When the Bits Hit the Fan: Managing Data Security and Privacy Jim Dillon – University of Colorado Jaime Galiano–Georgia Institute of Technology Nancy Krogh – University of North Dakota Copyright Dillon, Galiano & Krogh - 2004. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
31
Embed
When the Bits Hit the Fan: Managing Data Security and Privacy Jim Dillon – University of Colorado Jaime Galiano–Georgia Institute of Technology Nancy Krogh.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
When the Bits Hit the Fan: Managing Data Security and Privacy
Jim Dillon – University of Colorado
Jaime Galiano–Georgia Institute of Technology
Nancy Krogh – University of North DakotaCopyright Dillon, Galiano & Krogh - 2004. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
– Encompass all users– Extend across campus and to agencies outside of the
institution– Include all formats– Recognize this takes place in a climate of rising
expectations for privacy and service and increasing regulation to ensure both.
Effective Strategies Must Include:
• Comprehensive solutions
• Communication
• Identifying Risks
• Establishing priorities
• Making choices
Prevention Strategies
• Control of access to information• Education and training• Policies for security and appropriate use• Technical solutions• Social solutions• Effective communication among IT staff,
data stewards, senior administrators, and users.
Detection Strategies
• Establish priorities
• Include key players in decisions
• Not strictly an IT issue
• Look across media for data storage
• Include all users– And “shadow” users
Response
• Consider proactive response– Understand the risks to the community – Understand the concerns of the community– Develop plans for response before an incident– Respond to these concerns through
prevention and detection.
Response
• Understand range of consequences and ramifications clearly:
• Start with Data Classification & Risk Assessment– Reliance: Data as an ASSET, not Commodity– Regulations, Mandates – Competitive Advantage, New Competitors– Customer Satisfaction (Data Now, but
Privately!)
• Speak the Same Language! Sensitive = ?
Identify (Detect) the Data• Case Study – Audit of an Enterprise
System– Start with Enterprise Data Store– Track Potentially Sensitive Data as it Leaves
the System– Now Follow Through The Next Level – Don’t Stop, We’ve Just Begun …– Estimate Data Distribution
Identify the DataTier 1- Official Record
• Custom I/Fs (APIs)• Standard File Transfers
(FTP)• Batch Processes• Web/4GL I/Fs• Test Copies• Development Copies• Structured Queries,
Reporting Tools• Equipment Disposals
• Official Shadows – Data Warehouses
• Custom Applications (e.g. IDMS, SQL)
• Screen Scrapes, Snapshots
• Printed Output• Integration to other
Enterprise Systems• Backup, Transfer Media• Etc.
Identify the DataTier 2 – Custodians and Approved Shadows
Campus IT ApplicationCampus IT Application 2Directory Creation, UpdateMailing Svcs - Mailings, bulletinsLookup ServicesCampus IT Application - Student ServicesDept. ApplicationDept. Application 2Vendor Application SupportVendor Application SupportVendor Application Support DBStudent Support ApplicationTicketing, Sales, Outward/Public Facing ApplicationsLAB Support ApplicationsCenter/Instittute Support App,DB
SEE PAGE 2
Academic Dept.Academic Dept. 2Academic Dpt. 3Academic Dpt. N
Continuing EdAdministrative Svcs.
Housingetc.
Systems of Record, Green text = Tier 1Owners/Service Providers, Blue text = Tier 2End User Organizations, Red text = Tier 3/n
End User Lookup Data,Limited Data Sets,High Access Levels
Soon to be ProcessedThrough FTP Batch
GREEN : System of Record
BLUE : Authorized Sub-System
RED : End-User Orgs
Identify the DataEx:– Pg. 2 Academic Dept. 1
Academic Dept. 2
Continuing Ed
SERVICES
Housing
AdministrativeSupport
Center/Institute
Services DB - Oracle, 30-40 Users
ERPApplication Access
SQL, IDMS/Query(Direct Query orProgrammed)
Information Warehouse
Flat Files, Spreadsheets(Official Custodian or
Recognized Source, FTP,etc.)
Flat Files Other(Not Tier 1 or Tier 2 source)
- User 1 - Orientation (Orientation - 8000 records)- User 2 - Dean's Office- User 3 - Scholarship Selection- User 4 - Dean's List- User 5 - Mailing Lists, Graduation Invitations.- User 6 - Program Review and Iinvitations- User 7 - Dept. Graduation- User 8 - Newsletter, Announcements- User 9 - Alumni
DatabaseAdministrative ProgramAdministrative Program 2Marketing Data (Resource accessto file share, most dept. users,informal)
ERP Data SetsAggregate Data, 10 Dept. Users
Academic System (Dpt. Users)Access DB (Multiple orgs, Depts.)
System Under Development2 Additional SystemsDynamic Data Link
Admin/Student Svcs Apps, DB5 or 6 Staff
Reservation Sys (> 100 for all)Student Admin DatabaseVendor App. DatabaseDatabaseStudent Service
Systems of Record, Green text = Tier 1Owners/Service Providers, Blue text = Tier 2End User Organizations, Red text = Tier 3/n
Plus Example Individual DataFile Requests
User Organizations(7 of 3000+)
User Systems(and example file requests)
Data Source
?
GREEN : System of Record
BLUE : Authorized Sub-System
RED : End-User Orgs
Identify the Data
• Case Conclusion– 73-77% Administrative Staff, Have Sensitive
Data or Can Obtain Sensitive Data– Assuming Rosters for Academic Staff, 85% or
More Have Data
Signs of Trouble(Sensitive Data Bloat)
• Significant Numbers/Types of Interfaces• Increasing Shadow Systems• Heavy Customization• Web Mining/Hacking Results ( GOOGLE “final grades site:YourU.edu filetype:xls”)
– Johnny (http://johnny.ihackstuff.com/)– SiteDigger (FoundStone) and Athena
• False Data Seeds (Monitor Returns)• Lack of Active Policy• Traffic Analysis, Flowscan Reports, Variances
Control Environment
• Controls: Those Things You Do That Ensure Good Things Happen and Bad Things Don’t
• Environment: The Relative Cultural Strength or Weakness of Controls Throughout All Areas of Your
Institution – “Institutional Will”
Control Environment
• Active Testing (Defined Roles, Audits, etc.)
• Clearly Assigned Data Responsibilities, Affirmation– Owners, Custodians, Users
• Training, To What Staff Level?
• Standards, Policies, Expectations, Clearly Defined Job Responsibilities
Control Environment – Cont…
• Robust AuthN/AuthZ Controls• Active Monitoring (Evidence!)
– Ongoing Data Requirements Gathering– Hot Lines, Feedback Channels
• To Manage Your Sensitive Data and Minimize Unwanted, Unaffordable Data Problems– You Must Know WHAT Data to Control– You Must Identify and Assess Data Risks and
Usage– You Must Monitor for Signs of Trouble– You Must Establish a Healthy Control
Environment, or “Institutional Will”
Response - So what do you do IF after all this…you’re still “hit”?
• Incident Response Procedures• Multi-disciplinary, collaborative group on a
“rapid response” team• Educause ‘03 Presentation: “Damage Control: What to
do when your security incident hits the 6 o’clock news” (http://www.educause.edu/LibraryDetailPage/666&ID=EDU0307)
• GIT Incident Response Collaborative Model (http://www.audit.gatech.edu/IAcollabrative2.pdf)