Date post: | 04-Jan-2016 |
Category: |
Documents |
Upload: | corey-james |
View: | 212 times |
Download: | 0 times |
TIF-Security Update
Robert Ono, IT Security Coordinator
October 2010
Discussion Topics
• 2010 Cyber-safety Online Survey
• New Privacy Breach Insurance
• Passphrase Update
• October is Cyber-security Month
• Reminder: Cyber-safety Update for Mobile Devices
2
2010 Cyber-safety Survey
• Online survey is available today– https://cybersafetysurvey.ucdavis.edu
• Complete paper survey first• Seek management review/approval
of paper version• Transfer survey results to the online
survey
3
2010 Cyber-safety Survey – More
• http://security.ucdavis.edu/cybersafety.cfm
4
New Privacy Breach Insurance
• Program adopted in 2010
• Financial liability coverage for institutional
expenses related to a privacy/security
breach, such as legal and forensic
services, breach notices, credit
monitoring services, identity restoration
services and/or call center services.
5
New Privacy Breach Insurance
• Fine print:– Documented BFB IS-3 and Cyber-safety
compliance– External vulnerability scanning of covered
systems, using services such as the campus vulnerability scanning service.
– Segregation and isolation of servers with personal identity information from other production systems via a firewall.
6
New Privacy Breach Insurance
– Maintenance of a process documenting account authentication/authorization privileges.
– Unit certification of adequate implementation of the required security processes prior to the loss.
– Unit certification that the required security processes were in place at the time of loss.
http://www.ucop.edu/ucophome/policies/bfb/bus80.pdf
7
Passphrase Update
• 55 percent of account holders have
transitioned to a passphrase
• Starting October 18, account holders with
passwords will receive alerts during
authentication
• Between November 1 and February 3,
accounts with passwords will be expired
8
Passphrase Update
• Schedule reflects holidays and final
scheduled.
• Supporting Tools:
– Individuals can login and view their expiration
date
– Technical staff can view expiration calendar
http://security.ucdavis.edu/passphrase.cfm
9
October is Cyber-safety Month
• http://isc.sans.edu/diary.html?storyid=9640
• http://www.sans.org/vlive/cyber-security-
awareness
10
Cyber-safety and Mobile Devices
• Cyber-safety policy updated to address
mobile devices
• Mobile devices included in 2010 Cyber-
safety survey
• Focus on mobile devices using ActiveSync
and Blackberry Enterprise Server
11