Transcript Information Technology Security Services

Information Technology
Security Services at
The University of Michigan
Paul Howell
Chief Information Technology Security Officer
1
ITSS Overview
•
•
•
•
Service offerings
Security council
Initial activities
Questions
2
ITSS Offerings
Reactive Services
Proactive Services
Security Quality
Management
Services
Alerts and Warnings
Incident Handling
– Incident analysis
– Incident response on site
– Incident response support
– Incident response
coordination
Vulnerability Handling
– Vulnerability analysis
– Vulnerability response
– Vulnerability response
coordination
Artifact Handling
– Artifact analysis
– Artifact response
– Artifact response
coordination
Announcements
Technology Watch
Security Audits or Assessments
Configuration and
Maintenance of Security
Tools, Applications, and
Infrastructures
Development of Security Tools
Intrusion Detection Services
Security-Related Information
Dissemination
Risk Analysis
Security Consulting
Awareness Building
Education/Training
Product Evaluation or
Certification
3
Security Council
Cross University membership consisting of a
few Deans, business owners, UMHS, and
several faculty.
• Makes policy recommendations to
Provost, CFO, and EVP for Medial Affairs.
• Dialog & sane decisions around risk
management.
• Provides general direction for ITSS.
4
Initial Activities
• Planning for
– Staff sharing / training (discussed later)
– Incident response
– Security assessments
• Hiring for several security positions.
• Join FIRST.
• Prompt reporting of all computer security
incidents.
5
Initial Activities – cont.
• Establish an Incident Response Oversight
Team.
• Vulnerability scans of all wired & Wi-Fi
campus networks.
• ITSS Web site.
• Dark IP space for identifying scanning and
other activity.
6
Initial Activities – cont.
• NetFlow collection / processing at all UMInternet interconnects.
• Document and maintain network contacts
for all wired & Wi-Fi networks.
• Tools and procedures to locate a Wi-Fi
computer / AP.
7
Staff Sharing Program Goals
• Scale security skills within the existing workforce
• Medium level of competency
• Training done over a 4 to 6 month period,
consisting of a combination of self-paced, lecture
& lab, and on-the-job
• Pre-testing and post-testing measure progress
• New security job title and compensation, fraction
determined by local needs
• Periodic rotation through ITSS for 4 to 6 months
at half-time for on-going skills updating
8