Transcript Document
Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting December 5th, 2014 Information Security [email protected] Information Security The University of Texas at Dallas Education – Partnership – Solutions Holiday Checklist Presented by Dalton Brown Information Security The University of Texas at Dallas Education – Partnership – Solutions Happy Holidays from Information Security! Will you be like Alice or Bobby this holiday season? Bobby’s Checklist Thinks that his new smartphone doesn’t need a PIN code. Doesn’t have the ability to locate or wipe his new smartphone if lost. Believes updating software could break his laptop. Saves all of his important school work and music purchases to his new laptop but doesn’t back it up. Installed a fun game recommended by a stranger on Facebook. Setup a new wireless router and was too busy to set a security code. Santa is clearly not happy with Bobby. Information Security The University of Texas at Dallas Education – Partnership – Solutions Alice’s Checklist Remembered to set a complex passcode on her new smartphone. Remembered to setup Find my Phone service. Enabled automatic software updates. Found a backup solution for all of her school work and valuable pictures. Only downloads new software from reputable app store. Changed the default password on her new wireless printer. Santa Approves! Additional Holiday Tips • Stick with reputable retailers, charities, and software download stores. • You may receive emails about products, discounts, and package delivery – only click links if you are sure the email is legitimate. • If the deal seems too good to be true, it probably is. • Remain alert when shopping, keep purchases out-of-sight in trunk, avoid interaction with solicitors, and ask luxury stores to provide escort back to vehicle. Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security – Program Update Presented by Nate Howe Information Security The University of Texas at Dallas Education – Partnership – Solutions Program Scope Delivery Channels Security Services Objectives Confidentiality Integrity Availability Accountability Awareness & Outreach Governance, Risk & Compliance Vulnerability Management People Process Technology Facilities Engineering & Incident Response Identity Management Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security – Program Update 2014 Activities • • • • • • • • • New website with FAQs and videos Awareness brochure Open house for CS students Interviews with Mercury newspaper & radio Streamlined vendor survey Closed some Internal Audit issues Submitted annual report Disabled Server Registry reminder emails New policy submitted to HOP Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security – Program Update 2014 Activities, cont. • • • • • • Increased number of web applications tested Promoted adoption of Secunia patch management utility Promoted remediation of system vulnerabilities Expanded disk encryption tools to include BitLocker Signed agreement to offer Box.com with NetID integration Discontinued Absolute Manage; it can now be uninstalled Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security – Program Update 2015 Plans • Awareness campaigns and FAQs • Better risk management tools, ie. Exception Requests and Server Registry • More web testing, vulnerability reduction, and patching • Improved incident response tools, such as IDS and Splunk • 2-Factor authentication for high-value transactions • Continue rollout of disk encryption to new computers • Promote approved cloud tools, ie. Box.com & OneDrive • Provide access request website to replace CAR form Information Security The University of Texas at Dallas Education – Partnership – Solutions Information Security – Program Update Closing Thoughts • We consider the campus our customers and want to support their success. • What does Information Security mean to you? • What can we do for you? • We are open to feedback, let us know how we are doing! Information Security The University of Texas at Dallas Education – Partnership – Solutions Box.com Presented by Brian McElroy Information Security The University of Texas at Dallas Education – Partnership – Solutions Box.com – What is it? • Secure Enterprise Cloud Storage • Platform Agnostic – Web interface plus native clients for: Windows, Mac, Linux (community supported), Apple iOS, Android, Windows Phone and Blackberry Information Security The University of Texas at Dallas Education – Partnership – Solutions Box.com – Benefits • File sharing and collaboration • Sync files across multiple devices • Directly edit files using native Office apps • NetID Authentication • Security – FIPS 140-2 and HIPAA compliant – meets the data security requirements of most research grants • Logging and Audit Trail – see who accessed your files Information Security The University of Texas at Dallas Education – Partnership – Solutions Box.com – Availability • Early adopters can start using by February 2015 • General availability to all faculty and staff in Spring 2015 • Initial 100GB storage quota per user • Those interested in participating may email [email protected] Information Security The University of Texas at Dallas Education – Partnership – Solutions Records Retention Guest Presenter: Teresa Johnston Records Retention 101 create your future www.utdallas.edu Today’s goals • What is a record? • Why do retention rules exist? • How long should records be retained? • Where to get answers? create your future www.utdallas.edu A state record… – Documents the transaction of state business – Is created or received by a state employee or official – May exist in any medium (on any device) – Is a record whether it is open or closed create your future www.utdallas.edu Is anything NOT a record? An extra, identical copy of a record A blank form Library or reference materials 3-dimensional objects create your future www.utdallas.edu A record series is… • A grouping of records that all serve the same function and are all kept the same length of time. Application for Employment Application for Resume/ Cover Employment CV letter form create your future Transcript Writing sample www.utdallas.edu Why do we have retention rules? Open Meetings Act Public Information Act (Government Code Chapter 551) (Government Code Chapter 552) Records Management Laws (Government Code Chapter 441) create your future www.utdallas.edu Can’t we just keep everything? • There are consequences of keeping things too long… – Storage costs (physical & electronic) – Time spent on retrieval – Responsibility for protecting records – Legal risk create your future www.utdallas.edu Can’t we just get rid of it all? • …and for not keeping them long enough. – Criminal penalties and fines under the Public Information Act • Misdemeanor: $25$4,000, jail time, or both – Criminal penalties for tampering with government records • Felony or misdemeanor create your future www.utdallas.edu Records Retention Schedule (n.): A document that lists your agency’s records and tells you how long you have to keep them. create your future www.utdallas.edu A retention schedule is good for: Listing the records of your agency Telling you how long to keep your records Telling you what you can destroy and when Setting up a filing system Managing inactive records create your future www.utdallas.edu The “RRS” • Texas State Records Retention Schedule (RRS), Revised 4th edition • 300 common record types • Minimum retention periods create your future www.utdallas.edu State Retention Schedules Online create your https://www.tsl.state.tx.us/slrm/state/schedules.htm future l www.utdallas.edu UT Dallas’ schedule • State agency Records Management Officers use the Texas State Records Retention Schedule as a basis for their own records retention schedules. create your future www.utdallas.edu create your future www.utdallas.edu Questions? Teresa Johnston Director of Business Services, EH&S [email protected] 972-883-2797 Information Security The University of Texas at Dallas Education – Partnership – Solutions Questions & Discussion Information Security [email protected]