Information Technology Services

1
Information Technology Services

• Information Technology Servicessupports QUTs
  vision with leading information technology
  services in partnership with the QUT community.

2
Security Update

• Barry Lynam
• Senior Network Engineer - Security

3
Agenda

• Security Strategy
• Brochures

4
Security Strategy

• Why?
• What is it?
• People
• Operations
• Technology

5
People

• Training
• Security Training (Hacking course)
• Secure programming
• Staff induction
• Awareness
• AllCSO presentations
• Brochures
• On/off campus
• Email
• Etc.

6
Operations

• Policy or work practices
• Maintenance
• Patching
• Documentation
• Templates
• Standards
• ISO 17799
• IS18
• ITIL

7
Technology

• If not operated properly by people who are aware
  of what they are protecting, technology is
  useless.
• Virus protection
• Firewall
• Network based Perimeter/border, protecting sets
  of hosts.
• Host based.
• Tripwire
• Log collection/analysis
• Encryption
• SSL Web certificates
• SSH/SCP for secure file transfer
• Other areas of Uni are also contributing to this
  area
• Nagios host monitoring
• SMS patch management

8
Got some protection? IT Security Roadmap
STRATEGIC TARGETS
Status working hypothesis Owner Barry Lyman
2003
2004
2005
Technology
Network Intrusion detection
Log monitoringtools(analysis)
Virus Protection server desktop
Host intrusion detection
Incident Management software
Log monitoringtools(collection)
EFFECTIVE TOOLS
Ongoing brochures
Ongoing training
A more proactive security posture
Ongoing briefings
HIGHAWARENESS
People
POLICY PROCEDURES
Ongoing template development
Ongoing consultations
Ongoing audits
Operations
9
QUT IT Security Framework
Corporate Governance - QUT Council (includes
Strategic/Business Planning Processes, Risk
Management Framework )
Information Technology Governance
ITSGC (includes Project Portfolio Management,
IT Project Management Framework)
IT Security IT Security Reference Group
IT Security Policy
Host/Server Security (includes intrusion
detection/prevention, operating system security
features)
Information Systems Accountabilities Framework
IT Rules
Database Security (includes database security
features, log reviews, backup/recovery)
Network Security (includes dial-ins, VPNs,
intrusion detection/prevention, Standard
Operating Environment)
Operational Security Procedures
Physical Security (CSS Machine room upgrade)
Systems Development/Implementation/ Change
Management Methodology
Compliance (Legislative Framework, Administrative
Framework, Internal QUT Policies, Procedures)
Application Security (includes Application
security features, functional separation of
duties, log reviews
Personnel/Human Resources
Well Established Processes
Reasonably Developed Processes
More Development/Implementation Required
No Processes Exist
10
Brochure

• Computer Security At Home
• Students and staff
• New brochure on IT Security on campus in 2004.
• Students and staff

11
(No Transcript)
12
Questions http//www.qut.edu.au/security