Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst...
-
Upload
jack-wilkinson -
Category
Documents
-
view
222 -
download
0
Transcript of Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst...
![Page 1: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/1.jpg)
Jon AllenInformation Security Officer
Baylor University
Adam SealeyInformation Security Analyst
Baylor University
Bob HartlandDirector of Security, IT Servers,
and NetworksBaylor University
Copyright Baylor University 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the
copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
![Page 2: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/2.jpg)
Chartered in 1845 Largest Baptist University in
the world 14,000 Students 2,225 Full Time Employees 6,500 Baylor owned
computers• Including labs, checkouts, etc.
Approx. 800 Faculty/Staff assigned laptops
2
![Page 3: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/3.jpg)
3
![Page 4: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/4.jpg)
Background on Encryption Types of Encryption Selection Process Implementation Retrospective The Future Q & A
4
![Page 5: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/5.jpg)
5
![Page 6: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/6.jpg)
Offices have now become mobile• Increasing move to laptops• Large percentage of data losses involve
laptop theft/loss 34 states have enacted privacy
legislation requiring notification if breached data is not encrypted
Migration from using SSN did not eliminate old stores of information
6
![Page 7: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/7.jpg)
Spring Semester (www.privacyrights.org)
• Average 50% of reported breaches involved laptop theft
Numerous examples exist in higher education
7
Company Type of Loss Amount of Loss
LifeBlood SSN’s of Donors 321,000
Horizon Blue Cross SSN’s of Customers 300,000
CollegeInvest PII of Customers 200,000
Harley Davidson CC#’s, Drivers Licenses
60,000
Agilent SSN’s of Customers 51,000
![Page 8: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/8.jpg)
Texas Privacy Legislation • Social Security Number• Driver’s License number• Credit card number• Bank account number
FERPA records PCI (Payment Card Industry)
8
![Page 9: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/9.jpg)
9
![Page 10: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/10.jpg)
Manual• Tools that allow users to manually encrypt and
decrypt files and folders Ex: GnuPGP, TrueCrypt, AXCrypt
Automatic (Folder Level)• Tools that allow users to define folders or virtual
drives that are automatically encrypted Ex: Windows EFS, PGP
Whole Disk• Boot time software that provides real-time
encryption/decryption below the OS level. Encrypts the entire volume or disk Ex: PGP, PointSec, SafeBoot, BitLocker, TrueCrypt
10
![Page 11: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/11.jpg)
ManualAutomatic
(Folder Level)
Whole Disk
Cost
Performance
User Education
User Interaction
Temporary Files
Multi-Platform
Disaster Recovery
Central Management
11
Meets requirement Partially meets requirement Does not meet requirement
![Page 12: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/12.jpg)
Performed Fall 2005
16
![Page 13: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/13.jpg)
These weights are for our situation. They need to be re-evaluated for each University’s unique requirements.
Weight Criteria
5 Whole Disk
5 Limited system performance impact
4 Centralized management
4 Passphrase recovery
3 Ease of deployment
3 Cost
1 OS Platform ( Support for multiple OS, Windows assumed)
17
![Page 14: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/14.jpg)
PointSec (www.checkpoint.com)• Recently acquired by Checkpoint. Was independent
at the time of the evaluation. Vista BitLocker (www.microsoft.com)
• Available only on Vista Ultimate and Enterprise, which was not in production at time of product selection.
• Requires TPM PGP (www.pgp.com)
• Good centralized management, solid reputation, and low system impact led to us choosing PGP as our solution.
SafeBoot (www.safeboot.com)• Added to product space after vendor selection.
18
![Page 15: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/15.jpg)
19
![Page 16: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/16.jpg)
Installation• Manual vs. Automatic
Setting up central server• Work through DR scenarios as well• Migrated to VM September 2007
Internal Q/A procedure• Working PGP into our system workflow• Only disk encryption, not mail for most
users
20
![Page 17: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/17.jpg)
Workstation Configuration• Backups• Screensavers• Hibernation vs. Standby
Authentication Method• Single Sign-on• Unified authentication• Separate Credentials
Administrative Tasks• Handling forgotten passphrases• Identifying which workstations require
encryption
21
![Page 18: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/18.jpg)
Administration Buy-in Thorough testing to up front Respond quickly to concerns Exhaustively test new versions
• do not feel compelled to upgrade until testing is complete
22
![Page 19: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/19.jpg)
23
![Page 20: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/20.jpg)
Over 540 clients deployed• Of those over 90% are laptops
Requirements have evolved• Require all faculty/staff laptops be
encrypted Over 800 laptops
• Goal: Include both Mac and Linux installations
Full time employee dedicated to PGP rollout and maintenance
24
![Page 21: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/21.jpg)
Do we think we made the right choice?• Whole disk• PGP
What would we have done differently• Better process for identifying who needs
encryption Data Inventory
• More resources QA resources Deployment resources
• More realistic timelines Deployment timeline
• Leverage Asset Management tools to identify target computers sooner
25
![Page 22: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/22.jpg)
Encryption included with software• OS• Databases
Further legislation mandating encrypted storage• PCI• HIPAA• Federal Legislation
Data Classification and Inventory• Let the policy drive the security effort
26
![Page 23: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/23.jpg)
27
![Page 24: Jon Allen Information Security Officer Baylor University Adam Sealey Information Security Analyst Baylor University Bob Hartland Director of Security,](https://reader035.fdocuments.net/reader035/viewer/2022062320/56649d895503460f94a6eb7c/html5/thumbnails/24.jpg)
Jon AllenInformation Security
Bob HartlandDirector of Security, IT Servers, and
Adam SealeyInformation Security
28
Derek TonkinInformation Security