Title: Information Technology Services
1Information Technology Services
- Information Technology Servicessupports QUTs
vision with leading information technology
services in partnership with the QUT community.
2Security Update
- Barry Lynam
- Senior Network Engineer - Security
3Agenda
- Security Strategy
- Brochures
4Security Strategy
- Why?
- What is it?
- People
- Operations
- Technology
5People
- Training
- Security Training (Hacking course)
- Secure programming
- Staff induction
- Awareness
- AllCSO presentations
- Brochures
- On/off campus
- Email
- Etc.
6Operations
- Policy or work practices
- Maintenance
- Patching
- Documentation
- Templates
- Standards
- ISO 17799
- IS18
- ITIL
7Technology
- If not operated properly by people who are aware
of what they are protecting, technology is
useless. - Virus protection
- Firewall
- Network based Perimeter/border, protecting sets
of hosts. - Host based.
- Tripwire
- Log collection/analysis
- Encryption
- SSL Web certificates
- SSH/SCP for secure file transfer
- Other areas of Uni are also contributing to this
area - Nagios host monitoring
- SMS patch management
8Got some protection? IT Security Roadmap
STRATEGIC TARGETS
Status working hypothesis Owner Barry Lyman
2003
2004
2005
Technology
Network Intrusion detection
Log monitoringtools(analysis)
Virus Protection server desktop
Host intrusion detection
Incident Management software
Log monitoringtools(collection)
EFFECTIVE TOOLS
Ongoing brochures
Ongoing training
A more proactive security posture
Ongoing briefings
HIGHAWARENESS
People
POLICY PROCEDURES
Ongoing template development
Ongoing consultations
Ongoing audits
Operations
9QUT IT Security Framework
Corporate Governance - QUT Council (includes
Strategic/Business Planning Processes, Risk
Management Framework )
Information Technology Governance
ITSGC (includes Project Portfolio Management,
IT Project Management Framework)
IT Security IT Security Reference Group
IT Security Policy
Host/Server Security (includes intrusion
detection/prevention, operating system security
features)
Information Systems Accountabilities Framework
IT Rules
Database Security (includes database security
features, log reviews, backup/recovery)
Network Security (includes dial-ins, VPNs,
intrusion detection/prevention, Standard
Operating Environment)
Operational Security Procedures
Physical Security (CSS Machine room upgrade)
Systems Development/Implementation/ Change
Management Methodology
Compliance (Legislative Framework, Administrative
Framework, Internal QUT Policies, Procedures)
Application Security (includes Application
security features, functional separation of
duties, log reviews
Personnel/Human Resources
Well Established Processes
Reasonably Developed Processes
More Development/Implementation Required
No Processes Exist
10Brochure
- Computer Security At Home
- Students and staff
- New brochure on IT Security on campus in 2004.
- Students and staff
11(No Transcript)
12Questions http//www.qut.edu.au/security