SecureCarolina Update March 19, 2015 Agenda • SecureCarolina Overview • SecureCarolina Endpoint Strategy – – – – – – – – Information Security Program (ISP) Updates Endpoint Management Platform Symantec Data Loss Prevention (DLP) Mandiant Intelligent Response (MIR) WinMagic Whole Disk Encryption (WDE) Microsoft OneDrive for Business DUO Security Multi-­‐Factor Authentication (MFA) Security Training and Awareness • SecureCarolina Data Analytics (time permitting) SecureCarolina Project Summary SecureCarolina is a comprehensive series of projects focused on improving the state of Information Security and Privacy at the University of South Carolina by establishing a top-­‐down security framework that will integrate security and privacy measures throughout all IT environments of the University of South Carolina system. The framework is three-­‐fold: Policies, Organization and Technology. Project approved by Board of Trustees and funded through OneCarolina CISO Co-­‐Sponsor 2 Year Project Term 4 Project Impact Areas Budget Chief Auditor Co-­‐Sponsor One time ~$1,600,000 Recurring ~$1,048,000 15 Project Goals 8 Sub-­‐projects SecureCarolina Impact Areas Reduce the risk of exposure of the sensitive data of University affiliates, including faculty, staff, students, patients, donors and others. Reduce the risk of system compromises that Interfere with the work of faculty, staff and students, allow sensitive data exposure, allow illegal activity by criminals. Establish an IT Audit capability Reduce the financial and reputational risks to the University from sensitive data breaches SecureCarolina Impact Areas Audit & Advisory Services Pam Doran Reduce the risk of exposure of the sensitive data of University affiliates, including faculty, staff, students, patients, donors and others. Reduce the risk of system compromises that Interfere with the work of faculty, staff and students, allow sensitive data exposure, allow illegal activity by criminals. Establish an IT Audit capability IT Auditors Roscoe Patterson Richard Stingel Reduce the financial and reputational risks to the University from sensitive data breaches SecureCarolina Sub-­‐Projects 1. Establish an Information Security and Privacy Policy Framework (Policy, Standards, Guidelines and Procedures) 2. Develop a Strategy for Identifying Significant IT Risk in the University Annual Audit Plan 3. Implement Proactive Scanning and Monitoring for Critical Systems and Processes 4. Implement End Point Protection 5. Develop a Strategy for Implementing Centralized Identity and Access Management 6. Establish Data Access Operational Controls for Enterprise Data Sources 7. Develop an Information Security Plan for each University unit not sufficiently addressed by University level procedures 8. Develop a Strategy for Supporting Information Security Regulatory Compliance in Research Protection from what? http://www.verizonenterprise.com/DBIR/ “…focus on the wide gap between percentages for the two phases. It smacks us with the fact that the bad guys seldom need days to get their job done, while the good guys rarely manage to get theirs done in a month of Sundays. The trend lines follow that initial smack with a roundhouse kick to the head. They plainly show that attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade. This doesn’t scale well, people.” SecureCarolina Tools & Technologies SSL VPN Symantec Data Loss Prevention RSA Net Witness OSSEC MSFT Enhanced Mitigation Experience Toolkit IBM UEM Mandiant Intelligent Response Accellion Secure File Transfer BRO NESSUS Symantec Endpoint Protection AD Group Policy Securing The Human Symantec ITMS Suite NMAP DUO Security SNORT App Locker WinMagic SecureDocs WDE MSFT OneDrive for Business Alien Vault SecureCarolina Implementation SecureCarolina Endpoint Controls Enterprise Security Controls 5 Implement additional security controls for “high risk” endpoints/users 4 3 2 1 RSA NetWitness Alien Vault SIEM Nessus & NMAP WinMagic Whole Disk Encryption MSFT OneDrive for Business DUO Security MFA Analyze agent data to identify “high risk” endpoints/users (Secure File Sharing) Endpoint Data Deploy REQUIRED endpoint agents to university Faculty/Staff Symantec Endpoint Protection Establish platform to distribute and manage endpoint agents IBM Unified Endpoint Management Develop policies & standards that established required controls Symantec Data Loss Prevention “High Risk” vs. “Low Risk” Mandiant Intelligent Response USC Software Distribution Required & Managed Security Awareness & Training 6 Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls Ad-­‐hoc Self Service UTS Managed Desktops SLA OR OU Managed Desktops OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Controls Enterprise Security Controls 1 Develop policies & standards that established required controls Departmental Security Controls Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Policy Framework ISP University 1.50 Federal Laws State Laws Industry Regulations Best Practices Deloitte Consulting, LLC South Carolina Division of Information Security Policies IT 3.0 • • • • • • • Establishes data classification Establishes data trustees Establishes data stewards Assigns VP/CIO responsibility Establishes DAAC Establishes OU management and end-­‐ user responsibilities • • • • Assigns UISO responsibility for ISP Assigns UISO responsibility for incident management Requires OU to designate security liaison Requires users to report compromises Authorizes UISO to disconnect systems for failure to comply with ISP and/or compromised Policies & Standards Procedures Guidelines https://security.sc.edu ISP: New/Updated Components • 901.3 Sensitive Data Security Procedures -­‐ Updates ISP – Auditing Systems and Media for Sensitive Data » Added 1.1.8 – Requires DLP & MIR agents as a detective controls on all systems – Storing Sensitive Data Policies & Standards » Added 1.10.5 – Requires whole disk encryption on systems with restricted data, recommended on all systems – User Authorization and Access Restrictions Procedures » Added 2.3.9 -­‐ Requires multi-­‐factor authentication on systems with restricted data, recommended on all systems (where feasible). • 901.1 Procurement and Contracts Procedure – Updates – Data Security Contract Addendum Guidelines » Modify definition of “covered data and information” to expand scope beyond current focus on student education record information. • Vulnerability Management Standard – New • Data Loss Prevention Operation Standard -­‐ New ISP: Vulnerability Management Standard • (NEW) -­‐ Vulnerability Management Standard – The standard establishes a framework for identifying and promptly remediating vulnerabilities that could impact the university’s information, systems, or services. – Applies to all university owned IT assets that transmit, process, store or access university data. – UISO to perform regular (~monthly) scans and notify via ServiceNow ticket – Devices not in compliance will be removed from the network – Exceptions must be approved by Data Steward and CIO, DCIO, or CISO – Establishes standard response times based on CVSS score as follows Priority CVSS Score Standard Response Critical 9.0 and higher <= 5 business days High 7.5 to 8.9 <= 2 weeks Moderate/Low 7.4 and lower <= 1 month SecureCarolina Policy Framework ISP University 1.50 Federal Laws State Laws Industry Regulations Best Practices Deloitte Consulting, LLC South Carolina Division of Information Security Policies IT 3.0 • • • • • • • Establishes data classification Establishes data trustees Establishes data stewards Assigns VP/CIO responsibility Establishes DAAC Establishes OU management and end-­‐ user responsibilities • • • • Assigns UISO responsibility for ISP Assigns UISO responsibility for incident management Requires OU to designate security liaison Requires users to report compromises Authorizes UISO to disconnect systems for failure to comply with ISP and/or compromised Policies & Standards Procedures Guidelines https://security.sc.edu List of Policies: • Master Policy • Asset Management Policy • Data Protection and Privacy Policy • Access Control Policy • Info. Systems Acquisitions Development and Maint. Policy • Threat Vulnerability Management Policy • Business Continuity Management Policy • IT Risk Strategy Policy • Mobile Security Policy • Human Resources and Security Awareness Policy • Physical Environmental Security Policy • Risk Management Policy • IT Compliance Policy Data Classification: • Public • Internal Use • Confidential • Restricted WHY IS THE COMPARISON TO THE STATE IMPORTANT 101.32. (BCB: Cyber Security) All state agencies must adopt and implement cyber security policies, guidelines and standards developed by the Division of State Technology. The Division of State Technology may conduct audits on state agencies except public institutions of higher learning, technical colleges, political subdivisions, and quasi-­‐governmental bodies as necessary to monitor compliance with established cyber security policies, guidelines and standards. Upon request, public institutions of higher learning, technical colleges, political subdivisions, and quasi-­‐governmental bodies shall submit sufficient evidence that their cyber security policies, guidelines and standards meet or exceed those adopted and implemented by the Division of State Technology. In addition, while agencies retain the primary responsibility and accountability for ensuring responses to breach incidents comply with federal and state laws, the Division of State Technology shall be informed of all agency cyber security breaches, and is authorized to oversee incident responses in a manner determined by the Division of State Technology to be the most prudent. Upon request of the Division of State Technology for information or data, all agencies must fully cooperate with and furnish the Division of State Technology with all documents, reports, assessments, and any other data and documentary information needed by the Division to perform its mission and to exercise its functions, powers and duties. The Judicial and Legislative Branches are specifically exempt from the requirements set forth herein. http://www.scstatehouse.gov/sess120_2013-­‐2014/appropriations2014/tap1b.pdf Security Program: Future Plans • Major revision to ISP – Integrate new data classification schema – Align w/ SC DIS Policies (13) – Tighter integration with NIST risk management framework – Simplification of language – Provide additional tools (e.g. templates, guidelines, etc.) SecureCarolina Endpoint Controls Enterprise Security Controls 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls IBM Unified Endpoint Management USC Software Distribution Departmental Security Controls OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Management • UTS Standardizing on IBM Unified Endpoint Management (formerly “BigFix”), deployed to support decentralized administration. • Requires purchase of client licenses and potentially a relay server for solution. • Interested departments should contact UTS for further discussion on features, functionality, and process for implementation. SecureCarolina Endpoint Controls Enterprise Security Controls 3 Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Departmental Security Controls Symantec Endpoint Protection IBM Unified Endpoint Management USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures Symantec Endpoint Protection Symantec Endpoint Protection Technology Overview An integrated set of tools used to protect endpoints by providing five layers of protection (i.e. network, file, reputation, behavior, and repair). Availability Details Licensed for all university owned systems. The cost is centrally funded. Implementation Benefits Helps prevent, detect, and remove viruses and malware. Distribution Methods IBM UEM for SLA Software Distribution Supported Endpoints Windows XP to current, Mac OSX 10.6.8 to current, Windows Server 2K3 R2 to current, and Linux. Additional Information Symantec Data Sheet or UTS Service Desk SecureCarolina Endpoint Controls Enterprise Security Controls 3 Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Symantec Endpoint Protection IBM Unified Endpoint Management Departmental Security Controls Symantec Data Loss Prevention USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures Symantec Data Loss Prevention Symantec Data Loss Prevention Technology Overview Symantec DLP is an agent-­‐based tool for discovering restricted data (credit card information, social security numbers and bank routing numbers) Availability Details* Licensed for all university owned systems. The cost is centrally funded. * Console access requires mandatory training & executive approval Implementation Benefits It will be useful to the university in locating restricted data on servers and workstations in order to implement the proper steps to mitigate data loss and prevent a possible breach notification Supported Endpoints Windows 7 Enterprise, Professional or Ultimate w/SP1 (32/64 bit) Windows 8-­‐8.1 Update 1 Enterprise (64 bit) Apple Mac OS X 10.8, 10.9 (64 bit) Windows Server 2003 w/SP2 or R2 (32 bit) Windows Server 2008 Enterprise R2 (64 bit) Distribution Methods Additional Information IBM UEM for SLA IT Managers Website Software Distribution ServiceNow Knowledgebase * Console access requires mandatory training & executive approval Security Website ITMS on March 23, 2015 Symantec Data Loss Prevention • Central aggregation of reports • Management Console Access Prerequisites – – – – Standard machine name prefixes (i.e. COUTSD, COUSHS, COPSYC, UP-­‐) Static IP address Training class & workflow Authorization from Executive Management • OU security liaisons will have access to results • DLP Operation Standard establishes workflow Symantec DLP Training Classes • Register for a training class via opening a ServiceNow ticket. • Attendance is required before access to the management console is enabled. • • • • • • • • • • Tuesday March 31 Thursday April 2 Tuesday April 7 Friday April 10 Monday April 20 Wednesday April 22 Tuesday May 5 Wednesday May 6 Monday May 18 Tuesday May 26 2pm-­‐3pm 10am-­‐11am 2pm-­‐3pm 10am-­‐11am 2pm-­‐3pm 10am -­‐11am 10am – 11am 2pm – 3pm 2pm-­‐3pm 2pm-­‐3pm ISP: DLP Operation Standard SecureCarolina Endpoint Controls Enterprise Security Controls 3 Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention Departmental Security Controls Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures Mandiant Intelligent Response Technology Overview Agent-­‐based technology that allows the UISO to more quickly investigate systems and find malware. Availability Details Available Now. Licensed for 10k endpoints Implementation Benefits Quickly respond to infected computers and detected advanced attackers. Supported Endpoints Windows. Mac and Linux coming later 2015. Distribution Methods IBM UEM for SLA Additional Information ITMS on March 23, 2015 ServiceNow Knowledgebase Software Distribution SecureCarolina Endpoint Controls Enterprise Security Controls Departmental Security Controls UTS Managed Desktops SLA 3 Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Controls Enterprise Security Controls 4 Analyze agent data to identify “high risk” endpoints/users 3 Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls UTS Managed Desktops SLA Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention Departmental Security Controls OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Controls Enterprise Security Controls 4 3 Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention Departmental Security Controls “High Risk” vs. “Low Risk” UTS Managed Desktops SLA OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Controls Enterprise Security Controls Departmental Security Controls ~ June 5 4 3 Implement additional security controls for “high risk” endpoints/users WinMagic Whole Disk Encryption Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention “High Risk” vs. “Low Risk” UTS Managed Desktops SLA OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures WinMagic SecureDoc WDE • • • • • • • Required for workstations that store restricted data, recommended for all Works for Windows & Mac OSX Infrastructure built, package deployed to pilot group in UTS Plan to offer two initial policies (Auto-­‐boot and Pre-­‐boot Authentication) Plan to deploy to desktop SLA first to confirm functionality and deployment, then make available to rest of university. Network Managers will be provided OU specific custom installation packages, solution designed to enable decentralized administration. Goal for general availability -­‐ June 2015 Device Compatibility: http://www.winmagic.com/device-­‐compatibility SecureCarolina Endpoint Controls Enterprise Security Controls 5 4 3 Implement additional security controls for “high risk” endpoints/users ~ June ~ June WinMagic Whole Disk Encryption MSFT OneDrive for Business Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Departmental Security Controls (Secure File Sharing) Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention “High Risk” vs. “Low Risk” UTS Managed Desktops SLA OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures Microsoft OneDrive for Business Microsoft OneDrive Device support Sync clients Desktop browsers Mobile apps Office Mobile apps Mobile browsers Microsoft OneDrive for Business Securely Store and share files • Store up to 1 TB of data in the cloud (Going to unlimited later 2015) • 2 GB maximum file size, 20,000 maximum files (Q3-­‐2015 targeted resolution) • Store HIPAA and FERPA protected data (if departmental policy permits) • Share files with USC users and non-­‐USC users Access and synchronize files easily • Access files using Web browsers or mobile devices • Access files directly from Microsoft Office desktop applications • Synchronize your local files with files in OneDrive for Business document libraries (with appropriate client software installed) – Mac version in beta Create and edit Microsoft Office files in the cloud with Office Web Apps • Word • Excel • PowerPoint • OneNote One Drive for Business Roadmap Today Q1 28-­‐Jan-­‐15 28-­‐Jan-­‐15 Q2 Q3 TBD Microsoft Office 365 Security, Privacy & Trust No advertising: We don’t build advertising products out of customer data No data mining: We don’t scan the contents of customer email or documents for analytics or data mining No co-­‐mingling: Business data and consumer data are stored separately Data is portable: Customer owns the data and can remove their data whenever they choose Customers know where their data is stored Customers know who can access their data and why Customers can stay in the know by choosing to receive updates regarding changes to security, privacy and audit information ISO 27001 EU Model Clauses HIPAA-­‐HITECH FERPA FISMA U.K. G-­‐Cloud IL2 CJIS 24 hour monitored physical datacenters Logical isolation of data between tenants Segregation of internal datacenter network from the external networks. Encryption at rest and in transit (AD-­‐RMS) Securing access to services via identity Data loss prevention Anti-­‐virus/anti spam 99.9% uptime Financial guarantees on uptime Redundancy in both functionality as well data Automated monitoring and recovery systems 24x7 on-­‐call engineering team available to handle issues Microsoft OneDrive for Business • Original plan was to deploy Accellion • Signed HIPAA BAA in January, 2015 • Completed account provisioning strategy in February, 2015 rd • Implementation requires 3 party assistance, procurement in progress • June goal for faculty/staff to be provisioned and OneDrive for Business deployed. SecureCarolina Endpoint Controls Enterprise Security Controls 5 4 3 Implement additional security controls for “high risk” endpoints/users ~ June ~ June WinMagic Whole Disk Encryption MSFT OneDrive for Business Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls (Secure File Sharing) Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention Departmental Security Controls DUO Security MFA “High Risk” vs. “Low Risk” UTS Managed Desktops SLA OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures DUO Security MFA DUO Security MFA Integrations UTS VMWare View (VDI) USC Police Department Research Computing Cluster Access Computer Science & Engineering Remote Access • UISO Security Infrastructure • Integrated w/ Shibboleth & CAS • • • • DUO Security MFA • Application Onboarding Process* – Review vendor integration docs on https://www.duosecurity.com/docs – Create ServiceNow ticket with UTS • Self-­‐Service Enrollment* – https://my.sc.edu/multifactor (if security questions have been set) – https://my.sc.edu/vipid/claim (if security questions have not been set) – Install and Activate DUO Mobile App *Full documentation available on network managers SharePoint site. SecureCarolina Endpoint Controls Enterprise Security Controls 6 Implement risk-­‐based logic in monitoring and assessment tools 5 Implement additional security controls for “high risk” endpoints/users 4 3 RSA NetWitness Alien Vault SIEM Nessus & NMAP WinMagic Whole Disk Encryption MSFT OneDrive for Business DUO Security MFA Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls Departmental Security Controls (Secure File Sharing) Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention “High Risk” vs. “Low Risk” UTS Managed Desktops SLA OR OU Managed Desktops Mandiant Intelligent Response USC Software Distribution OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures SecureCarolina Endpoint Controls Enterprise Security Controls 5 Implement additional security controls for “high risk” endpoints/users 4 3 RSA NetWitness Alien Vault SIEM Nessus & NMAP WinMagic Whole Disk Encryption MSFT OneDrive for Business DUO Security MFA Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls (Secure File Sharing) Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention “High Risk” vs. “Low Risk” Mandiant Intelligent Response USC Software Distribution Required & Managed Security Awareness & Training 6 Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls Ad-­‐hoc Self Service UTS Managed Desktops SLA OR OU Managed Desktops OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures Security Awareness & Training SecureCarolina Endpoint Controls Enterprise Security Controls 5 Implement additional security controls for “high risk” endpoints/users 4 3 RSA NetWitness Alien Vault SIEM Nessus & NMAP WinMagic Whole Disk Encryption MSFT OneDrive for Business DUO Security MFA Analyze agent data to identify “high risk” endpoints/users Deploy REQUIRED endpoint agents to university Faculty/Staff 2 Establish platform to distribute and manage endpoint agents 1 Develop policies & standards that established required controls (Secure File Sharing) Endpoint Data Symantec Endpoint Protection IBM Unified Endpoint Management Symantec Data Loss Prevention “High Risk” vs. “Low Risk” Mandiant Intelligent Response USC Software Distribution Required & Managed Security Awareness & Training 6 Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls Ad-­‐hoc Self Service UTS Managed Desktops SLA OR OU Managed Desktops OU Specific Information Security Plan and Procedures Endpoint Security Policies, Standards, Guidelines, & Procedures THANK YOU!!!! • Chief Data Officer • – Mike Kelly • • DAAC/DPAC Members Finance – Richard Moak • • – John Waters • High Performance Computing – Nathan Elger – Paul Segona – Ben Torkian Psychology Department – Robert Heller • USC Aiken – Joanne Williamson General Council – George Lample Human Resources • USC Upstate – Luke Vanwingerden THANK YOU!!! • UTS Team – – – – – – – – – – Rita Anderson Camelia Atkinson Erick Brashears Bill Crayton Jess Hawkins Jason Hooks Shannon Koontz Brian LaFlam Rick Lambert Vicki Mathis – – – – Tommy McDow Bill Miller Justin Sams Jay Waller • UTS Leadership Team • UTS ServiceDesk Team – Omar Ansari – Collen Morell – Katie Vaughan THANK YOU!!! • SecureCarolina Team – Kyle Brown – Richard Hackley – Joelyn Manfredi – Jonathan Martin – Brian Payne – Anthony Ryan – Jeff Whitson – Tom Webb SecureCarolina Data Analytics