cyb yber er sec ecurity rity un unc
play

Cyb yber er Sec ecurity rity @ UN @ UNC Industr stry y Based - PowerPoint PPT Presentation

Aug 20, 2023 •225 likes •624 views

Cyb yber er Sec ecurity rity @ UN @ UNC Industr stry y Based ed Broadening dening Information rmation Operat rations ns Denni nis s Schmid idt Assistant Vice Chancellor for Information Security and Privacy and Chief Information

  1. Cyb yber er Sec ecurity rity @ UN @ UNC Industr stry y Based ed Broadening dening – Information rmation Operat rations ns Denni nis s Schmid idt Assistant Vice Chancellor for Information Security and Privacy and Chief Information Security Officer July ly 2019

  2. Who We Are • Dennis Schmidt – Assistant Vice Chancellor, Information Security and Privacy, and Chief Information Security Officer – 22 years at UNC – Retired Naval Officer (24 years active) • Larry Fritsche – Manager, Security Operations – 15 years at UNC • Mel Radcliffe – Manager, Risk Team – 3.5 years at UNC • Alex Everett – Security Architect – 12 years at UNC

  5. We are a Big Campus! • 30,011 Students – 19,117 Undergraduates – 10,894 Graduate & Professional • 3,950 Faculty • 8,791 Staff • 120,000 devices • 14 Professional Schools • 729 acres on campus • ~ 150 buildings

  6. A Large and Complex Enterprise  Millions of personally-identifiable records  1,600+ sensitive/mission-critical computer servers on campus  81 Departments have registered sensitive data servers Billions of Intrusion Attempts Hundreds of Unique Phishing Campaigns Hundreds of Compromised Accounts 60 Sensitive / Mission Critical Incidents

  7. By the numbers… • Intrusion Prevention Systems (IPS) – On average we daily perform: • 350,000 reputation-based blocks • 170,000 signature-based blocks • 6,400 ad hoc customized blocks • Block millions of additional system connection attempts daily via our firewalls: Month Total Denies Average/day 11.2 Billion 361.3 Million August 2018 11.8 Billion 393.3 Million September 2018 16.9 Billion 545.2 Million October 2018 11.5 Billion 376.6 Million November 2018 51.4 Billion 421.3 Million August through November

  8. Duo Qualys 2FA Scanners MCNC Of fice 365 HR Recruitment Border Border Touchnet (Payments) Arista TagAgg IPS IPS 121 Ports 121 Ports General Blocked Blocked Administration IDS NewKid NewKid IPS Eleven Eleven RENCI Research Computing Aruba KFBS Wireless 121 Ports FW Wireless Blocked UNC School of Med Manning K Cisco Kid UNC Datacenter www WordPress CloudApps Business Fluffy Fluffy Remote Sites School ~20 VPN IPS NAC Franklin L Manning L Deny ResNET inbound F5 ASM Verizon Reputation VoIP MacMan MacMan DNS Services Deny inbound Deny DNS PGP inbound Main Campus Encryption F5 LB Palo Alto 5060 IPS Shibboleth Auth Palo Alto 7050 SCEP AV Granville Grey Heller Palo Alto 7050 Palo Alto 7050 Departmental 121 Ports Firewall Firewall Blocked UNC Connect Med School HealthCare Athletics Carolina Finance Kerberos Human Resources Auth ITS … LDAP Active Directory/ Improv EnCase Identity Splunk ADFS Auth SCCM Auth Forensics Finder Logging

  9. Data Center Tour

  10. ITS Operations Center 3 rd Floor of ITS Manning • • Staffed 24x7x365 • Heart of ITS Network and Security operations • Communications core during system incidents and malfunctions • Monitors status of 100,000+ devices and systems • Backup for Alert Carolina

  11. Manning Data Center 3 rd Floor of ITS Manning • • Built in 2007 • 11,000 square feet • 700 tons cooling • Power divided between Ops and Research • 2 Megawatts available power • Generator/UPS backup for Ops • Building Power only for Research side

  12. Franklin Data Center • Basement of ITS Franklin (440 W. Franklin) • Renovated in 2006 • 4,500 square feet • 80 tons cooling • 500 Kilowatts available power • 900 KiloWatt Generator • UPS backup- Batteries and Flywheels

  13. Source: http://www.sourceups.co.uk/hot-aisle-cold-aisle-cooling-explained/

  14. Our Top 5 Security Risks 1. Phishing/Vishing 2. Lack of User Awareness 3. Limited Resources 4. Persistent Threats from Internet 5. Disaster Recovery

  15. Phishing/Vishing • Phishing attacks from professional teams of criminal experts continue to plague us – Spear phishing is becoming very common – Recent increases in “impersonation phishing” • Ex: chancellor.unc.edu@yahoo.com • Ex: asdean.unc.edu@gmail.com – Vishing (phishing by phone) is not as common, but still an issue • 2-Step verification has been our most effective defense to date

  16. 2-Step Verification • Microsoft Multifactor Authentication for Office 365 completed in December 2018 – Migrated 56,000 accounts in 9 months – Required for all faculty, staff, and students • Duo 2- Step Verification – Enrolled 56,000 faculty, staff and students – Protection for ConnectCarolina, VPN, administrative accounts, student bill payments, self service bank deposits, etc.

  17. 2-Step is Very Effective! Compromised accounts 2017 2018 2019 4 81 January 1 53 36 February 1 133 15 March 0 67 12 April 0 247 11 May 0 148 27 June 1 643 117 July 332 64 August 134 19 September 97 4 October 337 1 November 72 0 December

  18. Phishers are Finding Workarounds

  19. Persistent Threats from Internet • Evolving, sophisticated, targeted attacks • Cybercriminals, Nation States • Mitigation – Increased firewall coverage – Domain Names Service (DNS) filtering (Akamai) – Enhanced Intrusion Prevention Service (IPS) – Wi-Fi Firewalling

  20. Attacks Blocked Automatically: Firewall (Monthly totals)

  21. Lack of User Awareness • Revamped security awareness program rolling out in May 2019 – Compliance increase from 7% to 24% • https://safecomputing.unc.edu rolled out in November 2018 • Outreach to students at various events • “Gill the Phish” mascot • Training for Information Security Liaisons

  22. Limited Resources • Increased requirements to do formal risk assessments for federal and state studies • Typical assessment can take 5 weeks • Long lead times required for – NIST 800-171/53 Assessments – Vendor assessments • Below zero unemployment makes recruiting and retention of qualified security staff challenging

  23. Disaster Recovery • Identified as a weakness by state audit • Comprehensive plan developed • Hard copy plan published in January 2019 • Initial tabletop exercise March 2019 • Larger scale tabletop planned for Summer 2019

  24. Local Known Sensitive Data Incidents

  25. Our Top Challenges (Different than Risk) • Staff recruiting and retention • Funding • Insider threats • Meeting growing regulatory requirements • Growing Phishing and social engineering threat • Geopolitical attacks • Asset Management

  26. Decentralized IT Environment • 400 ITS Personnel • 250 Do not report to ITS • Challenges – Standardization – Compliance with Security policies – Visibility of Risks – Uncontrolled Proliferation of data, servers and storage • Governance starts at Provost level

  27. IT Governance Committee Committee Enterprise Applications Coordinating Remedy Advisory Council Committee Communication Technologies Information Security Coordinating Coordinating Committee Committee Enterprise Data Coordinating Committee CIO Advisory Committee Carolina Computing Initiative (CCI) Research Computing Advisory Committee Committee IT Infrastructure Coordinating Committee

  28. Campus Advisory Groups Group Group Deans of Research & Directors of University Committee for the Protection Centers/Institutes of Personal Data (UCPPD) Enterprise Resource Planning (ERP) CERTIFI (PCI Advisory) Sponsors ConnectCarolina Executive Committee IT Executive Council (ITEC) Faculty Advisory Committee (FITAC)

  29. How we determine what is needed to secure our data • Risk assessments to determine weak areas • Research, formal training, vendor presentations, collaboration with peer institutions to gain knowledge. • Develop overall security strategy • Governance buy-in, funding

  30. How we determine cyber standards for our data/systems Regulatory requirements – HIPAA – State Auditors – ISO 27001/2 – NIST 800-53/NIST 800-171 – NIST CSF – PCI – GDPR – Incident Lessons Learned

  31. How we decide levels of cyber protection and where to invest • Best Practices • Risk Priorities • Funding available • Incidents • End of equipment life decisions • Incident Lessons Learned

  32. How to we make decisions • Collaboration • Consultation • Governance – ITEC – IT Infrastructure Coordinating Committee – ISO Advisory Committee

  33. How we prioritize which data requires stronger protection • Data classification • Regulatory requirements • Reporting requirements • Best Practices

  34. How we determine the balance between data security and user accessibility • Continuous conversation. • The work of the university must continue. • Too many draconian restrictions will stifle the basic mission of the University and constituents will find work arounds • Instead of being the office of NO, we try to figure out how best to get to YES.

  35. 35 8/23/2019 Questions?

  36. 15 Initiatives 1. Expand 2-step and improve phishing education 2. Implement 1-year password change 3. Strengthen IT security policies 4. Improve user awareness training 5. Identify essential risk assessments 6. Improve risk assessment processes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n 318708 EV EV ch char arging: ging: th

434 views • 19 slides
Phys ysica cal Sec ecurity ity Criter teria ia Bridgin ing g the Gap Between Theory an

Phys ysica cal Sec ecurity ity Criter teria ia Bridgin ing g the Gap Between Theory an

Phys ysica cal Sec ecurity ity Criter teria ia Bridgin ing g the Gap Between Theory an and Prac actica ical Appl plica ication tion Welc lcome ome to to Physical ical Security rity Cri rite teri ria Bri ridging dging th

1.14k views • 67 slides
UC.yber; Meeting 25 Vulnerabilities and more! If Youre New! Join our Slack

UC.yber; Meeting 25 Vulnerabilities and more! If Youre New! Join our Slack

UC.yber; Meeting 25 Vulnerabilities and more! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our

443 views • 15 slides
UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

502 views • 19 slides
UC.yber Meeting 17 Dumping Windows Credentials, Threat Intel, and more If Youre New!

UC.yber Meeting 17 Dumping Windows Credentials, Threat Intel, and more If Youre New!

UC.yber Meeting 17 Dumping Windows Credentials, Threat Intel, and more If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get

487 views • 6 slides
UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees: Content/Events ,

436 views • 14 slides
Defense Def ense and and Homeland S Homeland Secu ecurity rity Sim imula ulation tion

Defense Def ense and and Homeland S Homeland Secu ecurity rity Sim imula ulation tion

U.S. Army Research, Development and Engineering Command Learning in Intelligent Tutoring Environments (LITE) Lab personnel at USMA, April 2011 (L-R): Dr. Robert Sottilare Dr. Heather Holden Mr. Keith Brawner Mr. Benjamin Goldberg

411 views • 15 slides
I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and Management Engineering Antonio Ruberti Sapienza University of Rome WHY W EB S ECURITY April 2013 recent studies conform a trend that has been

958 views • 62 slides
Agenda DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001

Agenda DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001

The Aerospace & Defense Forum San Diego Chapter May 23, 2017 C YBER S ECURITY B RIEF Presented By: Curt Parkinson DCMA May 23, 2017 Agenda DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS

328 views • 11 slides
R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC

R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC

R esearching esearching I I Pv6 Pv6 S S ecurity ecurity R C apabilities apabilities C ( RISC RISC ) ) ( Bio: Bio: Antonios Atlasis Antonios Atlasis An IT engineer for more than 20 years, developer and instructor in several Computer

1.3k views • 80 slides
In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection

In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection

In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection Devkishen Sisodia, Jun Li, Lei Jiao {dsisodia, lijun, jiao}@cs.uoregon.edu C ENTER F OR C YBER S ECURITY & P RIVACY Outline Introduction

730 views • 47 slides
TAEKWONDO Fundamental knowledge of physiology, biomechanics, dietetics coming together

TAEKWONDO Fundamental knowledge of physiology, biomechanics, dietetics coming together

WELCOME ! W ELCOME ELCOME TO TO THE THE H H WASHIN WASHIN C C YBER YBER U NIVERSITY NIVERSITY I I NTERNATIONAL NTERNATIONAL T T AEKWONDO AEKWONDO D EPARTMENT EPARTMENT ! Movie industry and widely media-covered combat sports events have spread

285 views • 15 slides
The Future of Cyber Experimentation and Testing T he U.S. NAT I O NAL C YBER RANG E

The Future of Cyber Experimentation and Testing T he U.S. NAT I O NAL C YBER RANG E

s The Future of Cyber Experimentation and Testing T he U.S. NAT I O NAL C YBER RANG E Michael VanPutte, Ph.D. Program Manager Distribution Statement A (Approved for Public Release, Distribution Unlimited #14014) DISCLAIMER: The

319 views • 11 slides
T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S

T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S

S ESSION 9 T HE S TATE : M ILITARISM , N ATIONAL S ECURITY , I MPERIALISM 1 N ATION AND S TATE UNDER S ECURITY war-making & national security increasing state power The State of Siege Karl Marx, the state of siege Vesting

258 views • 8 slides
S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @

S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @

S eeking Truth Exploring Mental Health in Information S ecurity Philippe Dorman @ philippedorman Obj ectives Define S ubj ect Environment Information S ecurity The Individual Existing Resources Who am I? ~10 years

521 views • 23 slides
UC.yber; Meeting 3 Last Week... Discussed lab space and equipment donations Talked

UC.yber; Meeting 3 Last Week... Discussed lab space and equipment donations Talked

UC.yber; Meeting 3 Last Week... Discussed lab space and equipment donations Talked about Hackathon Team (REGISTER) Went over basic enigma machine history Set in motion getting a banner for fundraising events For Newcomers

196 views • 8 slides
De Deli livering ering Sustainable stainable Val alue ue Invest estor Presen enta tati

De Deli livering ering Sustainable stainable Val alue ue Invest estor Presen enta tati

De Deli livering ering Sustainable stainable Val alue ue Invest estor Presen enta tati tion on Augus ust t 2012 Certain of the statements made in this Presentation may contain forward-looking statements within the meaning of the

762 views • 48 slides
PAGE 2 The Need for New Levels of Protection Business Drivers Greater Increased Higher

PAGE 2 The Need for New Levels of Protection Business Drivers Greater Increased Higher

Kaspersky Endpoint Security 8 Control Technologies PAGE 1 Youre in c ontrol. Youre in the drivers seat. . Applications Devices Web content filtering PAGE 2 The Need for New Levels of Protection Business Drivers Greater Increased

457 views • 20 slides
Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics Outline Introduction

Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics Outline Introduction

Use of K-Nearest Neighbor classifier for intrusion detection Yihua Liao, V. Rao Vemuri Mingxing Gong CISC850 Cyber Analytics Outline Introduction Methodology Experiments Discussion & Conclusion Outline Introduction

455 views • 19 slides
HIPAA Security HIPAA Security Jeanne Smythe, UNC-CH Jeanne Smythe, UNC-CH Jack McCoy, ECU Jack

HIPAA Security HIPAA Security Jeanne Smythe, UNC-CH Jeanne Smythe, UNC-CH Jack McCoy, ECU Jack

HIPAA Security HIPAA Security Jeanne Smythe, UNC-CH Jeanne Smythe, UNC-CH Jack McCoy, ECU Jack McCoy, ECU Chad Bebout, UNC-CH Chad Bebout, UNC-CH Doug Brown, UNC-CH Doug Brown, UNC-CH What is this? What is this? Federal Regulations

514 views • 29 slides
TSX:V - ZON 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Disclaimer CAUTIONARY STATEMENT

TSX:V - ZON 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Disclaimer CAUTIONARY STATEMENT

TSX:V - ZON 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Disclaimer CAUTIONARY STATEMENT REGARDING FORWARD-LOOKING INFORMATION Except for the statements of historical fact, the information contained in this document is of a forward-looking

398 views • 24 slides
Phase III Hydrogeologic Study of the Mamm Creek Area Garfield County, Colorado November 12, 2013

Phase III Hydrogeologic Study of the Mamm Creek Area Garfield County, Colorado November 12, 2013

Phase III Hydrogeologic Study of the Mamm Creek Area Garfield County, Colorado November 12, 2013 Tetra Tech, Inc. Louisville, CO Project History Phase I Hydrogeologic Study (URS, 2006) Broad review of historical data Phase II

514 views • 25 slides
DCCM COVID-19 Town Hall April 29 th , 2020 Welcom ome/Ground R Rules Welcome Webinar

DCCM COVID-19 Town Hall April 29 th , 2020 Welcom ome/Ground R Rules Welcome Webinar

DCCM COVID-19 Town Hall April 29 th , 2020 Welcom ome/Ground R Rules Welcome Webinar Format Host and panelists Audience participation/Chat 2 Ag Agenda COVID-19 Dashboard Provincial CCSCN Update Sedation management

751 views • 51 slides
Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran-

Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran-

Welcome Chris Joberns- Managing Director at Strident Experts With Practical Answers Beck Moran- ReMo, ISO and GDPR guru Becky will introduce GDPR and u highlight areas you need to address Darren Davies- ESET , Darren will demonstrate the very

781 views • 48 slides

More recommend