Results from the CIFAC Project and What They Mean to You Virginia E. Rezmierski Daniel M. Rothschild...
-
Upload
norman-lyons -
Category
Documents
-
view
213 -
download
0
Transcript of Results from the CIFAC Project and What They Mean to You Virginia E. Rezmierski Daniel M. Rothschild...
Results from the CIFAC Project and What They Mean to You
Virginia E. Rezmierski
Daniel M. Rothschild
April 4, 2005
Washington, DC
Advisory Board
Mark S. Bruhn, B.S., CISSPIndiana University
Shawn A. Butler, Ph.D.Carnegie Mellon University
Robert Clark, Jr., B.A., CIA, CBMGeorgia Tech
Tracy Mitrano, Ph.D., J.D.Cornell University
Rodney Petersen, J.D., Ph.D.EDUCAUSE
E. Eugene Schultz, Ph.D.Lawrence Berkeley Nat’l Laboratory
Barbara Simons, Ph.D.Association for Computing Machinery
Eugene H. Spafford, Ph.D.Purdue University CERIAS
John J. Suess, M.S.University of Maryland – Baltimore County
D. Frank Vinik, J.D.United Educators
Participating Colleges and UniversitiesPublic Private
Large(≥10,000)
San Jose State UniversityUC Berkeley
University of Illinois - ChicagoSUNY Binghamton
University of Massachusetts - AmherstUMD College Park
Georgia TechGeorgia State
University of Texas at San AntonioUniversity of Texas at Austin
Michigan State University
Stanford UniversityUniversity of Chicago
Northwestern UniversityCornell University
Syracuse UniversityBoston University
MITGeorgetown University
Emory University
Small &Medium(<10,000)
California State University - Monterrey BayUniversity of Massachusetts - Boston
University of Maryland - Baltimore CountyUniversity of Michigan - Flint
University of Michigan - DearbornSaginaw Valley State University
Santa Clara UniversityLoyola University of Chicago
Lake Forest CollegeLeMoyne College
Hampshire CollegeAmerican University
Southwestern UniversityFindlay UniversityCleary University
Concordia University (MI)
Incident definitionAn incident is an event that utilizes or exploits information technology resources or security flaws therein, either byaccident or by design and through malice or otherwise, that causes, directly or indirectly, one or more of thefollowing occurrences:
Compromise of proprietary, confidential, or protected data, System disruption which impedes user(s)’ access to data or
other IT resources, Violates IT use policies set out and made known by the
administrator(s) of the IT systems in question, Violates norms commonly accepted within the community of
system user(s) for use of IT resources, Attempting or conspiring engage or represent oneself or
another to be engaged in any aforementioned behavior.
Incident Descriptives
Large Public36%
Large Private27%
Small Public21%
Small Private16%
Incident Focus
People29%
Data26%
Systems45%
Incident SeriousnessNot at all (1)
2%
Somew hat (2)26%
Quite (3)31%
Extremely (4)41%
Incident Prevention Access control tools Personnel Training and education Existence of policy
Incident Cause and Response Training and education Requirements for use of institutional
resources Accidental or careless behavior Malicious or abusive behavior
Stimuli to ActionProbability of damage to institutional reputationCost to the department, college, or university
Time involved for resolutionNumber of machines affected
Type of machines affectedType and sensitivity of data involved
Probability of further access or damageNumber of people affected
Level, status, or rank of people affectedProbability of damage or danger to persons
Stimuli to ActionProbability of damage to institutional reputationCost to the department, college, or university
Time involved for resolutionNumber of machines affected
Type of machines affectedType and sensitivity of data involved
Probability of further access or damage
Best Practices: Prevention Technical best practices
Strong passwords Configuration Patch/debug Firewall/IDS/IPS/(v)ACL Access control
Foundational best practices Education, training, and awareness Policy, procedure, and enforcement
Best Practices: Mitigation Technical best practices
Access control/blocking Auditing
Foundational best practices Decisive, timely action Interdepartmental cooperation and communication Procedures Straightforward communication w. affected parties Education, training, and awareness
Best Practices: Manage Technical best practices Foundational best practices
Interdepartmental IRT Communication between incident handlers Straightforward communication w. affected parties Quick resolution
Thoughts to take away
1. There are a lot of incidents happening
2. Students are a major factor
3. People want to share information
4. Having policies and procedures is vital
5. Education of users and staff is important
6. Quarantining is on the rise
Thoughts to take away
7. Automated enforcement tools are on the rise
8. Perceptions of seriousness are role-dependent
9. Interdepartmental IRTs are increasing
10. Risk managers and auditors are missing
11. Campuses are maturing in technology, policy, and procedures
The CIFAC ProjectGerald R. Ford School of Public Policy
The University of Michigan712 Oakland Avenue
Ann Arbor, MI 48104-3021
734.615.9595 p734.998.6688 f
1Apr05 17:10