TIF-Security Update

Robert Ono, IT Security Coordinator

October 2010

Discussion Topics

• 2010 Cyber-safety Online Survey

• New Privacy Breach Insurance

• Passphrase Update

• October is Cyber-security Month

• Reminder: Cyber-safety Update for Mobile Devices

2

2010 Cyber-safety Survey

• Online survey is available today– https://cybersafetysurvey.ucdavis.edu

• Complete paper survey first• Seek management review/approval

of paper version• Transfer survey results to the online

survey

3

2010 Cyber-safety Survey – More

• http://security.ucdavis.edu/cybersafety.cfm

4

New Privacy Breach Insurance

• Program adopted in 2010

• Financial liability coverage for institutional

expenses related to a privacy/security

breach, such as legal and forensic

services, breach notices, credit

monitoring services, identity restoration

services and/or call center services.

5

New Privacy Breach Insurance

• Fine print:– Documented BFB IS-3 and Cyber-safety

compliance– External vulnerability scanning of covered

systems, using services such as the campus vulnerability scanning service.

– Segregation and isolation of servers with personal identity information from other production systems via a firewall.

6

New Privacy Breach Insurance

– Maintenance of a process documenting account authentication/authorization privileges.

– Unit certification of adequate implementation of the required security processes prior to the loss.

– Unit certification that the required security processes were in place at the time of loss.

http://www.ucop.edu/ucophome/policies/bfb/bus80.pdf

7

Passphrase Update

• 55 percent of account holders have

transitioned to a passphrase

• Starting October 18, account holders with

passwords will receive alerts during

authentication

• Between November 1 and February 3,

accounts with passwords will be expired

8

Passphrase Update

• Schedule reflects holidays and final

scheduled.

• Supporting Tools:

– Individuals can login and view their expiration

date

– Technical staff can view expiration calendar

http://security.ucdavis.edu/passphrase.cfm

9

October is Cyber-safety Month

• http://isc.sans.edu/diary.html?storyid=9640

• http://www.sans.org/vlive/cyber-security-

awareness

10

Cyber-safety and Mobile Devices

• Cyber-safety policy updated to address

mobile devices

• Mobile devices included in 2010 Cyber-

safety survey

• Focus on mobile devices using ActiveSync

and Blackberry Enterprise Server

11