Upload File

the disintegrating perimeter: planning for the shift to asset-based security adam goldstein ccnp...

  • Home
  • Documents
  • The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University
22
The Disintegrating The Disintegrating Perimeter: Perimeter: Planning for Planning for the Shift to Asset-based the Shift to Asset-based Security Security Adam Goldstein CCNP CISSP Adam Goldstein CCNP CISSP IT Security Officer IT Security Officer Villanova University Villanova University

Upload: beryl-clementine-york

Post on 18-Jan-2016

216 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

The Disintegrating The Disintegrating Perimeter: Perimeter: Planning for the Shift Planning for the Shift

to Asset-based Securityto Asset-based Security

Adam Goldstein CCNP CISSPAdam Goldstein CCNP CISSP

IT Security OfficerIT Security Officer

Villanova UniversityVillanova University

Page 2: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 22

IntroductionIntroduction

Overview of Villanova and IT Overview of Villanova and IT Academic Strategic PlanAcademic Strategic Plan Evaluation of our environmentEvaluation of our environment Need for shift in our approachNeed for shift in our approach

Page 3: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 33

Discussion OutlineDiscussion Outline

Define Asset-based approachDefine Asset-based approach The Disintegrating Perimeter and The Disintegrating Perimeter and

other challengesother challenges The PlanThe Plan

• IT Security ModelIT Security Model• Strategic PlanStrategic Plan• IT ScorecardIT Scorecard

Page 4: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 44

Asset-based Security:Asset-based Security:

Focuses security efforts based on the Focuses security efforts based on the value of the information system and value of the information system and datadata

Page 5: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 55

Why Asset-based SecurityWhy Asset-based Security

Higher education institutions face Higher education institutions face different challenges in providing different challenges in providing information assuranceinformation assurance

Internal security incidents on the riseInternal security incidents on the rise Cannot secure every systemCannot secure every system

Page 6: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 66

The Disintegrating PerimeterThe Disintegrating Perimeter

Technological ChangesTechnological Changes Elevated RisksElevated Risks Obstacles for Higher Education Obstacles for Higher Education

InstitutionsInstitutions

Page 7: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 77

Disintegrating Perimeter-Disintegrating Perimeter-Technological ChangesTechnological Changes

Mobile Computing/Wireless NetworksMobile Computing/Wireless Networks Increased Remote Access NeedsIncreased Remote Access Needs Third-Party integrationThird-Party integration

• Business partnersBusiness partners• Research projectsResearch projects• Other institutionsOther institutions

Page 8: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 88

Disintegrating Perimeter-Disintegrating Perimeter-Elevated RisksElevated Risks

Improper Handling of University DataImproper Handling of University Data- Intent to commit fraud- Intent to commit fraud- Intent to commit espionage- Intent to commit espionage- Intent to harm an institution’s reputation- Intent to harm an institution’s reputation

Disruption of Critical ServicesDisruption of Critical Services- Unintentional disruption- Unintentional disruption- Malicious disruption- Malicious disruption

Unauthorized Access to University IT Unauthorized Access to University IT ResourcesResources

Page 9: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 99

The Disintegrating Perimeter-The Disintegrating Perimeter-Higher Ed ObstaclesHigher Ed Obstacles

Public Access RequirementsPublic Access Requirements

Diversity of SystemsDiversity of Systems

Diversity of User PopulationDiversity of User Population

Limited staff and resources for Limited staff and resources for information securityinformation security

Page 10: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1010

Shifting Focus- Asset-based Shifting Focus- Asset-based SecuritySecurity

In this environment, Information In this environment, Information Assurance cannot be an all or Assurance cannot be an all or nothing propositionnothing proposition

The most important information The most important information “assets” must be protected first“assets” must be protected first

Page 11: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1111

Strategic Approach- The PlanStrategic Approach- The Plan

Set goals by adopting a security Set goals by adopting a security modelmodel

Measure existing compliance with Measure existing compliance with modelmodel

Create initiatives to improve Create initiatives to improve compliancecompliance

Prioritize initiativesPrioritize initiatives Track progressTrack progress

Page 12: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1212

Purpose of the Security ModelPurpose of the Security Model

The Model intends to:The Model intends to: Detail Villanova University’s overall Detail Villanova University’s overall

vision of information technology vision of information technology security security

Set security standards for University Set security standards for University IT systems and processesIT systems and processes

Page 13: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1313

Format of Security ModelFormat of Security Model

The model uses a hierarchical architecture The model uses a hierarchical architecture All University systems and processes are All University systems and processes are

placed in a clearly defined security layerplaced in a clearly defined security layer Each layer sets standards for security Each layer sets standards for security

controls, administrative procedures, user controls, administrative procedures, user interaction, and acceptable risk. interaction, and acceptable risk.

The boundaries between the layers serve The boundaries between the layers serve to prevent unauthorized access from lower to prevent unauthorized access from lower security layers to higher security layers security layers to higher security layers

Page 14: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1414

Security Model LayersSecurity Model LayersThere are three layers to the There are three layers to the

Security Model:Security Model:

University SystemsUniversity Systems – – Systems not directly Systems not directly administered by UNITadministered by UNIT

Core UNIT SystemsCore UNIT Systems – – Academic, Administrative and Academic, Administrative and IT systems administered by IT systems administered by UNITUNIT

Security DomainsSecurity Domains – Systems – Systems that contain sensitive data, that contain sensitive data, perform critical University perform critical University functions, and/or require high functions, and/or require high security environmentssecurity environments

SecurityDomain

SecurityDomain

UniversitySystems

Core UNITSystems

SecurityDomain

Internet RemoteAccess

Page 15: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1515

Security Layer DefinitionSecurity Layer Definition

Each layer is defined by the following criteria:Each layer is defined by the following criteria:

Included SystemsIncluded Systems: The systems and resources : The systems and resources that fall under the specific layerthat fall under the specific layer

Security ControlsSecurity Controls: Specify the baseline security : Specify the baseline security standards required at the given level. Controls standards required at the given level. Controls include:include:• Technical Controls: Hardware and software security Technical Controls: Hardware and software security

requirementsrequirements• Administrative Controls: Required security measures for Administrative Controls: Required security measures for

system administrationsystem administration• User Interaction: Security requirements for system usersUser Interaction: Security requirements for system users

ExposuresExposures: Assumed risk at the given layer: Assumed risk at the given layer

Page 16: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1616

Strategic Plan- InitiativesStrategic Plan- Initiatives

Assessment of our current state Assessment of our current state against the Security Model against the Security Model highlighted deficiencieshighlighted deficiencies

Determined initiatives to protect Determined initiatives to protect assetsassets

Prioritized initiatives and developed Prioritized initiatives and developed multi-year planmulti-year plan

Page 17: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1717

Strategic Plan – Technical Strategic Plan – Technical InitiativesInitiatives

Firewalls/network segmentationFirewalls/network segmentation Network traffic scanningNetwork traffic scanning Integrity checkingIntegrity checking Enhanced monitoring toolsEnhanced monitoring tools Secure remote accessSecure remote access

Page 18: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1818

Strategic Plan- Administrative Strategic Plan- Administrative InitiativesInitiatives

Change management procedureChange management procedure Incident Response PolicyIncident Response Policy Security StandardsSecurity Standards Internal information system audit Internal information system audit

processprocess Security Monitoring ProcedureSecurity Monitoring Procedure Data Handling ProcedureData Handling Procedure ““Focused” User Awareness CampaignFocused” User Awareness Campaign

Page 19: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 1919

Strategic Plan- IT Security Strategic Plan- IT Security ScorecardScorecard

Developed a scorecard that rated Developed a scorecard that rated compliance with the security modelcompliance with the security model

Updated quarterly to monitor Updated quarterly to monitor improvementsimprovements

Highlights weaknesses and aids in Highlights weaknesses and aids in setting prioritiessetting priorities

Page 20: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 2020

Benefits of Asset-based ApproachBenefits of Asset-based Approach

Critical systems better protected from Critical systems better protected from internal threatsinternal threats

Critical data is more secureCritical data is more secure Heightened awareness among end usersHeightened awareness among end users System owners more involved with System owners more involved with

security practicessecurity practices• Increased compliance with security standardsIncreased compliance with security standards• Lowered incident response timeLowered incident response time

Page 21: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 2121

Challenges to Asset-based Challenges to Asset-based ApproachApproach

Overcoming “higher ed” obstaclesOvercoming “higher ed” obstacles Legacy systemsLegacy systems Asset inventoryAsset inventory

Page 22: The Disintegrating Perimeter: Planning for the Shift to Asset-based Security Adam Goldstein CCNP CISSP IT Security Officer Villanova University

Villanova University 2005Villanova University 2005 2222

Thanks!Thanks!

[email protected]@villanova.edu


Orally Fast Disintegrating Tablets: Developments ...kinampark.com/KPYear/files/2004 Fu, Orally fast disintegrating tablets: Development... · 433 Orally Fast Disintegrating Tablets:

Formulation of Ibuprofen Orally Disintegrating Tablets

Bioequivalence evaluation of pioglitazone orally disintegrating … · 2019-07-12 · Bioequivalence evaluation of pioglitazone orally disintegrating tablet formulation reSearch article

ZOMIG ZMT- zolmitriptan tablet, orally disintegrating

Oral disintegrating tablets

Modified Xanthan Gum as Hydrophilic Disintegrating

Predicting oral disintegrating tablet formulations by

VILLANOVA UNIVERSITY VILLANOVA UNIVERSITY

Chad Odhner - Villanova Law School - Villanova University

FINAL Orally Disintegrating Tablets

Orally Disintegrating Tablets - shijiebiaopin.net · Tablets ZOFRAN ODT® (ondansetron) Orally Disintegrating Tablets ZOFRAN® (ondansetron hydrochloride) Oral Solution DESCRIPTION

VILLANOVA SOFTBALL

VILLANOVA BASKETBALL

fast disintegrating oral thin films

Formulation and evaluation of orally disintegrating · PDF fileFormulation and evaluation of orally disintegrating tablet of Rizatriptan using natural superdisintegrant *Corresponding

ZYPREXA7 ZYDIS7 (Olanzapine) Orally Disintegrating Tablets€¦ · ZYPREXA7 ZYDIS7 (Olanzapine) Orally Disintegrating Tablets ... Each tablet contains olanzapine equivalent to 2.5

1stplace Villanova

Disintegrating Asteroid P/2013 R3 - ESA/Hubbleesahubble.org/static/archives/releases/science_papers/heic1405a.pdfApJLett Disintegrating Asteroid P/2013 R3 David Jewitt1,2, Jessica

Orally Fast Disintegrating Tablets

Villanova Artigas

FORMULASI FAST DISINTEGRATING TABLETS KOMPLEKS …repository.setiabudi.ac.id/650/2/SkripsiKhoirina.N...pdf · i formulasi fast disintegrating tablets kompleks inklusi loratadin-β-siklodekstrin

Kline v. Security Guards Inc - Villanova University

Risperidone oral disintegrating mini-tablets: A robust

FORMULATION AND EVALUATION OF ORALLY DISINTEGRATING …

Orally disintegrating compositions

2012-13 Edition First Impressions: Villanova Universityeducatedquest.com/wp-content/uploads/2014/06/Villanova-University.pdfences (Villanova College), Engineering, School of Business,

Interaction between Supersonic Disintegrating Liquid Jets ...bigbro.biophys.cornell.edu/publications/244_Im.pdfInteraction between Supersonic Disintegrating Liquid Jets and Their Shock

Integrating and Disintegrating Factors in Nigerias

Disintegrating Worldviews and the Future of Catholic

Clonazepam tablet, orally disintegrating

Villanova certificates

AccessData - Villanova

ORALLY DISINTEGRATING TABLET: A REVIEW

VillanoVa athletics - Villanova University · VillanoVa UniVersity athletic Marks ... 1. the University’s primary colors are navy and White. All apparel ... VillanoVa athletics

Research Article Taste Masked Orally Disintegrating