Transcript Cybersecurity program

EITAC
Cybersecurity program and
IT Security updates
November 11 2016
Denise Ernst, ISO
Background
Queen’s has begun a two stage approach to reduce the risk of a cyberattack.
Stage 1- Reduce the likelihood of IT Hijack (over 9 -12 months)
- Enhance our technical capabilities to prevent and detect IT hijack;
- Improve peoples’ ability to identify and resist hijack attempts;
- Begin to foster a security-aware culture
Stage 2: Reduce the overall risk of a cyberattack (2-3 year program)
- transition Queen’s cybersecurity practices from reactive to preventative
- Details on initiatives will be provided in May 2017.
Program Management
Program Management Updates
Engaged Sr. Security Specialist consultant
Drafted governance and reporting structure.
Under review.
Released RFP for professional services
assistance. RFP closed November 8.
Identified project outcomes - network
security, email
Executing Communication Plan: Social media campaign, meetings held with 7 stakeholder
groups and large portfolio units, article in ITS Newsletter and upcoming article in Gazette,
website notices, completed Cyber Security Awareness month campaign
Project Groups 1 and 2 Update
Group
Project
Description
Phase-in network controls to
prevent
1.1 Network Access
unprotected/unmanaged
Control
devices from accessing the
1. Network Security
Queen’s network.
Begin to modernize the
1.2 Network Security existing network design and
Architecture
configuration to provide
additional layers of security.
Enhance security of Queen’s
2.1 Advanced Threat email service to minimize the
2. Email Security
Protection
propagation of malicious
messages.
Project Updates
Designed device risk heatmap used to
identify maximum risk reward.
Proof of concept underway.
Drafted initial recommendations.
Implementation will commence upon
appointment of professional services.
Drafted initial recommendations.
Implementation will commence upon
appointment of professional services.
Project Group 3 - Update
Group
3. Endpoint
Security
Project
Description
Project Updates
Design and implement a
program for the continuous
monitoring of the IT
3.1 Security Monitoring
To commence upon appointment of
environment to detect and
Program
professional services.
prevent attacks against
devices such as laptops,
servers, mobile phones.
Design and implement a
3.2 Vulnerability
program for the continuous
Initial recommendations drafted and
under ITS review.
Management Program management of technical
vulnerabilities across campus.
Project Group 4 Update
Group
Project
Description
Design and implement an
exercise aimed to verify
4.1 Social Engineering Exercise users’ ability to identify
phishing emails and inform
on best practices.
4. Security Awareness
4.2 Security Course
Renew security awareness
course.
4.3 Ransom Policy
Develop and implement a
policy for ransom demands.
4.4 Security Awareness Policy
Develop and implement a
policy for mandatory
security awareness training.
Project Updates
To commence upon
appointment of professional
services.
To commence upon
appointment of professional
services.
To commence upon
appointment of professional
services.
To commence upon
appointment of professional
services.
Cybersecurity program – Email Security
-
All Queen’s mail will be scanned and filtered through O365
Mail will flow through enterprise security measures prior to forwarding onto local
mail service or local mailbox
Mail reputational services will be enhanced to limit others from spoofing Queen’s
mail
Changes to mail flow will occur first, no user impact anticipated
New enterprise security measures (e.g. configuration changes, new filters) will be
phased in during 2017. An implementation plan is forthcoming.
It will be important to inform ITS of any local mail service to avoid an impact to users
Email Security : Local mail service
 The goal is to have all Queen’s user communities benefit from additional enterprise
security measures, designed to reduce the number of malicious messages a user
receives.
Do any of your applications use a mail service other than mail.queensu.ca?
a. What business purpose?
b. How many users?
c. What is the daily/cyclical volume?
d. Does it require mass mailing?
e. Mail service name?
f. Can it be decommissioned?
Please provide this information to Terry Black by the end of November.
IT Security: E-Waste
 New procedures for e-waste coming soon
http://www.queensu.ca/its/security/additional-security-services/hd-destruction-disposal
http://www.queensu.ca/sustainability/campus-initiatives/recycling/electronic-waste
 Contact the Sustainability Office to arrange pickup and destruction of e-waste
E-waste awaiting pickup:
- store in secure area, inaccessible to the public.
- Never leave e-waste unattended, in an unsecured area.
read, share, and promote e-waste procedures
IT Security: Printer Security
Configuration changes required on printers to protect from cyber exploits.
 A number of printers were exploited this year resulting in printouts of offensive
propaganda material across campus.
Changes to printer security–
- Additional printer security configurations recommended
- Printers will move to secure IP address
http://www.queensu.ca/its/security/printer-security
read, share, and promote printer security procedures
What you should know – Printer security
- Printers identified as being publicly accessible have been identified and the ITSC is
in the process of identifying and contacting the owners of these devices.
- Our current process is to filter the leased Canon’s and Xerox printers to limit access
to be only from within Queen’s
- All other printers will move to a private network, inaccessible from the internet.
All other printers:
- Inform the IT Support Center (ITSC) if a printer requires internet access.
- For more information, please contact the ITSC.
Other updates
- Password policy enforcement
- Linux vulnerability
- Significant number of end of life or end of support
technologies discoverable on network
- Mirai botnet (IoT)