Download Harvard SEAS Information Security Office Services Overview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Deep packet inspection wikipedia , lookup

Cyberwarfare wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

IT risk management wikipedia , lookup

Unix security wikipedia , lookup

Airport security wikipedia , lookup

Wireless security wikipedia , lookup

Security printing wikipedia , lookup

Information security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Mobile security wikipedia , lookup

Distributed firewall wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
INFORMATION SECURITY & RISK MANAGEMENT OFFICE
Harvard SEAS Information Security Office Services Overview
1. Computer Security Incident Response
 responds to and manages computer security incidents
Harvard University
determining scope of incident
containing risk
preserving evidence
investigating via network and/or
computer forensics
managing remediation
reporting findings
ensuring resumption of normal operations
post-incident guidance and education
Harvard SEAS


 (working with HUIT Security)
HUIT Security




2. Digital Security Management
 issues and manages Harvard’s digital certificates
Harvard University
issues and manages Harvard’s digital
certificates
manages “root certificates”
provides administrators with tools to
manage their local certificates
Harvard SEAS

HUIT Security
HUIT Security
3. Network Access Services
 provides planning, design, implementation and operational management
for Harvard’s intranet, Internet, and Internet2 access and related network
components
Harvard University
planning, design, implementation and
operational management for Harvard’s
intranet, Internet, and Internet2 access
and related network components
planning, design, implementation and
administration of IP Address
Management, DNS, DHCP, network
registration, mail aliasing, and SSL
certificates
Harvard SEAS
HUIT
HUIT
4. Network Security Services
 provides network vulnerability scanning and remediation, intrusion
detection, computer security emergency response, authentication
infrastructure support, firewall administration, digital forensics, auditing,
and compliance support

INFORMATION SECURITY & RISK MANAGEMENT OFFICE

Harvard University
network vulnerability scanning and
remediation
intrusion detection
computer security emergency response
authentication infrastructure support
firewall administration
digital forensics
auditing
compliance support
Harvard SEAS

HUIT Security

HUIT

HUIT Security


5. Security Consulting
 provides subject matter expertise across the information security discipline
Harvard University
guidance for creating and engineering
secure hardware/software systems and
controls
policy development and guidance
regulatory/policy compliance review
IT risk assessments
vendor/service provider compliance
review
firewall rule analysis
post-incident remediation guidance
research data security
Harvard SEAS








6. Security Education
 provides security awareness education materials, including printed
materials, online learning modules, presentations and security product
education for faculty, students, staff and researchers
Harvard University
security awareness education materials
develops and delivers customized training
materials
coordinates job-specific information
security training for Harvard IT
professionals
Harvard SEAS
 (General, FERPA, research data)
 (FERPA Online certification training)

7. Security Operation Center
 monitors network traffic in real-time to detect anomalous behavior that
may indicate computer attack, compromised machine, data breach, etc
Harvard University
monitors network traffic in real-time
aggregates and correlates security data
from network and system infrastructure
Harvard SEAS
HUIT Security
 (QRadar and Splunk)
INFORMATION SECURITY & RISK MANAGEMENT OFFICE
resources
notifies user or resource owner and
triggers incident response service
Inspects network traffic to identify
security vulnerabilities in networkconnected systems or devices.
monitors, detects and, as necessary,
protects High Risk Confidential
Information
detects and reports on computers that
exhibit characteristics consistent with
infection by spyware, trojan horse or
other malware, via traffic analysis or
notification by a trusted third party
analyzes network packet data for
anomalous activity, targeted system
attacks or network Denial of Service
attack
establishes configuration baseline and
monitors infrastructure resources
aggregates security event log data from
infrastructure resources



 (FireGen and QRadar)

In progress
In progress
8. Vulnerability Assessment, Penetration Testing, and Code Analysis
 evaluates effectiveness of information security controls and procedures
Harvard University
Identifies, quantifies, and prioritizes
weaknesses in a target network
architecture, application, database, or
system (Comprehensive managed and
self-service security vulnerability
assessment)
Delivers prioritized recommendations for
remediation. Assessment can also include
detection of High Risk Confidential
Information
Scans can be run on demand or scheduled
as required
Penetration testing
Identifies vulnerabilities in software
applications by analyzing program code
itself or the behavior of the application
under test
Harvard SEAS





Related documents
CHAPTER 13: CHANNEL MANAGEMENT, CUSTOMER CONTACT,
CHAPTER 13: CHANNEL MANAGEMENT, CUSTOMER CONTACT,
The Pinello Lab at Massachusetts General Hospital / Harvard
The Pinello Lab at Massachusetts General Hospital / Harvard
Summer job opportunity for science majors at the Dana
Summer job opportunity for science majors at the Dana
Targeting and Deconstructing the RAF Pathway in Cancer
Targeting and Deconstructing the RAF Pathway in Cancer
Megan Bartlett 12663 Eddington Road Spring Hill, FL 34609 mkbartl
Megan Bartlett 12663 Eddington Road Spring Hill, FL 34609 mkbartl
Topic 1: Basic probability Definition of Sets
Topic 1: Basic probability Definition of Sets
Topic 2: Scalar random variables Definition of random variables
Topic 2: Scalar random variables Definition of random variables
OSC Dispatch Spring 2017 - Harvard DASH
OSC Dispatch Spring 2017 - Harvard DASH
EBC Industry Summit on the Business of the Environment, Energy
EBC Industry Summit on the Business of the Environment, Energy
What Darwin Didn`t Know - Department of Ecology and Evolution
What Darwin Didn`t Know - Department of Ecology and Evolution
Skinner B F. Science and human behavior. New York: Macmillan
Skinner B F. Science and human behavior. New York: Macmillan
Social Class and Social Stratification
Social Class and Social Stratification
The Advertising-Marketing Org (Powerpoint)
The Advertising-Marketing Org (Powerpoint)
What is Cultural Competence?
What is Cultural Competence?
Slide set only - Massachusetts Coalition for the Prevention of
Slide set only - Massachusetts Coalition for the Prevention of