Joshua Beeman June 18, 2012

Transcription

1 Joshua Beeman June 18, 2012

2 July 16 August 13 September 17 October 8 October 29 (Final Rate Setting) 2

3 Security initiatives Prior projects (FY 11 & FY 12) Current initiatives (FY 13) Trends and strategy (FY 14 and beyond) 3

4 4

5 Key Information Security Initiatives from FY 11 & FY 12 5

6 Information Securityrelated projects and initiatives Development of policy Security consultation, awareness and training Risk assessment, risk management, threat monitoring, and related communications Reporting on events and trends Point of contact and coordination Incident handling, response, investigation and notification 6

7 Computer Security and Awareness Training (CSAT) Program Metrics and Reporting Maturing Risk- Based Program Relevant Policy and Guidance Automated InfoSec Solutions and Repeatable Processes 7

8 Two Factor Identify applications that could benefit from use of two-factor as component of LoA variable Evaluated and drafted white paper on open-source, standardsbased, one-time passcode generators for mobile platforms Border IDS ISC N&T and Information Security evaluated possible border/core IDS vendor solutions and associated network enhancements or modifications Recommended specific border/core product 8

9 Levels of Assurance Developed framework for assigning LoA assertions to PennKey web authentications Wrote draft policy to address how to properly assign, and use, LoA on PennKey protected web-applications Will execute (June 2012) a pilot implementation of LoA on an application with highly sensitive data. 9

10 InCommon Conducted gap analysis to identify changes/ enhancements needed in the IdM environment to meet federation bronze level requirements Cloud Computing Developed processes and tools to help IT staff working with Penn constituents assess the security and privacy posture of 3 rd party hosted services. Completed Cloud Guidance v2 document 10

11 Risk-Based Program Policy and Guidance Education and Awareness Automation and Process Metrics and Reporting Security Liaisons and annual risk report Network IDS Core/Border vendor assessment and recommendation IAM InCommon gap analysis, Two Factor goals Logging and SIEM evaluations (stretch) Cloud, Amazon, SPIA For Vendors, website and toolkits Guidance: Social Media, Mobile device Management (stretch) Peer review of DMCA policy and impact on take-down notices Improving Guest Wireless Access methods Formalize annual CSAT Review and planning (including NCSAM) Continued maturation of Security-SIG; Brochure. Securing the Human Hold InfoSec Panel Anti-spam forum Evaluating REN-ISAC SES Formalize Annual HEOA Review Safe DNS Pilot Continued maturation of incident trend reporting GRADI report automation, Qlikview presentation (stretch) Safe DNS Pilot Findings Report 11

12 12

13 Network Security Tool Appropriately configure and implement Sourcefire intrusion detection system Two-factor Authentication Implement a pilot two-factor service using Google Authenticator and CoSign for individual users who opt in, including the infrastructure for provisioning and management of tokens. 13

14 LoA/InCommon Modifications to Kerberos, CoSign, and other systems necessary to calculate and store password entropy values Cross-ISC team developing a project plan that identifies action items, owners/stakeholders, and timetables for satisfying non-entropy related InCommon Bronze/Silver requirements. Implement one or more expanded pilots of LoA attributes for applications. 14

15 Central AD AuthN/AuthZ Develop a strategy to modernize and extend the ISC KITE Active Directory infrastructure. Leverage PennCommunity for user information, and allow Penn IT units to manage OUs directly. Network segmentation Investigate alternative network topologies and segmentation approaches that may help to enable separable security policies and enforcement approaches. 15

16 Looking Ahead FY 14 & Beyond 16

17 Peer/Industry Directions and Trends Security Liaisons Meetings, Outreach Data Internal SME s Information Security Strategic Planning 17

18 Credential compromise increasing 18

19 Sensitive data exposure Inadvertently or maliciously exposed data online Lost/stolen laptops

20 Emphasis on Automation (including SIEM) Doing more with less requires automation Continuous monitoring

21 Preliminary NSDR Topic recommendations Operating System and Application Software Risks User Accounts and Access Privilege Risks Networking Risks Device (Local and Mobile) Risks Data Risks Organizational Risks 21

22 Preliminary CSAT Topic recommendations Protection of confidential and sensitive data especially with regards to the cloud Securing smartphones and mobile devices Social Engineering 22

23 Assist in the analysis and documentation of mobile device security solutions. Improving automation: Logging service (note also crowd-sourcing) Migration of SafeDNS from pilot to production. DMCA Continue to evaluate and align security program to leverage SIEM tools. 23

24 Assist in the evaluation and promotion of Secure Remote Access solutions Investigate additional opportunities and potential savings for centralized asset management solutions Continual improvement on communications, metrics, and reporting 24

25 Maintaining compliance with Industry standards: PennKey meeting InCommon Bronze and Silver requirements. Continual improvement on monitoring and compliance with regulations (HEOA/DMCA, HIPAA, FERPA, etc.) Continue to support cloud efforts Security reviews/materials to assist with secure usage. Network segmentation Continue to monitor, develop and catalog tools and strategies for handling IPv6 related incidents, including malware and attacks. 25

26 What else should we be considering? 26