4. Landscape
(Policy)
• Many policy or policy
frameworks are available.
– COBIT
– ISO 27000 series
– ITIL
– NIST
• Pick one and execute as a
first step.
• College courses in
security policy are
available.
6. Technology
• Technology is getting better rapidly.
• It is necessary but not sufficient.
• Attack vector is shifting away from hacks to
social engineering.
• Technology is not so good at preventing social
engineering.
7. Recent Example: UGA
• 8,500 staff and students
• Slow, deliberate social
engineering attack
• Answers to “secret”
questions found on
Facebook.
8. Another Example: South Carolina
Governor Nikki Haley, “This is
not a good day for
South Carolina.”
October 27, 2012
3/4ths of state citizens affected.
“The cost is also going to be
enormous,
given that South Carolina may be
required to pay for identity
theft protection services for anyone
who has paid taxes in South
Carolina since 1998,”
9. Landscape
• Attacks are increasing.
• Attacks are increasingly complex.
• Education, training and awareness becoming
increasingly important.
10. Normal versus Abnormal?
Three Questions
• What is normal for my
organization?
• What is abnormal?
• What do I do if
something abnormal
occurs?
11. Awareness, Training, and Education
Source: National Institute of Standards and Technology.
An Introduction to Computer Security: The NIST
Handbook. SP 800-12.
http://csrc.nist.gov/publications/nistpubs/800-12/.
13. Accountability Plus
Incident Count
Issue: In a five month period this year, 23% of
helpdesk incidents were computer abuse. This
represents a 255% increase over the same
period last year
Time
14. Computer Abuse Process
• Computer incident occurs What is
• Help Desk Notified wrong with
this process?
• Institution notified
• Help Desk Follows Up after 5 days
• Help Desk Ticket closed out by Help Desk
15. Accountability Plus
• Actions Taken:
– Incidents characterized as high, medium, or low
impact.
– Processes redefined to escalate resolution of these
cases to the President’s boss.
– New processes go into effect on 9 April.
• Importance to USG Presidents: A telephone call
from USG CIO is indicative of four days remaining
until the case is forwarded to USG senior
leadership.
Galileo, GeorgiaBest, GeorgiaFirst, GeorgiaonMyLine, GeorgiaView, GIL, PeachNet
16. Rest of the Story and Two Years Later…
• Rest of the Story: I told the presidents that if I
ever call them, their first step should be to fire
the institutional CIO.
• Two Years Later:
– The computer abuse line is linear – not
exponential.
– I have not called a President…yet.
Galileo, GeorgiaBest, GeorgiaFirst, GeorgiaonMyLine, GeorgiaView, GIL, PeachNet
17. Carronade
• Issue: The longer
students are at our
institution, the more
susceptible they are to
phishing attacks.
• Issue 2:
– Death by PowerPoint
training version 1 failed.
– Death by PowerPoint
training version 2 failed.
18. Carronade Hypothesis
• Have the students launch spear phishing
attacks against each other in a controlled
manner.
• Have students remediate other students.
• Don’t tell the technical staff when it will
happen.
• Do it every semester.
23. IT-SAMI INSPECTION SHEET
Best In BDE
Cadet Name Company Year Inspector Name
Category
ITEM POINTS
Best Regiment: 86.13
AD-AWARE
INSTALLED? NO,
CHECK UPDATES >= 1 WEEK OLD,
-30
- 05
Best Company: 95.00
>=3 WEEKS, -10
>= 1 MONTH, - 20 Worst Reg: 75.00
LAST SYSTEM SCAN >= 1 WEEK OLD, - 05
>=3 WEEKS,
>= 1 MONTH,
-10
- 20
Worst Company: 53.50
SCAN RESULTS
For each process -10
For every 20 additional items, -05
DEFRAGEMENT ANALYZE
SYSTEM SUGGESTED? YES, -10
ADD/REMOVE PROGRAM LIST
WILD TANGENT YES, -10
WEATHER BUG YES, -10
WELL KNOWN FILE SHARING YES, -20/item
BROWSER HEALTH
SEARCH BAR OTHER THAN GOOGLE YES, -10
VIRUSES
DEFENITION FILES >= 1 WEEK OLD, -5
>=3 WEEKS, -10
>= 1 MONTH, - 20
SYSTEM DATA
SPACE REMAINING ON C-DRIVE < 20%, -10
MAJORITY OF ACDEMIC DATA
STORED ON C-DRIVE YES, -20
4/7/2013 11:26 AM 23
24. Saturday AM Inspection
(IT SAMI)
In the hallways, cadets
stand inspection of their
military equipment.
In their rooms, cadets
stand inspection of their
computers.
4/7/2013 11:26 AM 24
25. Stealing Christmas
• The threat of organized crime and nation states
attacking your personal information is real. Grinch is
alive and well.
• Give your organization the gifts of a strong security
policy program, strong technology, and a strong
education program.
• Think outside the box in educating, training and
rewarding your organization.
26. Questions, Comments, a
Conversation
Dr. Curtis A. Carver Jr.
Vice Chancellor and CIO
Board of Regents
Notas del editor
Lots of good examples of policy available.Technology is good and rapidly improving.ATE is the weakest component in my opinion.