managing passwords User Account Management 7

8 Windows Permissions Share Permissions Security Permissions Security permissions are more granular permissions on the folders and files inside the share Beware "Inherit Permissions" Intrusion Protection Anti-virus Network IPS Host-based firewalls Tipping Point and Palo Alto Special reports available 8

9 Event Log Management and Notification Backup and Recover Data Center backup Windows server backup 9

10 Logon Banner Configuration Demo OS and Anti-Virus Updates In general, vulnerability patches should be applied within 72 hours Anti-virus protection for servers Configure for automatic updates from antivirus server 10

11 Physical Security Environmental monitoring Physical access controls: Escorts Video monitoring Card reader access Theft protection Remote Access Encryption Virtual Private Network Available to all University faculty and staff Secure remote access from public networks 11

12 Centrally Managed Services Security incident management Report suspected incidents to IT Security Penetration testing and vulnerability scanning and VPN Perimeter firewalls Data Center consolidation Secure grant data storage File share cluster Backup and recovery SCCM Hands-On Device Registration And ISAAC Assessment 12

13 Tools and References IT Security Website SANS Security Checklists Open source tools for web site scanning OWASP project Security Configuration Benchmarks (CIS) Microsoft Security Baseline Analyzer (MSBA) microsoft.com/technet/security/tools/mbsahom e.mspx Nmap for Windows (nmap.org) Windows Defender Sysinternals Identity Finder Q & A 13