| Date |
|
|---|---|
| Time | 10 am |
| Duration | 60 mts |
| Location | Zoom |
| Zoom | |
| Attendees | |
| Project/Program | Security Assessment remediation - SAR |
| Project Board | ITS PMO |
| Log Time | |
| OTL | |
| Objective(s) |
|
Notes:
| Speaker | Description | Notes | |
|---|---|---|---|
| Bill S. | iPaaS Access using jumpbox – follow-up and decision | Document requirements Section 9 on IS3 9.1.2 what is a secure access control point? This means we have to route everyone through a secure access control point. Limit to only those that need it. Declare what is a p3 p4 system and create a gate (jumpbox) with access control points, develop/create doorways for entry and exit. configured in a way that prevents leakage of data. How are we securing all of campus? UCOP considers payroll P4 is VPN considered a secure access control point. Yes that is one We can focus on making systems p3 and p4 compliant Example - History dept logs into UCPath do we have to make sure they are on VPN? People can log into various systems using https? Should we enforce all users to VPN? HOw do we interpret these rules? Privileged or non privileged access? Important factors are
Elevated users- people who can see the additional volume of data or can modify data Need to balance what end user can do without using the jupbox. Bill – what is ucsd's policy for development environment Nathalie - what controls based on the breaches we have seen. e.g. Auditing of logins is sufficient
Usecase discussion:
Risks:
| |
| Bill S. | GoA vs Qumulo – Follow-up and decision | Comments - OneDrive, Google Drive, Qumulo, GoAnywhere
Action items::
| |
| Claudio and Rob | Installing Spirion on iPaaS servers | ||
| Achraf | Spirion - agent installed on each station. Stores sensitive data. Scans for passwords, credit cards. | Achraf - Workstations, Data link policy to prevent sensitive information access Risk isn't only impact, but security is priority Ashish-It won't be for workstations, but just the server, workstations don't connect at all to nyfy or the servers themselves Bill - clarification - reading document written for all of campus. How are we securing all of campus from loging into our payroll, financial or student systems? Are all campuses making people log into jumpboxes first. Vendors never told us why. Doesn't solve getting in. Rob Nyland - DAniel responded tht Spriorn has redhat installed and default profiles installed Claudio - performance inmapct? - Achraf scans all desktop files, some impact, we have to create a profiel an dtune it. Claudio - so many agents being added the impact will add up Achraf - Spririon wil most likely cause an impact Daniel - we should get the impact numbers first. If there is no data, the scan will process quickly Claudio - are there excel files on the server - No Ahsish all on FXS Ashish - we can do a quick check on the servers for data Achraf - Are we good with the server install for Spirion ? Ashish to review. Nathalie - It isn't just end users, we need to make sure there isn't any discs or saving that could cause the risk Step 1 identify if there is any sensitive data is installed. What about log files. If they are p3 or p4 data. Yes, even if users don't have access.
| |
RA-16 | In progress Status = Solution in Progress | ||
RA-26 | Status = In Progress Part of Louis's review | ||
RA-28 | Status = Solution in Progress Business applications - Ranger, Ambari, - Create a task for that | ||
RA-3 |
SAR-89 - Getting issue details... STATUS Status = Completed - Out Of Scope Build an inventory of authorized software, This should be an ITS wide project. | ||
RA-4 | Status = Not Started | ||
RA-5 | Status = Not Started | ||
RA-6 | Status = Solution Ready for Review | ||
| Account removal |
| ||
| |||
| Anjelica | Past Due Tasks |
| |
| All | Time away | Anjelica Oct 26, 27 and Nov 10 thru 15 |
Add Comment