Northwestern University

Download Report

Transcript Northwestern University 

Information and Systems
Security/Compliance
February 2005
Northwestern University Information Technology
Information and Systems Security/Compliance
Dave Kovarik
• Office: (847) 467-5930
• Email: [email protected]
• 1800 Sherman Ave., Evanston, Suite 600
• 20+ years in Information Security practice
• CISSP: Certified Info Systems Security
Professional
• CISM: Certified Information Security Manager
Northwestern University Information Technology
Information and Systems Security/Compliance
Office of the Vice President
Mort Rahimi, VP & CTO
Pat Todus, AVP & Deputy CIO
Dave Kovarik
Director
Sharlene Mielke
Disaster Recovery
Roger Safian
Information Security
Northwestern University Information Technology
Information and Systems Security/Compliance
• Purpose
 Enable the University to conduct
its business in a secure manner
 Maintain that delicate balance
between service and security
Northwestern University Information Technology
Information and Systems Security/Compliance
• Primary Areas of Responsibility
 Security – Information Protection Services
 Disaster Recovery / Business Continuity
 Compliance - Regulatory, University policy
Northwestern University Information Technology
Information and Systems Security/Compliance
• Basic Tenets of Information Security - CIA
 Confidentiality
 Integrity
 Availability/Accessibility
…and a few more
 Control (access)
 Individual accountability
 Audit trails (monitoring)
Northwestern University Information Technology
Information and Systems Security/Compliance
• Provide direction
 Plans: Strategic, Operational
 Security Architecture - compatible with and
complimentary of the System Architecture
 Aligned with business plans
Northwestern University Information Technology
Information and Systems Security/Compliance
• We want to be your Business Partner
 Working together toward common goals
 Design information protection solutions that
support your business
•
We have a Service &
Support Orientation
Northwestern University Information Technology
Information and Systems Security/Compliance
• Develop University policy and standards that
address information assets
 A collaborative effort, exercising sound
judgment, across all lines
• Focused on Individual Responsibility
and Accountability
Northwestern University Information Technology
Information and Systems Security/Compliance
• Accommodates regulatory and legislative
requirements (HIPAA, FERPA, GLBA, SarbanesOxley, U.S. Patriot Act, DMCA, FTC,
government-funded programs, et al)
• Employs business and industry “best practice”
• Ensures availability through recoverability
Northwestern University Information Technology
Information and Systems Security/Compliance
• Innovative and flexible, focused on…
 People (Largest Asset & Vulnerability)
 Process
 Technology
• Based on Risk
 Protection commensurate with value
Northwestern University Information Technology
Information and Systems Security/Compliance
• Risk Assessment
 Recognize Threat conditions (now and
foreseeable)
 Establish our Vulnerability to threat
conditions
 Determine the Risk
• Risk Management
 Control, minimize, eliminate, transfer or
otherwise mitigate the risk
Northwestern University Information Technology
Information and Systems Security/Compliance
• Forward-looking
 Anticipating and responding to client needs
 Requires early involvement
• Effective protection schemes
 Efficient in terms of resources: cost, time,
personnel and delivery
 Provide a competitive advantage:
“Client Confidence” factor
Northwestern University Information Technology
Information and Systems Security/Compliance
• Security Awareness and Training
 What’s in it for me?
 Timely, Consistent, Persistent
 “Tell ‘em, tell ‘em again, then tell ‘em one
more time, just to be sure!”
• Communication
 360 degrees
Northwestern University Information Technology
Information and Systems Security/Compliance
• Dave Kovarik (847) 467-5930
 [email protected]
• Sharlene Mielke (847) 467-7804
 [email protected]
• Roger Safian (847) 491-4058
 [email protected]
Northwestern University Information Technology
Information and Systems Security/Compliance
Thank You !!!
Your Questions / Discussion are Welcome…
Northwestern University Information Technology