Northwestern University
Download
Report
Transcript Northwestern University
Information and Systems
Security/Compliance
February 2005
Northwestern University Information Technology
Information and Systems Security/Compliance
Dave Kovarik
• Office: (847) 467-5930
• Email: [email protected]
• 1800 Sherman Ave., Evanston, Suite 600
• 20+ years in Information Security practice
• CISSP: Certified Info Systems Security
Professional
• CISM: Certified Information Security Manager
Northwestern University Information Technology
Information and Systems Security/Compliance
Office of the Vice President
Mort Rahimi, VP & CTO
Pat Todus, AVP & Deputy CIO
Dave Kovarik
Director
Sharlene Mielke
Disaster Recovery
Roger Safian
Information Security
Northwestern University Information Technology
Information and Systems Security/Compliance
• Purpose
Enable the University to conduct
its business in a secure manner
Maintain that delicate balance
between service and security
Northwestern University Information Technology
Information and Systems Security/Compliance
• Primary Areas of Responsibility
Security – Information Protection Services
Disaster Recovery / Business Continuity
Compliance - Regulatory, University policy
Northwestern University Information Technology
Information and Systems Security/Compliance
• Basic Tenets of Information Security - CIA
Confidentiality
Integrity
Availability/Accessibility
…and a few more
Control (access)
Individual accountability
Audit trails (monitoring)
Northwestern University Information Technology
Information and Systems Security/Compliance
• Provide direction
Plans: Strategic, Operational
Security Architecture - compatible with and
complimentary of the System Architecture
Aligned with business plans
Northwestern University Information Technology
Information and Systems Security/Compliance
• We want to be your Business Partner
Working together toward common goals
Design information protection solutions that
support your business
•
We have a Service &
Support Orientation
Northwestern University Information Technology
Information and Systems Security/Compliance
• Develop University policy and standards that
address information assets
A collaborative effort, exercising sound
judgment, across all lines
• Focused on Individual Responsibility
and Accountability
Northwestern University Information Technology
Information and Systems Security/Compliance
• Accommodates regulatory and legislative
requirements (HIPAA, FERPA, GLBA, SarbanesOxley, U.S. Patriot Act, DMCA, FTC,
government-funded programs, et al)
• Employs business and industry “best practice”
• Ensures availability through recoverability
Northwestern University Information Technology
Information and Systems Security/Compliance
• Innovative and flexible, focused on…
People (Largest Asset & Vulnerability)
Process
Technology
• Based on Risk
Protection commensurate with value
Northwestern University Information Technology
Information and Systems Security/Compliance
• Risk Assessment
Recognize Threat conditions (now and
foreseeable)
Establish our Vulnerability to threat
conditions
Determine the Risk
• Risk Management
Control, minimize, eliminate, transfer or
otherwise mitigate the risk
Northwestern University Information Technology
Information and Systems Security/Compliance
• Forward-looking
Anticipating and responding to client needs
Requires early involvement
• Effective protection schemes
Efficient in terms of resources: cost, time,
personnel and delivery
Provide a competitive advantage:
“Client Confidence” factor
Northwestern University Information Technology
Information and Systems Security/Compliance
• Security Awareness and Training
What’s in it for me?
Timely, Consistent, Persistent
“Tell ‘em, tell ‘em again, then tell ‘em one
more time, just to be sure!”
• Communication
360 degrees
Northwestern University Information Technology
Information and Systems Security/Compliance
• Dave Kovarik (847) 467-5930
[email protected]
• Sharlene Mielke (847) 467-7804
[email protected]
• Roger Safian (847) 491-4058
[email protected]
Northwestern University Information Technology
Information and Systems Security/Compliance
Thank You !!!
Your Questions / Discussion are Welcome…
Northwestern University Information Technology