Post on 20-Dec-2015
Northwestern University Information Technology
Information and Systems Security/Compliance
February 2005
Northwestern University Information Technology
Dave Kovarik
• Office: (847) 467-5930
• Email: david-kovarik@northwestern.edu
• 1800 Sherman Ave., Evanston, Suite 600
• 20+ years in Information Security practice
• CISSP: Certified Info Systems Security Professional
• CISM: Certified Information Security Manager
Information and Systems Security/Compliance
Northwestern University Information Technology
Information and Systems Security/Compliance
Office of the Vice President
Mort Rahimi, VP & CTO
Pat Todus, AVP & Deputy CIO
Dave KovarikDirector
Sharlene MielkeDisaster Recovery
Roger SafianInformation Security
Northwestern University Information Technology
• Purpose
Enable the University to conductits business in a secure manner
Maintain that delicate balance between service and security
Information and Systems Security/Compliance
Northwestern University Information Technology
• Primary Areas of Responsibility
Security – Information Protection Services
Disaster Recovery / Business Continuity
Compliance - Regulatory, University policy
Information and Systems Security/Compliance
Northwestern University Information Technology
• Basic Tenets of Information Security - CIA Confidentiality
Integrity
Availability/Accessibility
…and a few more Control (access)
Individual accountability
Audit trails (monitoring)
Information and Systems Security/Compliance
Northwestern University Information Technology
• Provide direction
Plans: Strategic, Operational
Security Architecture - compatible with and complimentary of the System Architecture
Aligned with business plans
Information and Systems Security/Compliance
Northwestern University Information Technology
• We want to be your Business Partner
Working together toward common goals
Design information protection solutions that
support your business
• We have a Service &
Support Orientation
Information and Systems Security/Compliance
Northwestern University Information Technology
• Develop University policy and standards that
address information assets
A collaborative effort, exercising sound
judgment, across all lines
• Focused on Individual Responsibility
and Accountability
Information and Systems Security/Compliance
Northwestern University Information Technology
• Accommodates regulatory and legislative
requirements (HIPAA, FERPA, GLBA,
Sarbanes-Oxley, U.S. Patriot Act, DMCA, FTC,
government-funded programs, et al)
• Employs business and industry “best practice”
• Ensures availability through recoverability
Information and Systems Security/Compliance
Northwestern University Information Technology
• Innovative and flexible, focused on…
People (Largest Asset & Vulnerability)
Process
Technology
• Based on Risk
Protection commensurate with value
Information and Systems Security/Compliance
Northwestern University Information Technology
• Risk Assessment Recognize Threat conditions (now and
foreseeable) Establish our Vulnerability to threat
conditions Determine the Risk
• Risk Management Control, minimize, eliminate, transfer or
otherwise mitigate the risk
Information and Systems Security/Compliance
Northwestern University Information Technology
• Forward-looking Anticipating and responding to client needs Requires early involvement
• Effective protection schemes Efficient in terms of resources: cost, time,
personnel and delivery Provide a competitive advantage:
“Client Confidence” factor
Information and Systems Security/Compliance
Northwestern University Information Technology
• Security Awareness and Training
What’s in it for me?
Timely, Consistent, Persistent
“Tell ‘em, tell ‘em again, then tell ‘em one
more time, just to be sure!”
• Communication
360 degrees
Information and Systems Security/Compliance
Northwestern University Information Technology
• Dave Kovarik (847) 467-5930 david-kovarik@northwestern.edu
• Sharlene Mielke (847) 467-7804 s-mielke@northwestern.edu
• Roger Safian (847) 491-4058 r-safian@northwestern.edu
Information and Systems Security/Compliance
Northwestern University Information Technology
Thank You !!!
Your Questions / Discussion are Welcome…
Information and Systems Security/Compliance