OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT

ISA – February 4, 2015

Security realities and trends

• Higher Ed = Target Rich Environment

• “BYOD / IOE”

• Evolving threat landscape – i.e. ransomware

• Encryption becomes the standard

• Attack surfaces/exploits for mobile devices are on the rise

• Cyber-Espionage continues trending up

• Weak (and reused) Passwords

• Networks and users lack the basics

Our Goals

• Ensure a safe and secure online environment for OU

• Be operationally relevant and enable the business

• Provide excellent customer service

• Lead a collaborative and innovative OU information

security community

• Partner to educate and raise security awareness

across the University

Background

• Our Team– 12 full time + 1 student

• Multiple vacancies posted on jobs.ou.edu

– Two Teams• IT Risk, Compliance & Awareness

• Information Security Operations

• About Me– 10+ years in information security

• 7+ at the National Security Agency / 3+ at the US Naval Academy’s non-profits

• Everything from high level strategy development to program management for crypto certification/security engineering to running an operational network and hands on with all security capabilities

– US Naval Academy / Johns Hopkins University grad

– Navy NFO stationed at Tinker AFB from 2000-2004

– Started at OU in Nov 2014

IT Risk, Compliance, & Awareness

• IT Risk & Architecture– Performs risk assessments in coordination with the IS Operations Team

– Recommends security technologies for use within the OU IT enterprise

– Supports the remediation of risk/vulnerability findings within OU IT networks

• Compliance (PCI, HIPAA, FERPA, etc)– Leads PCI (and other standards) risk assessments for Norman and OU IT

architectures as required

• Security Training and Awareness– Develops and execute an ongoing campus-wide training and awareness program for

various groups of stakeholders (online & offline)

– Internal / External facing online presence for security

• IT Security Policy– Maintains policy repository (online)

– Develops draft policy as required

– Represents Norman in security policy development, discussion, adjudication at the working level

Information Security Operations

• OU Computer Security Incident Response Team (CSIRT)– Maintains a common operational security picture via an establish network security

monitoring infrastructure for the Norman campus and Norman data/assets within S2 -> evolves into OU CSIRT

– Responds to security incidents as appropriate

– Makes recommendations to forensics for additional investigation when appropriate

• Forensics– Conducts forensic investigations as requested

– Maintains the Computer Forensics Lab (CFL)

• Vulnerability Analysis– Conducts network vulnerability analysis (blue team/red team) as required/requested for OU

IT

– Develops a standard tool suite for vulnerability analysis and penetration testing

– Assists with compliance assessments (technical, PCI scans, etc)

• Security Engineering– Identifies, assesses, and implements tools and security capabilities for integration into the

OU IT network architecture

– Assists with the technical remediation of findings from risk/vulnerability assessments

Stop. Think. Connect.

• Stop: Before you use the Internet, take time to understand

the risks and learn how to spot potential problems

• Think: Take a moment to be certain the path ahead is

clear. Watch for the warning signs and consider how your

actions online could impact your safety, or your family’s.

• Connect: Enjoy the Internet with greater confidence,

knowing you’ve taken the right steps to safeguard yourself

and your computer

Tips & Advice

• Keep a Clean Machine

• Protect Your Personal Information

• Connect with Care

• Be Wise Web

• Be a Good Online Citizen

Keep a Clean Machine

• Keep security software current

• Automate software updates

• Protect all devices that connect to the

Internet

• Plug & scan

Protect Your Personal Information

• Secure your accounts (2-factor)

• Make passwords long and strong

• Unique account, unique password

• Write it down and keep it safe

• Own your online presence

• Mobile – Use a strong passcode to lock your phone

• Mobile – Think before you app

• Mobile – Online give your mobile number out to people you know and trust

• Mobile – Learn how to disable the geo-tagging feature on your phone

– http://icanstalku.com/how.php#disable

Connect with Care

• When in doubt, throw it out

• Get savvy about Wi-Fi hotspots

• Protect your $$

• Mobile – When it doubt, don’t respond

Be Web Wise

• Stay current. Keep pace with new ways to

stay safe online

• Think before you act

• Back it up

• Mobile - Know how to cell block others

Be a Good Online Citizen

• Safer for me more secure for all

• Post only about others as you have them

post about you

• Help authorities fight cyber crime

– www.ic3.gov (Internet Crime Complaint Center)

Questions?

• Ken Kurz, Director, Information Security & Risk Management– [email protected]– 405-325-6441

• Incidents / Security Questions– [email protected] / [email protected]– CSIRT Hotline – 405-325-7258

• Online Resources– www.stopthinkconnect.org– https://www.us-cert.gov/– http://www.sans.org/tip_of_the_day.php