Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Security Roles and Responsibilities Harvard Townsend Interim University IT Security Officer

advertisement 
Security Roles and Responsibilities
Harvard Townsend
Interim University IT Security Officer
harv@k-state.edu
532-2985
College Court 114
Oct 4, 2006
Dept Security Contacts Training
1
E-Mail sent to IT help desk:
“I have spent an unprecedented ammount of money
attending K-State. Some of this money went to
maintaing my e-mail. It is my account. I pay for it.
I should get to make the decisions on when to
change my password. This is a communist policy.
I no longer support you in anything you do. If I
want to let someone hack my account by leaving
my password the same, so be it. That is the beauty
of living in America, CHOICE. You have stolen
my rights. I could not be more furious. This has
gone too far. You people have violated my rights
again and again. I won't stand for it!!! I want to
have control of my own account. This is not nazi
germany, this is not communist china.
Oct 4, 2006
Dept Security Contacts Training
2
I am a grown adult capable of making my own decisions.
Take your mandatory password change and cram it directly
up your communist a….!!! This America, LAND OF THE
FREE AND HOME OF THE BRAVE!!! I should be free to
make my own informed decisions on when and how to
manage my own account and I'm d… sure brave enough to
tell you how obsurd your mandates are!!! Give the students
the responcibility to make our own decisions that effect
ONLY US!!! You should have no say in what I do, or what
I choose not to do. College is the time to learn how to live
effectivly. Who do you think you are? My mom? Are you
gonna be there to hold my hand when things go wrong for
me in the future? Give me a f….. break!!! Remove these
policies, at least for me and anyone else who requests it.
It's my account and I will manage it however I see fit.”
Oct 4, 2006
Dept Security Contacts Training
3
Who is responsible for IT security?
“Security is not just the CIO’s problem; it is
everyone’s problem. And everyone is
responsible for the solution.”
Diane Oblinger
Brian Hawkins
Oct 4, 2006
Dept Security Contacts Training
4
E-Mail sent to IT help desk:
“I have spent an unprecedented ammount of money
attending K-State. Some of this money went to
maintaing my e-mail. It is my account. I pay for it.
I should get to make the decisions on when to
change my password. This is a communist policy.
I no longer support you in anything you do. If I
want to let someone hack my account by leaving
my password the same, so be it. That is the beauty
of living in America, CHOICE. You have stolen
my rights. I could not be more furious. This has
gone too far. You people have violated my rights
again and again. I won't stand for it!!! I want to
have control of my own account. This is not nazi
germany, this is not communist china.
Oct 4, 2006
Dept Security Contacts Training
5
I am a grown adult capable of making my own decisions.
Take your mandatory password change and cram it directly
up your communist a….!!! This America, LAND OF THE
FREE AND HOME OF THE BRAVE!!! I should be free to
make my own informed decisions on when and how to
manage my own account and I'm d… sure brave enough to
tell you how obsurd your mandates are!!! Give the
students the responcibility to make our own decisions that
effect ONLY US!!! You should have no say in what I do,
or what I choose not to do. College is the time to learn how
to live effectivly. Who do you think you are? My mom?
Are you gonna be there to hold my hand when things go
wrong for me in the future? Give me a f….. break!!!
Remove these policies, at least for me and anyone else who
requests it. It's my account and I will manage it however I
see fit.”
Oct 4, 2006
Dept Security Contacts Training
6
I am a grown adult capable of making my own decisions.
Take your mandatory password change and cram it directly
up your communist a….!!! This America, LAND OF THE
FREE AND HOME OF THE BRAVE!!! I should be free to
make my own informed decisions on when and how to
manage my own account and I'm d… sure brave enough to
tell you how obsurd your mandates are!!! Give the students
the responcibility to make our own decisions that effect
ONLY US!!! You should have no say in what I do, or what
I choose not to do. College is the time to learn how to live
effectivly. Who do you think you are? My mom? Are you
gonna be there to hold my hand when things go wrong for
me in the future? Give me a f….. break!!! Remove these
policies, at least for me and anyone else who requests it.
It's my account and I will manage it however I see fit.”
Oct 4, 2006
Dept Security Contacts Training
7
Cyber Security Awareness Month
• Oct. 4 – departmental security contact
training
• IT Tuesday articles
• Promoting the IT security awareness student
video competition
• “Ask a security geek” table in the Union
Oct. 11/18
Oct 4, 2006
Dept Security Contacts Training
8
IT Security Responsibilities
•
•
•
•
•
•
•
•
CIO
IT Security Officer
Network Security analyst
SIRT
Departmental security contact
IT support staff
iTAC
Users
Oct 4, 2006
Dept Security Contacts Training
9
IT Security Responsibilities
•
•
•
•
•
•
•
•
•
CIO
IT Security Officer
Network Security analyst
SIRT
Departmental security contact
IT support staff
iTAC
IRMC
Users
Oct 4, 2006
Dept Security Contacts Training
10
SIRT Responsibilities
•
•
•
•
Proactive, reactive, and advisory roles
Incident response
Coordinate/communicate with college/unit
Request restoration of network access for blocked
computers
• Develop policies, procedures, standards,etc.
• Assist with training, awareness
• And…
Oct 4, 2006
Dept Security Contacts Training
11
IT Security Responsibilities
•
•
•
•
•
•
•
•
•
CIO
IT Security Officer
Network Security analyst
SIRT
Departmental security contact
IT support staff
iTAC
IRMC
Users
Oct 4, 2006
Dept Security Contacts Training
12
Departmental Security Contacts
• Liaison between department and SIRT
• Facilitating:
– Communication, user awareness
– Preventative measures
– Incident response
• Watch block notifications, help remediate
• Stay informed
• Know your SIRT representative
Oct 4, 2006
Dept Security Contacts Training
13
IT Security Responsibilities
•
•
•
•
•
•
•
•
•
CIO
IT Security Officer
Network Security analyst
SIRT
Departmental security contact
IT support staff
iTAC
IRMC
Users
Oct 4, 2006
Dept Security Contacts Training
14
IT Support Staff
•
•
•
•
•
•
Departmental and central IT
Manage technologies
Support users
Implement preventative measures
Implement policies
Assist with incident response
Oct 4, 2006
Dept Security Contacts Training
15
iTAC
•
•
•
•
IT Help Desk
IT Tuesday newsletter
Campus communications
Training
Oct 4, 2006
Dept Security Contacts Training
16
IRMC
• Information Resource Management Council
• Recommend policy
• Process available at
www.k-state.edu/vpast/itpolicies
• VPAST can designate interim policies
Oct 4, 2006
Dept Security Contacts Training
17
Users
• Protect information
– Personal information
– University information
• Protect eID password
• Protect personal computer
• Use good security practices –
www.k-state.edu/infotech/security/basics.html
• Know and follow policies and laws –
www.k-state.edu/vpast/itpolicies
Oct 4, 2006
Dept Security Contacts Training
18
Related documents
IT Security Policies at K-State Harvard Townsend Interim University IT Security Officer
IT Security Policies at K-State Harvard Townsend Interim University IT Security Officer
Max and min 1._________________________
Max and min 1._________________________
Could ERUUF do more/be more if we freed up monthly cash? Would
Could ERUUF do more/be more if we freed up monthly cash? Would
Download
advertisement