a model for today: partnering with industry to enhance institutional information security...
TRANSCRIPT
![Page 1: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/1.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 1/15
A Model for Today Partnering with Industry to Enhance
Institutional Information Security Capabilities
April 16, 2013EDUCAUSE Security Professionals Conference
St. Louis, MO
![Page 2: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/2.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 2/15
Your speakers
Jon Maurer Brian Kenyon Ben Woelk
Information Security
Officer
VP & CTO of Security
Connected
Policy and Awareness
Analyst
RIT McAfee RIT
![Page 3: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/3.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 3/15
About RIT
• Private University
• Carnegie Classification– Master's L
• ~18,000 students, ~3000faculty and staff – Large college of computing and
information sciences
• Mix of centralized anddecentralized IT
![Page 4: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/4.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 4/15
The Higher EdSecurity Paradox
• Higher education is complex– Heterogeneous technology
– Culture of “ academic freedom”
– Distributed, consensus-oriented
decision-making
• Relative priority of security– Security not perceived as core
– Not a full appreciation of r isks
– Limited regulatory enforcement
Difficult to
secure
Limited
resources
![Page 5: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/5.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 5/15
OptimizedReactive Compliant Proactive
RIT experience:
Cost explosion with limited resources
Security PostureRisk
Additive Cost
High
Low
5
V a l u e
Organizational Maturity
![Page 6: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/6.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 6/15
The “A La Carte” Approach
Host IPSAgent
NetworkSecurity
AuditAgent
AntivirusAgent
Encryption
VulnerabilityScanners
DLP
EVERYSOLUTION HAS
AN AGENT
EVERYAGENT HASA CONSOLE
EVERYCONSOLEREQUIRESA SERVER
EVERYSERVER REQUIRES
AN OS/DB
EVERY OS/DB REQUIRESPEOPLE, MAINTENANCE,
PATCHING
WHERE DOESIT END?
6
![Page 7: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/7.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 7/15
The Bundled Approach
SINGLECONSOLE
SINGLEAGENT
McAfee ePO Server(AV, DLP, NAC,
Encryption,PA, Site Advisor)
7
![Page 8: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/8.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 8/15
Data CenterNetwork Intrusion
Prevention System
Hypervisor Security
Policy Auditing
The Solution Bundle
Endpoint Ant i-Virus & Anti -Spyware
Endpoint Firewall
Host IPS
Policy Auditing
Endpoint Encryption
Macintosh AV
M c A
f e e A g e n t
Server Security
Mobile and Tablet Security
Database Security
Vulnerability Mgmt
Intel Root Ki t Protection
Existing
Replace
New
Risk Advisor • Agent deployment
• Configuration
• Updates
• Policy settings
• Alerts
• Reporting
Single AgentSingle Console
ePO
![Page 9: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/9.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 9/15
OptimizedReactive Compliant Proactive
Security PostureRisk
Additive Cost
High
Low
9
V a l u e
Organizational Maturity
April 19, 2013
Efficiency
• Better view of risks• Less Hardware/Software• Less performance impact on endpoints• Easier to train, monitor, remediate,
maintain, audit• Reduced incident response / forensics
![Page 10: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/10.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 10/15
Solution:
RIT
• $2.3 million gift in securityhardware and software
• Professional Services
• Platinum Support
• Interlock lab for academicsecurity department
• Co-op opportunities
McAfee
• Inclusion in Global ThreatIntelligence (GTI)
• Reference architecture inHigher Ed
• Access to RIT’s academicsecurity program andstudents
A mutually beneficial and innovativestrategic partnership
![Page 11: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/11.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 11/15
Levers for managementAspect of Partnership Appeals to
Core to academic mission
Interlock Lab
Coops
Research opportunities
Academic Affairs
Dean & Faculty
Research
Gift Development
Financial
Superior value
Planned expense
Procurement
Finance
Address audit items Audit / Governance
Technology, Ease IT Operations
![Page 12: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/12.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 12/15
Key Learnings
• Find a partner with depth and breadth:security and
• Focus on the strategic relationship
• Good relationship between two primarycontacts is key– Both must be well positioned for internal selling
– Both must be Persistent
This is a marriage!
![Page 13: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/13.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 13/15
Implementation
The devil is in the details:• Resource levels
• Staffing
• Processes
• Technology Architecture
McAfee professional services and platinumsupport help achieve internal alignment onpreviously contentious root cause issues.
![Page 14: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/14.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 14/15
Q&A
![Page 15: A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)](https://reader031.vdocuments.us/reader031/viewer/2022022000/577cd90f1a28ab9e78a296c4/html5/thumbnails/15.jpg)
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 15/15
For more information
• J on Maurer, [email protected]• Chris Schmidt, [email protected]• $2.3 Million Gift From McAfee Fortifies RIT’s Information
Security http://www.rit.edu/news/story.php?id=49355