MyNotes - Low or No Cost Options for Improving Network/Information Security
Source: http://goo.gl/8hFai
The following are ideas shared at the Texas CTO 2012 Winter Meeting. The focus of the roundtable discussion was:
Low or No Cost Options for Improving Network/Information Security
What ideas would you add?
MyNotes:
Education:
-
Educate users about security and why it’s important.
-
If you need a note to remember a password, use a hint instead of the password itself.
-
No post it notes with passwords!
Password Conventions:
-
Set minimum password policies and educate users about them.
-
Substitute numbers for letters.
-
Use pass phrases or short sentences as an easier to remember way to meet complexity rules.
Systems:
-
Prevent booting up from USB or external/removable media.
-
Exchange ActiveSync can enforce a passcode on a mobile device and wipe data if needed (e.g. in case of loss or theft).
-
Auto-anchor Mobility is a configuration included in many current network manufacturer OS’s that allows for secure tunneling of wireless devices, useful for BYOD and personal devices.
-
Physical access control (proximity cards)
-
Identity Management and single (or synced) sign on (e.g. Identity Automation)
-
Data Loss Prevention (e.g. Websense)
-
Disable/turn-off outside wireless access points during non-school hours
-
Physical security for data centers and NOCs with security cameras for monitoring access
-
Encrypt data on portable devices.
-
Network access control
-
Enforce BIOS passwords.
-
Limit physical access to USB drives (e.g. hardware keyloggers).
-
Deny all executable files from external media like USB.
-
Use SSL inspection of web traffic to look for malware downloads.
Processes:
-
System notifications of retired/terminated/moved employees leaving the system to IT upon exit from the District.
-
Consider how cloud technologies impact or dictate local policy.
-
Consider digital brokering of data, and syncing data with single sign on
-
Changing IT roles, e.g. network administrators becoming data administration and engineering
-
Design infrastructure such that wireless authentication capabilities are extended similarly to the wired network.
-
Consider a one-time or periodic audit, such as that offered by Verizon.
-
Put policies around network and information security in place.
-
Apply wireless security measures where BYOD is being used in classes (coordinate with instructional team).
Security Tools:
-
Vericept: helps report on data loss
-
Dionynx provides 24x7 monitoring of key systems.
-
Network security audit: Verizon, IBM are two providers.
Increasing IT Staff Expertise/Utilization:
-
Problem: long-term employees tend to become comfortable in their jobs and stagnate. It can be rough to get rid of problem employees.
-
Possible solutions:
-
Require certification/continuing education.
-
Cross-training between employees to span pockets of expertise
-
Document critical systems.
-
Stress the importance of self-improvement.
-
Make them competitive with one another.
-
Create an ethics document and have all staff members sign it.
-
Show them the big picture and how they fit into it.
-
Have the entire IT department attend confidentiality training for online testing.
-
Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner
![]()
Subscribe to Around the Corner-MGuhlin.org

Visit the Texas for Technology Enhanced Education
Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure