View
217
Download
0
Category
Preview:
Citation preview
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 1/15
A Model for Today Partnering with Industry to Enhance
Institutional Information Security Capabilities
April 16, 2013EDUCAUSE Security Professionals Conference
St. Louis, MO
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 2/15
Your speakers
Jon Maurer Brian Kenyon Ben Woelk
Information Security
Officer
VP & CTO of Security
Connected
Policy and Awareness
Analyst
RIT McAfee RIT
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 3/15
About RIT
• Private University
• Carnegie Classification– Master's L
• ~18,000 students, ~3000faculty and staff – Large college of computing and
information sciences
• Mix of centralized anddecentralized IT
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 4/15
The Higher EdSecurity Paradox
• Higher education is complex– Heterogeneous technology
– Culture of “ academic freedom”
– Distributed, consensus-oriented
decision-making
• Relative priority of security– Security not perceived as core
– Not a full appreciation of r isks
– Limited regulatory enforcement
Difficult to
secure
Limited
resources
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 5/15
OptimizedReactive Compliant Proactive
RIT experience:
Cost explosion with limited resources
Security PostureRisk
Additive Cost
High
Low
5
V a l u e
Organizational Maturity
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 6/15
The “A La Carte” Approach
Host IPSAgent
NetworkSecurity
AuditAgent
AntivirusAgent
Encryption
VulnerabilityScanners
DLP
EVERYSOLUTION HAS
AN AGENT
EVERYAGENT HASA CONSOLE
EVERYCONSOLEREQUIRESA SERVER
EVERYSERVER REQUIRES
AN OS/DB
EVERY OS/DB REQUIRESPEOPLE, MAINTENANCE,
PATCHING
WHERE DOESIT END?
6
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 7/15
The Bundled Approach
SINGLECONSOLE
SINGLEAGENT
McAfee ePO Server(AV, DLP, NAC,
Encryption,PA, Site Advisor)
7
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 8/15
Data CenterNetwork Intrusion
Prevention System
Hypervisor Security
Policy Auditing
The Solution Bundle
Endpoint Ant i-Virus & Anti -Spyware
Endpoint Firewall
Host IPS
Policy Auditing
Endpoint Encryption
Macintosh AV
M c A
f e e A g e n t
Server Security
Mobile and Tablet Security
Database Security
Vulnerability Mgmt
Intel Root Ki t Protection
Existing
Replace
New
Risk Advisor • Agent deployment
• Configuration
• Updates
• Policy settings
• Alerts
• Reporting
Single AgentSingle Console
ePO
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 9/15
OptimizedReactive Compliant Proactive
Security PostureRisk
Additive Cost
High
Low
9
V a l u e
Organizational Maturity
April 19, 2013
Efficiency
• Better view of risks• Less Hardware/Software• Less performance impact on endpoints• Easier to train, monitor, remediate,
maintain, audit• Reduced incident response / forensics
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 10/15
Solution:
RIT
• $2.3 million gift in securityhardware and software
• Professional Services
• Platinum Support
• Interlock lab for academicsecurity department
• Co-op opportunities
McAfee
• Inclusion in Global ThreatIntelligence (GTI)
• Reference architecture inHigher Ed
• Access to RIT’s academicsecurity program andstudents
A mutually beneficial and innovativestrategic partnership
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 11/15
Levers for managementAspect of Partnership Appeals to
Core to academic mission
Interlock Lab
Coops
Research opportunities
Academic Affairs
Dean & Faculty
Research
Gift Development
Financial
Superior value
Planned expense
Procurement
Finance
Address audit items Audit / Governance
Technology, Ease IT Operations
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 12/15
Key Learnings
• Find a partner with depth and breadth:security and
• Focus on the strategic relationship
• Good relationship between two primarycontacts is key– Both must be well positioned for internal selling
– Both must be Persistent
This is a marriage!
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 13/15
Implementation
The devil is in the details:• Resource levels
• Staffing
• Processes
• Technology Architecture
McAfee professional services and platinumsupport help achieve internal alignment onpreviously contentious root cause issues.
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 14/15
Q&A
7/29/2019 A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities (166262158)
http://slidepdf.com/reader/full/a-model-for-today-partnering-with-industry-to-enhance-institutional-information 15/15
For more information
• J on Maurer, jdmrmss@rit.edu• Chris Schmidt, Chris_Schmidt@McAfee.com• $2.3 Million Gift From McAfee Fortifies RIT’s Information
Security http://www.rit.edu/news/story.php?id=49355
Recommended