Date: Thu, 28 Mar 2024 15:33:01 +0000 (UTC) Message-ID: <443286638.6581.1711639981099@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6580_1670808089.1711639981099" ------=_Part_6580_1670808089.1711639981099 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
2:45 to 3:45 PM |
Hot Topics - Security Architecture |
Steve Kellogg |
|
---|---|---|---|
|
I will present on Penn State's current and fu= ture strategies for Identity and Access Management along with our efforts t= o affect better security of the endpoints. I am looking for other presentat= ions on topics related to enterprise security architecture. Suggested topic= s might be other's take on identity and access management, network security= measures, multi-tiered service provisioning, social engineering, computer = forensics, or any number of other topics that make up what we think of as c= omponents of a security architecture. |
|
|
Indiana-Update-ITANA-08.ppt
From Jim Phelps' blog...
Completed a 10 year Strategic Plan which worked because they connected m= oney to it. You couldn't get funding unless you showed how your proje= ct connected to one of the 71 strategic initiatives. Completed a 10 y= ear tactical Telecom Plan. Instead of replacing 1/4 of the switches e= very year for four years, they want to replace all switches in one year so = they can take advantage of new features.
802.11X access solution based on MAC addresses or logins. Getting = to automated, policy-based network access. What is the value of this = and what have people done in this area? What are the policy zones?&nb= sp; This can flip it over so that we are both protecting our network from d= evices as well as protecting devices from our network.
This group could develop some design templates that schools could use in= discussions with vendors.
ITANA-Security Architecture Wisconsin v2.ppt
OCIS site
=
UW-Madison IT Security Principles
UW-Madison IT Risk Asses=
sment Process
Should there even be a Security Architecture? Shouldn't security b= e embedded in all of the groups and users? When Stefan started in 200= 1, he always was asked, "Why" about security items. Why do I need to = use a firewall? Why should I have logging turned on? Set a set = of principles:
=E2=80=A2 Security is Everyone's Responsibility
=E2=80=A2 Security is Part of the Development Life Cycle
=E2=80=A2 Security is Asset Management (classifying the information)
=E2=80=A2 Security is a Common Understanding
We have a five step process for doing a risk assessment. First we ag= ree to the assessment scope, then conduct the assessment, develop a draft r= eport, communicate the findings then re-assess as needed.Risk =3D (Impact X Likelihood) / (Mitigation Controls)
Impact is related to costs. How do you monetize reputation? = You can ask how would you spend to prevent this from happening. This = is a Risk Prioritization process.
How do you balance the security principles against the development princ= iples (scalability et al).