Information Security Office - About Us

Our Mission

The mission of the Information Security Office (ISO) is to design, implement and maintain an information security program that protects the University's systems, services and data against unauthorized use, disclosure, modification, damage and loss. The ISO is committed to engaging the University community to establish an appropriate information security governance structure that enables collaboration and support for new information security initiatives.

Contact

The UITS Information Security Office can be contacted by email or phone.
UITS Information Security Office
P: 860.486.4357 (HELP)
E: security@uconn.edu

2011/07/19

Technical Security Council (TSC)

Bi-Weekly Status Meeting

Meeting Date/Time: Tuesday, July 18, 2011 /1:30 PM Eastern Time

Attendees:

Present: Jessica Alson, Steve Maresca, Jeremy Pollack, Ed Swindelles, Jeff Farese, Mick DiGrazia, Andy Washington, Victor Schiavi, Connie Tomecko, Linda Baker, Nicholas Eshelman, Jon Loux, Michael Virone, Phil Dean, Jeff Pasiuk, Mike Oatley, Dan Nevelos

Absent: Mike Lang, Matt Smith, Jason Pufahl, Dan Capetta, Bruce Gerber, Rob Chudzik, Brett Paulson, Robert Sheahan, John Gwinnell, Jonathan Gill

Documenter: Catherine Rhodes

# Topic Speaker Discussion Summary
1 Structure of this meeting Mick More structure coming to make this meeting more useful. We want to move from information sharing to using this meeting to accomplish specific goals.

Jason will discuss this more during the next meeting.

More structure coming for this meeting.
2 TSC Agenda Mick Will have a rolling agenda so we know what will be discussed in upcoming meetings. TSC will move to a rolling agenda format
3 Identity Finder Mick Mick provided a handout that described the findings of the Identity Finder sub-committee.  This handout can be found on the Security website.

The members of the ID Finder sub-committee: Jonathan Gil, Steve Maresca, Ed Swindelles, Jon Loux, Mick DiGrazia

Identity Finder sub-committee findings are in. Finding document is on Security website.
4 SafeConnect Steve Steve provided an update on the SafeConnect rollout.

25 subnets applied this week. 15 support calls received.

120 days has been set as the time to re-authenticate for faculty and students.

Users need a GuestID or NetID to use the system.

4,500 people have touched SafeConnect 65% have installed the Policy Key.

SafeConnect rollout is in progress. 15 support calls reported on 25 subnets rolled out last week.
5 Compromise Steve UConn experienced a compromise a few weeks ago. A PHP Server upload script was modified to remove some of the authentication required to upload.

100 sites were impacted and repaired. Took 4 days to clean up mess.

Ultimate root cause was the configuration option enabled to allow attacker to install a back-door. This was disabled and touch files were cleaned.

PHP safe mode helps prevent attacks.

Several legacy websites will be updated to secure them from the attack we experienced a few weeks ago.
6 Incident Response Mick Security Office has written an incident response document that describes the action to take for different security incidents.

Need to distribute this to this group. Mick will distribute to this group for feedback.

Security Office has written an incident response document.
7 Top 3 Security Issues ALL Top 3 security issues in your departments. TSC members will provide top 3 security issues they see at next meeting.
8 Next Meeting Agenda Mick Next meeting is 8/2. Agenda
  • Structure of this Meeting
  • Incident Response Document
  • Security Awareness Training
  • SafeConnect
  • Top 3 Security Issues
Next meeting is 8/2.
9 Other Topics Steve TSC would like Steve to provide a walkthrough of an attack on the system Steve to provide a walkthrough of an attack on the system at a future meeting
10 Drop Box Mick 8/1 is planned date to stop allowing uploading files to Drop Box Drop Box will be sunsetted.

Open Action Items:

# Name Action Status Due Date
Action – 4 Jason Pufahl Jason to send document on UConn Public to this group. Open 6/29/2011
Action – 5 Jason Pufahl Jason will ask the FBI to do a security presentation to this group. Open 7/30/2011
Action – 7 Jason Pufahl Jason will work on a presentation related to Privacy. What do we collect, why, and what we do with it? Open 7/30/2011
Action – 8 Jason Pufahl Jason will see if he can have someone provide a presentation of Sassafras to TSC. Open 7/30/2011
Action – 9 Mick DiGrazia Distribute incident response document to TSC Open 7/20/2011
Action – 10 ALL Review and come to next meeting with feedback on the incident response document. Open 8/2/2011
Action – 11 Steve Maresca Steve to provide a walkthrough of an attack on the system at a future meeting Open 8/31/2011

Closed Action Items:

# Name Action Status Due Date
Action-1 All Review Information Security Policies. Be prepared to discuss short-comings you recognize in your review. Closed 4/21/2011
Action-2 Jason Send Outlook calendar invitation for future meetings Closed 4/15/2011
Action-3 Jason Change location of meeting invitation. Closed 4/25/2011
Action – 6 ALL Please review the SafeConnect tools and provide feedback to Steve Maresca. Closed 6/25/2011


Footer Links

© University of Connecticut
Text Only Options

Top of page

Text Only Options

Open the original version of this page.

Usablenet Assistive is a UsableNet product. Usablenet Assistive Main Page.