Transcript Document
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
ISC Meeting
December 5th, 2014
Information Security
[email protected]
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Holiday Checklist
Presented by Dalton Brown
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Happy Holidays from Information Security!
Will you be like Alice or Bobby this holiday season?
Bobby’s Checklist
Thinks that his new smartphone doesn’t
need a PIN code.
Doesn’t have the ability to locate or wipe
his new smartphone if lost.
Believes updating software could break his
laptop.
Saves all of his important school work and
music purchases to his new laptop but
doesn’t back it up.
Installed a fun game recommended by a
stranger on Facebook.
Setup a new wireless router and was too
busy to set a security code.
Santa is clearly not happy with Bobby.
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Alice’s Checklist
Remembered to set a complex passcode
on her new smartphone.
Remembered to setup Find my Phone
service.
Enabled automatic software updates.
Found a backup solution for all of her
school work and valuable pictures.
Only downloads new software from
reputable app store.
Changed the default password on her new
wireless printer.
Santa Approves!
Additional Holiday Tips
•
Stick with reputable retailers, charities, and software download
stores.
•
You may receive emails about products, discounts, and package
delivery – only click links if you are sure the email is legitimate.
•
If the deal seems too good to be true, it probably is.
•
Remain alert when shopping, keep purchases out-of-sight in trunk,
avoid interaction with solicitors, and ask luxury stores to provide
escort back to vehicle.
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Information Security – Program Update
Presented by Nate Howe
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Program Scope
Delivery
Channels
Security Services
Objectives
Confidentiality
Integrity
Availability
Accountability
Awareness &
Outreach
Governance,
Risk &
Compliance
Vulnerability
Management
People
Process
Technology
Facilities
Engineering &
Incident
Response
Identity
Management
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Information Security – Program Update
2014 Activities
•
•
•
•
•
•
•
•
•
New website with FAQs and videos
Awareness brochure
Open house for CS students
Interviews with Mercury newspaper & radio
Streamlined vendor survey
Closed some Internal Audit issues
Submitted annual report
Disabled Server Registry reminder emails
New policy submitted to HOP
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Information Security – Program Update
2014 Activities, cont.
•
•
•
•
•
•
Increased number of web applications tested
Promoted adoption of Secunia patch management utility
Promoted remediation of system vulnerabilities
Expanded disk encryption tools to include BitLocker
Signed agreement to offer Box.com with NetID integration
Discontinued Absolute Manage; it can now be uninstalled
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Information Security – Program Update
2015 Plans
• Awareness campaigns and FAQs
• Better risk management tools, ie. Exception Requests and
Server Registry
• More web testing, vulnerability reduction, and patching
• Improved incident response tools, such as IDS and Splunk
• 2-Factor authentication for high-value transactions
• Continue rollout of disk encryption to new computers
• Promote approved cloud tools, ie. Box.com & OneDrive
• Provide access request website to replace CAR form
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Information Security – Program Update
Closing Thoughts
• We consider the campus our customers and want to support
their success.
• What does Information Security mean to you?
• What can we do for you?
• We are open to feedback, let us know how we are doing!
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Box.com
Presented by Brian McElroy
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Box.com – What is it?
• Secure Enterprise Cloud Storage
• Platform Agnostic – Web interface plus native clients for: Windows,
Mac, Linux (community supported), Apple iOS, Android, Windows
Phone and Blackberry
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Box.com – Benefits
• File sharing and collaboration
• Sync files across multiple devices
• Directly edit files using native Office apps
• NetID Authentication
• Security – FIPS 140-2 and HIPAA compliant – meets the data
security requirements of most research grants
• Logging and Audit Trail – see who accessed your files
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Box.com – Availability
• Early adopters can start using by February 2015
• General availability to all faculty and staff in Spring 2015
• Initial 100GB storage quota per user
• Those interested in participating may email
[email protected]
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Records Retention
Guest Presenter: Teresa Johnston
Records
Retention
101
create your future
www.utdallas.edu
Today’s goals
• What is a record?
• Why do retention rules exist?
• How long should records be retained?
• Where to get answers?
create your future
www.utdallas.edu
A state record…
– Documents the transaction of state business
– Is created or received by a state employee or
official
– May exist in any medium (on any device)
– Is a record whether it is open or closed
create your future
www.utdallas.edu
Is anything NOT a record?
An extra, identical copy of a record
A blank form
Library or reference materials
3-dimensional objects
create your future
www.utdallas.edu
A record series is…
• A grouping of
records that all
serve the same
function and
are all kept the
same length of
time.
Application for Employment
Application for Resume/ Cover
Employment
CV
letter
form
create your future
Transcript
Writing
sample
www.utdallas.edu
Why do we have retention rules?
Open Meetings Act
Public Information Act
(Government Code Chapter 551)
(Government Code Chapter 552)
Records Management Laws
(Government Code Chapter 441)
create your future
www.utdallas.edu
Can’t we just keep everything?
• There are
consequences of
keeping things too
long…
– Storage costs (physical
& electronic)
– Time spent on retrieval
– Responsibility for
protecting records
– Legal risk
create your future
www.utdallas.edu
Can’t we just get rid of it all?
• …and for not keeping
them long enough.
– Criminal penalties and
fines under the Public
Information Act
• Misdemeanor: $25$4,000, jail time, or both
– Criminal penalties for
tampering with
government records
• Felony or misdemeanor
create your future
www.utdallas.edu
Records Retention Schedule
(n.): A document that lists your
agency’s records and tells you how
long you have to keep them.
create your future
www.utdallas.edu
A retention schedule is good for:
Listing the records of your agency
Telling you how long to keep your records
Telling you what you can destroy and
when
Setting up a filing system
Managing inactive records
create your future
www.utdallas.edu
The “RRS”
• Texas State
Records Retention
Schedule (RRS),
Revised 4th edition
• 300 common
record types
• Minimum retention
periods
create your future
www.utdallas.edu
State Retention Schedules Online
create your
https://www.tsl.state.tx.us/slrm/state/schedules.htm
future
l
www.utdallas.edu
UT Dallas’ schedule
• State agency Records Management
Officers use the Texas State Records
Retention Schedule as a basis for their
own records retention schedules.
create your future
www.utdallas.edu
create your future
www.utdallas.edu
Questions?
Teresa Johnston
Director of Business Services, EH&S
[email protected]
972-883-2797
Information Security
The University of Texas at Dallas
Education – Partnership – Solutions
Questions &
Discussion
Information Security
[email protected]