IT Retreat 2009 IT Security Controls and Initiatives.
-
date post
18-Dec-2015 -
Category
Documents
-
view
219 -
download
2
Transcript of IT Retreat 2009 IT Security Controls and Initiatives.
2
IT Retreat 2009Agenda
• Intentional IT Security Culture – Awareness, Education, and Training– Attitudes and Perceptions– Behavior and Actions
• IT Security Initiatives– Mandatory Security Training and Awareness– Remote Access Security Controls – Mobile Device Security Controls– Worksite Security Controls
• Summary– Changing Attitudes and Behavior– Successfully implementing Initiatives and Controls– Everlasting Change
3
Intentional Security Culture
• Justifying and Informing– Awareness of Threats and Risks Link
– On-going Education and Training
• Shaping Attitudes and Perspectives– Changing perceptions around security as
obstacles and onerous
• Influencing Behavior and Actions– Secure practices
4
Security Initiatives
• Mandatory Training and Awareness– Prerequisite to activating CCID for all
faculty/staff/student/affiliates– Online and available at the user’s discretion– Succinct and Focussed on Critical and Key
Security Items
5
Security Initiatives
• Remote Access Security Controls– U of A Standard Build Machines Only– Strong Authentication when accessing sensitive
data– No local saving, caching, or printing
6
Security Initiatives
• Mobile Device Security– Encryption– Rules specifying network drives as the default
and standard for storage – No local storage – especially of sensitive data– Password PDA’s– “Remote Kill”
7
Security Initiatives
• Worksite Security– Visible Photo ID required in staff only areas– Clear Desktop and Clear Screen Policy– Files and hard copy materials must be physically
secured– Cable locks and locking cabinets for laptops– Secure Fax
8
Summary
• Changing Attitudes and Behaviors
• Successfully Implemented Initiatives
• Everlasting Change