President's Report - FY10 Q4

  • ITSS Accomplishments
  • ITSS Issues and Trends

FY10 Q3

Tim McGovern's email to Elaine Aufiero and Patricia Sheppard (dated 4/8/2010)

SUBJECT:  ITSS Q3 Narratives

Attached is a brief snapshot of our work....let me know if I can clarify anything.

Tim's attachment for this email:

Q3 Highlights for IT Security (such as it's defined)

• INCIDENT RESPONSE & SPECIAL REQUESTS
• MIT Portugal, 'nuff said.
• Continued to provide daily trouble ticket support to other areas in IS&T and to the MIT community at large for security, policy, information protection, and encryption. Situation quite messy during the Q, but getting better after a bunch of effort in OIS, CSS/DS, etc.
• Continued to act as first step in response to issues related to Type D PCI merchants
• Extensive technical support to OGC wrt a MAJOR dispute between MIT and a large, generous financial institution (on the order of 3 weeks of effort just in this quarter; this dispute started in September 2009, and we've been providing help since the get-go)
• In general, tickets (as an approximator for work) volume held steady.
⁃ DMCA notices were down somewhat (vs. year ago, same quarter), as TOR activity was curtailed from a year ago.
⁃ Security tickets were also down (ditto), almost entirely due to the loss of our network traffic feed to our sensors. Note: this is just asking for more trouble down the road as many, many machines that are infected continue on unnoticed.
⁃ Infoprotect saw an uptick, as we took in 18 new data incidents just this quarter – a number of incidents from calendar year 2009 that didn't get full forensics have been closed without producing findings. Regrettably, we've been so inundated with getting these new incidents into our imaging infrastructure, we haven't been able to process many for actual risk assessment.
• AWARENESS
• Co-led multiple IAP and department level courses on Handling Sensitive Data. Partnering with Audit/PII Program.
• Presented at Essentials of Management workshop run by HR on the Current State of IT Security at MIT.
• INFORMATION PROTECTION, RISK MANAGEMENT & COMPLIANCE
• Completed the writing of MIT's WISP in compliance with Massachusetts Law. Communication and outreach to the community around the requirements included in the WISP begun and will continue into Q4.
• Continued support for PGP, and at quarter's end, PGP Rollout was ordained a project.
• Initiated vendor discussion and strategy development for Identity Finder product. Work will continue into Q4.
• Spoke at NERCOMP on evolving collaborative data incident response strategies
• Initiated vendor discussion and product review of McAfee products
• Refined Incident Response strategy for data incidents
• Received, evaluated and rolled out newest version of PGP Whole Disk Encryption software – necessary for Mac OS upgrades to Snow Leopard.
• Attempted to broker deal for PGP with Sloan - Sloan cancelled deal
• Continued to work with DUE and Student Financial Services on implementation of new minimum security standards in SFS to reduce the risk of further data incidents
• Convened working group on p2p provisions of HEOA; compliance data is July 1, 2010. We'll never make it!
• POLICY
• Almost managed to complete the revision of Rule 6 of MITnet Rules; should get done in April, 2010.
• INSIDE COLLABORATIONS
• Continued work within the Identity Management Taskforce (under ISDA tutelage).
• Began meeting regularly with Service Desk to provide better security-related services to users and find areas for collaboration.
• Teamed up with IS&T communications to include security news into the design of the new online IS&T News page.
• OUTSIDE RELATIONSHIPS & PROFESSIONAL DEVELOPMENT
• Attended RSA 2010 Conference – major all-industry IT security policy, tools and technology meeting.
• Participated in IvyPlus IT Security Officers meeting @ Harvard
• Attended NERCOMP workshop on Cyber Security Awareness.
• MAJOR OPERATIONAL ISSUES
• No network traffic being provided to our sensors for incident detection, forensics work, etc.
• No registration/authentication of NG wireless
⁃ Note: this makes incident response impossible in an increasing number of cases (roughly 1/3 of all DMCA complaints cannot be followed up on)
• No netflow data from MIT critical infrastructure (e.g. OC11 datacenter, W91 datacenter, etc.).
⁃ Note: this makes it hard for us to assess what risks might exist in these areas of our infrastructure; we assume that SAIS, OIS or ISDA teams are taking good care of this.

FY10 Q2

Timothy McGovern’s email to Elaine Aufiero and cc: css-managers@mit.edu (dated 1/11/2010)
SUBJECT: Re: REMINDER - 2010 Q2 Reporting Due Today!

Addition to narrative from ITSS' point of view:

Continued to handle many potential data incidents, both major and
minor. No confirmed positive data breaches in Q2. Continued work in
many data security initiatives, some of which are coming to fruition
as we speak: 1) PCI compliance incident response (will complete in
Q3), and 2) final stages of a written information security program for
compliance with Massachusetts' Data Breach Law (will complete in Q3).

– Tim
----------------
Tim McGovern
Manager, IT Security Services
Client Support Services, IS&T, MIT
(617) 253-0505

___________________________________________________________________________________________________

FY10 Q1

Need to input this information.

  • No labels