Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9,...
-
Upload
marjory-flynn -
Category
Documents
-
view
213 -
download
0
Transcript of Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9,...
![Page 1: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/1.jpg)
Security and Privacy PolicyThe World Has Changed!
Common Solutions GroupJack McCredie
January 9, 2004
![Page 2: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/2.jpg)
AgendaShare Progress & Request HelpSecurity and privacy policy framework at UCRecommended policy structure & processSpecter of emerging legislation
- Illustration: CA SB-1386Security policy evolution at UC Berkeley
- Illustration: minimum security standards policy
Request for help – are we nuts?
![Page 3: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/3.jpg)
Recommended structurePurposeScopePolicyRoles and responsibilitiesConsequencesRequests for exceptionAppendices that can be easily modifiedSet of standing committees to contribute and review, and approveCommunicate, communicate, communicate
![Page 4: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/4.jpg)
University-wide policies
Campus-wide policies
Information technology policies
Security & Privacy Policies
![Page 5: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/5.jpg)
System & campus-wide policies
• UC Electronic Communications Policyhttp://www.ucop.edu/ucophome/policies/ec/html/
• UC Business and Finance Bulletin IS-3http://www.ucop.edu/ucophome/policies/bfb/bfbis.html
• Guide to Administrative Responsibilitieshttp://controller-fs.vcbf.berkeley.edu/TableofContents. html
![Page 6: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/6.jpg)
Information Technology Policies
• Requirements for Protection of Computerized Personal Information (Implementation of SB 1386)http://socrates.berkeley.edu:7015/protected.data.html
• Guide to Selected Privacy and Confidentiality Regulationshttp://socrates.berkeley.edu:7015/privacy/guidelines.html
• Guidelines for Use of Campus Network Data Reportshttp://security.berkeley.edu:2002/CISC/gdlns.net.data.html
![Page 7: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/7.jpg)
Security and Privacy Policies
• Campus Information Technology Security Policyhttp://socrates.berkeley.edu:2002/IT.sec.policy.html
• Minimum Security Standardshttp://socrates.berkeley.edu:2002/MinStds/policy.htm
• SNS Scanning of the UC Berkeley Campus Networkhttp://sec-info.berkeley.edu/cgi-bin/scaninfo-login.pl/
![Page 8: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/8.jpg)
Security and Privacy Policies
• Departmental Security Contact Policyhttp://socrates.berkeley.edu:2002/contacts.html
• Guidelines and Procedures for Blocking Network Accesshttp://socrates.berkeley.edu:2002/blocking.html
• IT Security “Best Practices”http://socrates.berkeley.edu:2002/bestpractices.html
![Page 9: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/9.jpg)
Specter of emerging legislation
• Illustrative law: California SB 1386
• UC Berkeley incidents since July 1, 2003
• Campus and system-wide response
![Page 10: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/10.jpg)
Policy Evolution:Have we gone over the top?
• UC electronic communications policy• Departmental security contact• Guidelines and procedures for blocking network access• Campus IT security policy• Requirements for protection of computerized personal information
• SNS Scanning of the UCB campus network
• Required minimum security standards
![Page 11: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/11.jpg)
Required minimum security standards
• Software patch updates• Anti-virus software• Passwords• No unencrypted authentication• No unauthenticated email relays• No unauthenticated proxy servers• Physical security• Unnecessary services• HOST-BASED FIREWALL SOFTWARE REQUIRED
![Page 12: Security and Privacy Policy The World Has Changed! Common Solutions Group Jack McCredie January 9, 2004.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649ec85503460f94bd521f/html5/thumbnails/12.jpg)
Are We Nuts?
• Questions and discussion