1 Information Technology Security Services at The University of
Michigan Paul Howell Chief Information Technology Security
Officer
Slide 2
2 ITSS Overview Service offerings Security council Initial
activities Questions
Slide 3
3 ITSS Offerings Reactive ServicesProactive ServicesSecurity
Quality Management Services Alerts and Warnings Incident Handling
Incident Handling Incident analysis Incident response on site
Incident response support Incident response coordinationIncident
analysisIncident response on siteIncident response supportIncident
response coordination Vulnerability Handling Vulnerability Handling
Vulnerability analysis Vulnerability response Vulnerability
response coordinationVulnerability analysisVulnerability response
coordination Artifact Handling Artifact Handling Artifact analysis
Artifact response Artifact response coordinationArtifact
analysisArtifact response coordination Announcements Technology
Watch Security Audits or Assessments Configuration and Maintenance
of Security Tools, Applications, and Infrastructures Development of
Security Tools Intrusion Detection Services Security-Related
Information Dissemination Risk Analysis Security Consulting
Awareness Building Education/Training Product Evaluation or
Certification
Slide 4
4 Security Council Cross University membership consisting of a
few Deans, business owners, UMHS, and several faculty. Makes policy
recommendations to Provost, CFO, and EVP for Medial Affairs. Dialog
& sane decisions around risk management. Provides general
direction for ITSS.
Slide 5
5 Initial Activities Planning for Staff sharing / training
(discussed later) Incident response Security assessments Hiring for
several security positions. Join FIRST. Prompt reporting of all
computer security incidents.
Slide 6
6 Initial Activities cont. Establish an Incident Response
Oversight Team. Vulnerability scans of all wired & Wi-Fi campus
networks. ITSS Web site. Dark IP space for identifying scanning and
other activity.
Slide 7
7 Initial Activities cont. NetFlow collection / processing at
all UM- Internet interconnects. Document and maintain network
contacts for all wired & Wi-Fi networks. Tools and procedures
to locate a Wi-Fi computer / AP.
Slide 8
8 Staff Sharing Program Goals Scale security skills within the
existing workforce Medium level of competency Training done over a
4 to 6 month period, consisting of a combination of self-paced,
lecture & lab, and on-the-job Pre-testing and post-testing
measure progress New security job title and compensation, fraction
determined by local needs Periodic rotation through ITSS for 4 to 6
months at half-time for on-going skills updating
