Upload
adam-haynes
View
212
Download
0
Tags:
Embed Size (px)
Citation preview
ISC Information Security Educause Security 2007
Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-
commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by
permission of the author. To disseminate otherwise or to republish requires written permission from the author.
ISC Information Security Educause Security 2007
Security ReportingUniversity of Pennsylvania
Joshua Beeman
ISC Information Security Educause Security 2007
Overview
• Penn’s environment
• Version 1 (duct tape, chewing gum…)
• Version 2 (less gum, more tape…)
• Results
ISC Information Security Educause Security 2007
Environment
• A private university in Philadelphia, PA founded in 1740
• 22,000 students/4,000 faculty/13,000 staff• 7500 students live on campus• 9000+ students, staff and faculty live in the
surrounding community• Health System has separate management
– IT division outsourced/15,000 users
ISC Information Security Educause Security 2007
Environment
• Computing mostly decentralized over 40 cost centers
• Some services are managed or coordinated centrally by Information Systems and Computing (ISC)
• Administrative Systems
• Support & Security
• Networking & Telecommunications
ISC Information Security Educause Security 2007
Environment
• Open network
• Decentralized computing
• Information security concerns continually growing
• Limited funding
Does this sound familiar to anyone?
ISC Information Security Educause Security 2007
Environment
Why a Security Report?
• Awareness
• Identify larger trends
• Develop security “hawks”
• Improve customer service
ISC Information Security Educause Security 2007
Report – v.1
Incident Tracking via Excel Spreadsheet:
• Date• IP address• Center name• Incident source• Incident type• Handler comments (optional)
ISC Information Security Educause Security 2007
Report – v.1
Key Elements – Compromises:
• Total number of compromises
• Total number of IP addresses
• Ratio of Compromises/IP’s
• Ranking (based on ratio)
• Average (based on ratio)
ISC Information Security Educause Security 2007
Report – v.1
Key Elements – Critical Hosts:
• Total number of Critical Hosts registered
• Total number of IP addresses
• Ratio of Critical Hosts/IP’s
• Ranking (based on ratio)
• Average (based on ratio)
ISC Information Security Educause Security 2007
Report – v.1
Key Elements – Management Reports:
• Summary tables – Compromise ranking– Critical Host ranking
• Summary graphs– Incident source – Overall distribution
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
Report – v.2
GRADI (web-based incident tracking system)
Captures previous fields plus…
• Case Status (Pending, closed, etc.)• MAC Address• Wallplate• Port List• User PennKey• …and more for certain case types
ISC Information Security Educause Security 2007
Report – v.2
GRADI (continued)
In addition provides automated processes for:
• DNS & host contact lookup• Custom handling based on incident type• Emailing/routing• Searching, export, etc.
ISC Information Security Educause Security 2007
Report – v.2
Previous Key Elements:
• Compromises
• Critical Hosts
• Critical Events
• Management reports
ISC Information Security Educause Security 2007
Report – v.2
Plus New Elements:
• Wireless, Wired
• DMCA, non-DMCA
• Critical Vulnerabilities
• New management reports
• Comparative studies
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
Results
• Provided senior management with tools and data
• Increased information security awareness
• Identified larger trends, problem areas
• Improved Universities overall security posture
• Created security “hawks”
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
ISC Information Security Educause Security 2007
Results
Remember that v.1 was based on:
• Individual Excel spreadsheets
• 5 data fields