Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

The Threat from Within

advertisement 
The Threat from Within
Anne Oribello
Brown University
Anne_Oribello@Brown.Edu
The Threat from Within
• Problems:
– departments want to compete with peers at
other schools to incorporate technology into
their programs
– vendors add web based front ends and insist
users move to that platform for software
support
Threat from Within (cont.)
– Faculty read about new a technology and obtain
it through grant monies or donation
– business units within the university want to be
more accessible by putting data on the Internet
• How many of these activities are being done
securely?
Issues
• Lack of adequate training for some
sysadmins
• Reliance on vendors to properly configure
server
• Pressure to roll out a system by a deadline
• Lack of funding by departments for security
tools
Issues (cont.)
• Lack of understanding of risks and issues by
decision makers
• Security had been viewed as an impediment
to work
• Culture of open access
• Lack of sufficient security staff
Solutions
• Establish realistic policies/guidelines
• Educate the user community on evolving
technologies
• Scan servers
• Perform security reviews
Establish Policies/Guidelines
• Get support from key players
• Establish incentives to conform
– offer centralized services to reduce their work
– establish user groups to develop (human)
network
• Create viable alternative for violators
• Be specific in definition of conformity
• Document dissemination effort
Educate Community
•
•
•
•
Face-to-face training for staff
Technical updates for decision makers
Articles in faculty/staff newsletter
Listserv mailings
(BBoards seem to have lost “favor”)
Scan Servers
• Schedule can depend on criticality of server
– Internet Security Scaner
– hacker tools (i.e. NMAP)
• Isolate moving targets (i.e. students)
Perform Security Reviews
• Offer as a service BEFORE they have an
incident
• Examine data security in entirety
(electronic, printed data, physical)
• Ensure that comments aren’t surprises
• Allow responses from department
• Follow up on progress
The Threat from Within
• Make security support a service
• Give end users the knowledge to have a
secure system
• Begin to change attitudes
• If all else fails, tell them how much it will
cost if there is a breach (time, research
effort, reputation, money)
Helpful URLs
•
•
•
•
•
www.alw.nih.gov/Security/prog-full.html
firosoft.com/security/philez/exploits/any-unix/
insecure.org
www.rootkit.com (WIN environment)
www.sans.org/
Related documents
ex_buisness_expansion
ex_buisness_expansion
Apocalypse Assignment
Apocalypse Assignment
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
RULE
RULE
The foremost goal of the information security function should be to
The foremost goal of the information security function should be to
strategic audit worksheet
strategic audit worksheet
Threats to internal and external validity
Threats to internal and external validity
Possible Midterm Questions
Possible Midterm Questions
Project Approval Criteria / Application Form
Project Approval Criteria / Application Form
Imminent Threat
Imminent Threat
LG Electronics - Software Analysis Course
LG Electronics - Software Analysis Course
PIERCE Behavior Intervention Referral Form
PIERCE Behavior Intervention Referral Form
WHAT DO THREAT LEVELS AND RESPONSE LEVELS MEAN
WHAT DO THREAT LEVELS AND RESPONSE LEVELS MEAN
Organized crime threat assessment variables:
Organized crime threat assessment variables:
UPPER GRAND DISTRICT SCHOOL BOARD 500 Victoria Road North
UPPER GRAND DISTRICT SCHOOL BOARD 500 Victoria Road North
California Code Stalking Statute
California Code Stalking Statute
School Boards Threat/Risk Assessment Notification
School Boards Threat/Risk Assessment Notification
Impact Operations Strategic Interests
Impact Operations Strategic Interests
Statement of Richard Perle Fellow, American Enterprise Institute Before the
Statement of Richard Perle Fellow, American Enterprise Institute Before the
Click to view powerpoint
Click to view powerpoint
Strength Assessment Company C Industry 43
Strength Assessment Company C Industry 43
Managing Risks, Countering Threats: Protecting Critical
Managing Risks, Countering Threats: Protecting Critical
Download
advertisement