SecureCarolina - University of South Carolina

SecureCarolina Update
March 19, 2015
Agenda
• SecureCarolina Overview
• SecureCarolina Endpoint Strategy
–
–
–
–
–
–
–
–
Information Security Program (ISP) Updates
Endpoint Management Platform
Symantec Data Loss Prevention (DLP)
Mandiant Intelligent Response (MIR)
WinMagic Whole Disk Encryption (WDE)
Microsoft OneDrive for Business
DUO Security Multi-­‐Factor Authentication (MFA)
Security Training and Awareness
• SecureCarolina Data Analytics (time permitting)
SecureCarolina Project Summary
SecureCarolina is a comprehensive series of projects focused on improving the state of Information Security and Privacy at the University of South Carolina by establishing a top-­‐down security framework that will integrate security and privacy measures throughout all IT environments of the University of South Carolina system. The framework is three-­‐fold: Policies, Organization and Technology.
Project approved by Board of Trustees and funded through OneCarolina CISO
Co-­‐Sponsor
2 Year Project Term
4 Project Impact Areas Budget
Chief Auditor Co-­‐Sponsor
One time ~$1,600,000 Recurring ~$1,048,000
15 Project Goals 8 Sub-­‐projects
SecureCarolina Impact Areas
Reduce the risk of exposure of the sensitive data of University affiliates, including faculty, staff, students, patients, donors and others.
Reduce the risk of system compromises that Interfere with the work of faculty, staff and students, allow sensitive data exposure, allow illegal activity by criminals.
Establish an IT Audit capability
Reduce the financial and reputational risks to the University
from sensitive data breaches
SecureCarolina Impact Areas
Audit & Advisory Services
Pam Doran
Reduce the risk of exposure of the sensitive data of University affiliates, including faculty, staff, students, patients, donors and others.
Reduce the risk of system compromises that Interfere with the work of faculty, staff and students, allow sensitive data exposure, allow illegal activity by criminals.
Establish an IT Audit capability
IT Auditors
Roscoe Patterson
Richard Stingel
Reduce the financial and reputational risks to the University
from sensitive data breaches
SecureCarolina Sub-­‐Projects
1. Establish an Information Security and Privacy Policy Framework (Policy, Standards, Guidelines and Procedures) 2. Develop a Strategy for Identifying Significant IT Risk in the University Annual Audit Plan
3. Implement Proactive Scanning and Monitoring for Critical Systems and Processes
4. Implement End Point Protection
5. Develop a Strategy for Implementing Centralized Identity and Access Management
6. Establish Data Access Operational Controls for Enterprise Data Sources
7. Develop an Information Security Plan for each University unit not sufficiently addressed by University level procedures
8. Develop a Strategy for Supporting Information Security Regulatory Compliance in Research
Protection from what?
http://www.verizonenterprise.com/DBIR/
“…focus on the wide gap between percentages for the two phases. It smacks us with the fact that the bad guys seldom need days to get their job done, while the good guys rarely manage to get theirs done in a month of Sundays. The trend lines follow that initial smack with a roundhouse kick to the head. They plainly show that attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade. This doesn’t scale well, people.”
SecureCarolina Tools & Technologies
SSL VPN
Symantec Data Loss Prevention
RSA Net
Witness
OSSEC
MSFT Enhanced Mitigation Experience Toolkit
IBM UEM
Mandiant Intelligent Response
Accellion
Secure File Transfer
BRO
NESSUS
Symantec Endpoint Protection
AD Group Policy
Securing The Human
Symantec ITMS
Suite
NMAP
DUO Security
SNORT
App Locker
WinMagic
SecureDocs
WDE
MSFT OneDrive
for Business
Alien
Vault
SecureCarolina Implementation
SecureCarolina Endpoint Controls
Enterprise Security Controls
5
Implement additional security controls for “high risk” endpoints/users
4
3
2
1
RSA NetWitness
Alien Vault
SIEM
Nessus & NMAP
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business DUO Security MFA
Analyze agent data to identify “high risk” endpoints/users
(Secure File Sharing)
Endpoint Data
Deploy REQUIRED endpoint agents to university Faculty/Staff Symantec Endpoint Protection
Establish platform to distribute and manage endpoint agents
IBM Unified Endpoint Management
Develop policies & standards that established required controls
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
Mandiant Intelligent Response
USC Software Distribution
Required
& Managed
Security Awareness & Training
6
Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls
Ad-­‐hoc Self Service
UTS Managed Desktops SLA
OR
OU Managed Desktops
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Controls
Enterprise Security Controls
1
Develop policies & standards that established required controls
Departmental Security Controls
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Policy Framework
ISP
University 1.50
Federal Laws
State Laws
Industry Regulations
Best Practices
Deloitte Consulting, LLC
South Carolina Division of Information Security Policies
IT 3.0
•
•
•
•
•
•
•
Establishes data classification
Establishes data trustees
Establishes data stewards
Assigns VP/CIO responsibility
Establishes DAAC
Establishes OU management and end-­‐
user responsibilities
•
•
•
•
Assigns UISO responsibility for ISP
Assigns UISO responsibility for incident management
Requires OU to designate security liaison
Requires users to report compromises
Authorizes UISO to disconnect systems for failure to comply with ISP and/or compromised
Policies & Standards
Procedures
Guidelines
https://security.sc.edu
ISP: New/Updated Components
• 901.3 Sensitive Data Security Procedures -­‐ Updates
ISP
– Auditing Systems and Media for Sensitive Data
» Added 1.1.8 – Requires DLP & MIR agents as a detective controls on all systems
– Storing Sensitive Data
Policies & Standards
» Added 1.10.5 – Requires whole disk encryption on systems with restricted data, recommended on all systems
– User Authorization and Access Restrictions
Procedures
» Added 2.3.9 -­‐ Requires multi-­‐factor authentication on systems with restricted data, recommended on all systems (where feasible).
• 901.1 Procurement and Contracts Procedure – Updates
– Data Security Contract Addendum
Guidelines
» Modify definition of “covered data and information” to expand scope beyond current focus on student education record information.
• Vulnerability Management Standard – New
• Data Loss Prevention Operation Standard -­‐ New
ISP: Vulnerability Management Standard
• (NEW) -­‐ Vulnerability Management Standard
– The standard establishes a framework for identifying and promptly remediating vulnerabilities that could impact the university’s information, systems, or services.
– Applies to all university owned IT assets that transmit, process, store or access university data.
– UISO to perform regular (~monthly) scans and notify via ServiceNow ticket
– Devices not in compliance will be removed from the network
– Exceptions must be approved by Data Steward and CIO, DCIO, or CISO
– Establishes standard response times based on CVSS score as follows
Priority
CVSS Score
Standard Response
Critical
9.0 and higher
<= 5 business days
High
7.5 to 8.9
<= 2 weeks
Moderate/Low
7.4 and lower
<= 1 month
SecureCarolina Policy Framework
ISP
University 1.50
Federal Laws
State Laws
Industry Regulations
Best Practices
Deloitte Consulting, LLC
South Carolina Division of Information Security Policies
IT 3.0
•
•
•
•
•
•
•
Establishes data classification
Establishes data trustees
Establishes data stewards
Assigns VP/CIO responsibility
Establishes DAAC
Establishes OU management and end-­‐
user responsibilities
•
•
•
•
Assigns UISO responsibility for ISP
Assigns UISO responsibility for incident management
Requires OU to designate security liaison
Requires users to report compromises
Authorizes UISO to disconnect systems for failure to comply with ISP and/or compromised
Policies & Standards
Procedures
Guidelines
https://security.sc.edu
List of Policies:
•
Master Policy
•
Asset Management Policy
•
Data Protection and Privacy Policy
•
Access Control Policy
•
Info. Systems Acquisitions Development and Maint. Policy
•
Threat Vulnerability Management Policy
•
Business Continuity Management Policy
•
IT Risk Strategy Policy
•
Mobile Security Policy
•
Human Resources and Security Awareness Policy •
Physical Environmental Security Policy
•
Risk Management Policy
•
IT Compliance Policy
Data Classification:
•
Public
•
Internal Use
•
Confidential
•
Restricted
WHY IS THE COMPARISON TO THE STATE IMPORTANT
101.32. (BCB: Cyber Security) All state agencies must adopt and implement cyber security
policies, guidelines and standards developed by the Division of State Technology. The Division of
State Technology may conduct audits on state agencies except public institutions of higher
learning, technical colleges, political subdivisions, and quasi-­‐governmental bodies as necessary to
monitor compliance with established cyber security policies, guidelines and standards. Upon
request, public institutions of higher learning, technical colleges, political subdivisions, and
quasi-­‐governmental bodies shall submit sufficient evidence that their cyber security policies,
guidelines and standards meet or exceed those adopted and implemented by the Division of
State Technology. In addition, while agencies retain the primary responsibility and accountability
for ensuring responses to breach incidents comply with federal and state laws, the Division of
State Technology shall be informed of all agency cyber security breaches, and is authorized to
oversee incident responses in a manner determined by the Division of State Technology to be the
most prudent. Upon request of the Division of State Technology for information or data, all
agencies must fully cooperate with and furnish the Division of State Technology with all
documents, reports, assessments, and any other data and documentary information needed by
the Division to perform its mission and to exercise its functions, powers and duties. The Judicial
and Legislative Branches are specifically exempt from the requirements set forth herein.
http://www.scstatehouse.gov/sess120_2013-­‐2014/appropriations2014/tap1b.pdf
Security Program: Future Plans
• Major revision to ISP
– Integrate new data classification schema
– Align w/ SC DIS Policies (13)
– Tighter integration with NIST risk management framework
– Simplification of language
– Provide additional tools (e.g. templates, guidelines, etc.) SecureCarolina Endpoint Controls
Enterprise Security Controls
2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
IBM Unified Endpoint Management
USC Software Distribution
Departmental Security Controls
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Management
• UTS Standardizing on IBM Unified Endpoint Management (formerly “BigFix”), deployed to support decentralized administration.
• Requires purchase of client licenses and potentially a relay server for solution.
• Interested departments should contact UTS for further discussion on features, functionality, and process for implementation.
SecureCarolina Endpoint Controls
Enterprise Security Controls
3
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Departmental Security Controls
Symantec Endpoint Protection
IBM Unified Endpoint Management
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
Symantec Endpoint Protection
Symantec Endpoint Protection
Technology Overview
An integrated set of tools used to protect endpoints by providing five layers of protection (i.e. network, file, reputation, behavior, and repair).
Availability Details
Licensed for all university owned systems.
The cost is centrally funded.
Implementation Benefits
Helps prevent, detect, and remove viruses and malware.
Distribution Methods
IBM UEM for SLA
Software Distribution
Supported Endpoints
Windows XP to current, Mac OSX 10.6.8 to current, Windows Server 2K3 R2 to current, and Linux.
Additional Information
Symantec Data Sheet
or UTS Service Desk
SecureCarolina Endpoint Controls
Enterprise Security Controls
3
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Symantec Endpoint Protection
IBM Unified Endpoint Management
Departmental Security Controls
Symantec Data Loss Prevention
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
Symantec Data Loss Prevention
Symantec Data Loss Prevention
Technology Overview
Symantec DLP
is an agent-­‐based tool for discovering restricted data
(credit card information, social security numbers and bank routing numbers)
Availability Details*
Licensed for all university owned systems.
The cost is centrally funded.
* Console access requires mandatory training & executive approval
Implementation Benefits
It will be useful to the university in locating restricted data on servers and workstations in order to implement the proper steps to mitigate data loss and prevent a possible breach notification
Supported Endpoints
Windows 7 Enterprise, Professional or Ultimate w/SP1 (32/64 bit) Windows 8-­‐8.1 Update 1 Enterprise (64 bit) Apple Mac OS X 10.8, 10.9 (64 bit)
Windows Server 2003 w/SP2 or R2 (32 bit) Windows Server 2008 Enterprise R2 (64 bit)
Distribution Methods
Additional Information
IBM UEM for SLA
IT Managers Website
Software Distribution
ServiceNow Knowledgebase
* Console access requires mandatory training & executive approval
Security Website
ITMS on March 23, 2015
Symantec Data Loss Prevention
• Central aggregation of reports
• Management Console Access Prerequisites
–
–
–
–
Standard machine name prefixes (i.e. COUTSD, COUSHS, COPSYC, UP-­‐)
Static IP address
Training class & workflow
Authorization from Executive Management
• OU security liaisons will have access to results
• DLP Operation Standard establishes workflow
Symantec DLP Training Classes
• Register for a training class via opening a ServiceNow ticket.
• Attendance is required before access to the management console is enabled.
•
•
•
•
•
•
•
•
•
•
Tuesday March 31 Thursday April 2
Tuesday April 7 Friday April 10
Monday April 20
Wednesday April 22
Tuesday May 5 Wednesday May 6
Monday May 18
Tuesday May 26
2pm-­‐3pm
10am-­‐11am
2pm-­‐3pm
10am-­‐11am
2pm-­‐3pm 10am -­‐11am
10am – 11am
2pm – 3pm
2pm-­‐3pm
2pm-­‐3pm
ISP: DLP Operation Standard
SecureCarolina Endpoint Controls
Enterprise Security Controls
3
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
Departmental Security Controls
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
Mandiant Intelligent Response
Technology Overview
Agent-­‐based technology that allows the UISO to more quickly investigate systems and find malware. Availability Details
Available Now.
Licensed for 10k endpoints
Implementation Benefits
Quickly respond to infected computers and detected advanced attackers.
Supported Endpoints
Windows. Mac and Linux coming later 2015.
Distribution Methods
IBM UEM for SLA
Additional Information
ITMS on March 23, 2015
ServiceNow Knowledgebase
Software Distribution
SecureCarolina Endpoint Controls
Enterprise Security Controls
Departmental Security Controls
UTS Managed Desktops SLA
3
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Controls
Enterprise Security Controls
4
Analyze agent data to identify “high risk” endpoints/users
3
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
UTS Managed Desktops SLA
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
Departmental Security Controls
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Controls
Enterprise Security Controls
4
3
Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
Departmental Security Controls
“High Risk”
vs.
“Low Risk”
UTS Managed Desktops SLA
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Controls
Enterprise Security Controls
Departmental Security Controls
~ June
5
4
3
Implement additional security controls for “high risk” endpoints/users
WinMagic
Whole Disk
Encryption
Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
UTS Managed Desktops SLA
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
WinMagic SecureDoc WDE
•
•
•
•
•
•
•
Required for workstations that store restricted data, recommended for all
Works for Windows & Mac OSX
Infrastructure built, package deployed to pilot group in UTS
Plan to offer two initial policies (Auto-­‐boot and Pre-­‐boot Authentication)
Plan to deploy to desktop SLA first to confirm functionality and deployment, then make available to rest of university.
Network Managers will be provided OU specific custom installation packages, solution designed to enable decentralized administration.
Goal for general availability -­‐ June 2015
Device Compatibility:
http://www.winmagic.com/device-­‐compatibility
SecureCarolina Endpoint Controls
Enterprise Security Controls
5
4
3
Implement additional security controls for “high risk” endpoints/users
~ June
~ June
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Departmental Security Controls
(Secure File Sharing)
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
UTS Managed Desktops SLA
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
Microsoft OneDrive for Business
Microsoft OneDrive Device support
Sync clients
Desktop browsers
Mobile apps
Office Mobile apps
Mobile browsers
Microsoft OneDrive for Business
Securely Store and share files
•
Store up to 1 TB of data in the cloud (Going to unlimited later 2015)
•
2 GB maximum file size, 20,000 maximum files (Q3-­‐2015 targeted resolution)
•
Store HIPAA and FERPA protected data (if departmental policy permits)
•
Share files with USC users and non-­‐USC users
Access and synchronize files easily
•
Access files using Web browsers or mobile devices
•
Access files directly from Microsoft Office desktop applications
•
Synchronize your local files with files in OneDrive for Business document libraries (with appropriate client software installed) – Mac version in beta
Create and edit Microsoft Office files in the cloud with Office Web Apps
•
Word
•
Excel
•
PowerPoint •
OneNote
One Drive for Business Roadmap
Today
Q1
28-­‐Jan-­‐15
28-­‐Jan-­‐15
Q2
Q3
TBD
Microsoft Office 365
Security, Privacy & Trust
No advertising: We don’t build advertising products out of customer data
No data mining: We don’t scan the contents of customer email or documents for analytics or data mining
No co-­‐mingling: Business data and consumer data are stored separately
Data is portable: Customer owns the data and can remove their data whenever they choose
Customers know where their data is stored
Customers know who can access their data and why Customers can stay in the know by choosing to receive updates regarding changes to security, privacy and audit information
ISO 27001
EU Model Clauses
HIPAA-­‐HITECH
FERPA
FISMA
U.K. G-­‐Cloud IL2
CJIS
24 hour monitored physical datacenters
Logical isolation of data between tenants
Segregation of internal datacenter network from the external networks.
Encryption at rest and in transit (AD-­‐RMS)
Securing access to services via identity
Data loss prevention
Anti-­‐virus/anti spam
99.9% uptime
Financial guarantees on uptime
Redundancy in both functionality as well data
Automated monitoring and recovery systems
24x7 on-­‐call engineering team available to handle issues
Microsoft OneDrive for Business
• Original plan was to deploy Accellion
• Signed HIPAA BAA in January, 2015
• Completed account provisioning strategy in February, 2015
rd
• Implementation requires 3 party assistance, procurement in progress
• June goal for faculty/staff to be provisioned and OneDrive for Business deployed.
SecureCarolina Endpoint Controls
Enterprise Security Controls
5
4
3
Implement additional security controls for “high risk” endpoints/users
~ June
~ June
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
(Secure File Sharing)
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
Departmental Security Controls
DUO Security MFA
“High Risk”
vs.
“Low Risk”
UTS Managed Desktops SLA
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
DUO Security MFA
DUO Security MFA Integrations
UTS VMWare View (VDI)
USC Police Department
Research Computing Cluster Access
Computer Science & Engineering Remote Access
• UISO Security Infrastructure
• Integrated w/ Shibboleth & CAS
•
•
•
•
DUO Security MFA
• Application Onboarding Process*
– Review vendor integration docs on https://www.duosecurity.com/docs
– Create ServiceNow ticket with UTS
• Self-­‐Service Enrollment*
– https://my.sc.edu/multifactor (if security questions have been set)
– https://my.sc.edu/vipid/claim (if security questions have not been set)
– Install and Activate DUO Mobile App
*Full documentation available on network managers SharePoint site.
SecureCarolina Endpoint Controls
Enterprise Security Controls
6
Implement risk-­‐based logic in monitoring and assessment tools 5
Implement additional security controls for “high risk” endpoints/users
4
3
RSA NetWitness
Alien Vault
SIEM
Nessus & NMAP
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business DUO Security MFA
Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
Departmental Security Controls
(Secure File Sharing)
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
UTS Managed Desktops SLA
OR
OU Managed Desktops
Mandiant Intelligent Response
USC Software Distribution
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
SecureCarolina Endpoint Controls
Enterprise Security Controls
5
Implement additional security controls for “high risk” endpoints/users
4
3
RSA NetWitness
Alien Vault
SIEM
Nessus & NMAP
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business DUO Security MFA
Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
(Secure File Sharing)
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
Mandiant Intelligent Response
USC Software Distribution
Required
& Managed
Security Awareness & Training
6
Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls
Ad-­‐hoc Self Service
UTS Managed Desktops SLA
OR
OU Managed Desktops
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
Security Awareness & Training
SecureCarolina Endpoint Controls
Enterprise Security Controls
5
Implement additional security controls for “high risk” endpoints/users
4
3
RSA NetWitness
Alien Vault
SIEM
Nessus & NMAP
WinMagic
Whole Disk
Encryption
MSFT OneDrive
for Business DUO Security MFA
Analyze agent data to identify “high risk” endpoints/users
Deploy REQUIRED endpoint agents to university Faculty/Staff 2
Establish platform to distribute and manage endpoint agents
1
Develop policies & standards that established required controls
(Secure File Sharing)
Endpoint Data
Symantec Endpoint Protection
IBM Unified Endpoint Management
Symantec Data Loss Prevention
“High Risk”
vs.
“Low Risk”
Mandiant Intelligent Response
USC Software Distribution
Required
& Managed
Security Awareness & Training
6
Implement risk-­‐based logic in monitoring and assessment tools Departmental Security Controls
Ad-­‐hoc Self Service
UTS Managed Desktops SLA
OR
OU Managed Desktops
OU Specific Information Security Plan and Procedures
Endpoint Security Policies, Standards, Guidelines, & Procedures
THANK YOU!!!!
•
Chief Data Officer
•
– Mike Kelly •
•
DAAC/DPAC Members
Finance
– Richard Moak
•
•
– John Waters
•
High Performance Computing
– Nathan Elger
– Paul Segona
– Ben Torkian
Psychology Department
– Robert Heller
•
USC Aiken – Joanne Williamson
General Council
– George Lample
Human Resources
•
USC Upstate
– Luke Vanwingerden
THANK YOU!!!
• UTS Team
–
–
–
–
–
–
–
–
–
–
Rita Anderson
Camelia Atkinson
Erick Brashears
Bill Crayton
Jess Hawkins
Jason Hooks
Shannon Koontz
Brian LaFlam
Rick Lambert
Vicki Mathis
–
–
–
–
Tommy McDow
Bill Miller
Justin Sams
Jay Waller
• UTS Leadership Team
• UTS ServiceDesk Team
– Omar Ansari
– Collen Morell
– Katie Vaughan
THANK YOU!!!
• SecureCarolina Team
– Kyle Brown
– Richard Hackley
– Joelyn Manfredi
– Jonathan Martin
– Brian Payne
– Anthony Ryan
– Jeff Whitson
– Tom Webb
SecureCarolina Data Analytics