CCFIT > Discussion Topics > Security

Security

UC Davis Cyber-Safety Program

5/9/2005: Bob Ono indicated that a campus directive, co-signed by Provost Hinshaw and Peter Yellowlees, Interim Vice Provost for IET, will be sent in the coming days to senior campus administrators. The draft directive, handed out by Ono, announces the adoption by the campus of a comprehensive security policy that defines both key security practices and responsibilities for their implementation. The program establishes a timeframe for campuswide security compliance and requires annual reporting from each of the deans, vice chancellors and vice provosts. IET, in collaboration with Internal Audit, developed the timetable outlining the three phases for campuswide compliance. Both units are also collaborating to develop a pool of technical resources to assist deans, vice provosts, and vice chancellors who might need additional resources to complete their security assessments or correct security deficiencies. Rick Catalano, Director of Internal Audit, thanked IET for developing this security framework and implementing these important measures. The Cyber-Safety Program, including the policy, standards, as well as resources and tools, can be accessed from the Security Web site (see http://security.ucdavis.edu/cybersafety.cfm).

PCI Security Standards

5/9/2005: Allred indicated that the campus is preparing for changes to the credit card security programs that Visa and MasterCard impose on all merchants. This Payment Card Industry (PCI) worldwide standard is intended to protect the security of information on credit cards and magnetic strips. It went into effect last year for Level 1 merchants (i.e., merchants processing over 6,000,000 transactions per year). UC Davis is a “level 3” merchant (each campus is looked at independently). The deadline for level 3 merchants (i.e., e-commerce merchants processing 20,000 to 150,000 Visa transactions per year) is June 30, 2005. This deadline will affect several campus units taking credit card information over the Web (i.e., credit card transactions via the Web, even if they are manual transactions). Everyone engaged in e-commerce activity needs to take a self-assessment questionnaire. Additionally, every unit will need to have their systems scanned every quarter by a third-party Certified Independent Scan Vendor (10K/year for the campus). UC Davis is working with UCOP and campus departments to meet the June 30 deadline. Allred indicated that to mitigate the costs and administrative burden to campus units, e-commerce at UC Davis will be channeled through a centralized payment gateway and sensitive cardholder data will be stored in a single protected database. Accounting and Financial Services is working to secure an application that will enhance the existing TouchNet Payment Gateway.

IT Security Symposium

03/14/2005: Bob Ono, IT Security Coordinator, announced that registration for the 2005 IT Security Symposium will open on April 4th. He handed out hard copies of the draft schedule and program (see IT Security Symposium handout). The symposium, which will be held on campus June 22-24, was designed with campus technical staff and campus security needs in mind. The registration fee is $85 per participant. Following the keynote address by Scott Charney, Microsoft Chief IT Security Strategist (will be broadcast over the Web at the URL below), 40+ instructional labs and lectures will be offered. Topics range from securing systems and networks to patch management strategies, intrusion detection, and a discussion of the proposed campus security policy and minimum security standards.

In addition to those interactive sessions, the planning committee has arranged for six $1,000 training certificates to be awarded through a raffle. A Web site is available with more information and an online registration form (see http://itsecuritysymposium.ucdavis.edu).

Chair Bledsoe noted how great it was to see UC Davis offer such an important training opportunity and suggested that a similar offering be considered for average users, perhaps in the Fall.

UC Davis Anti-Spam Program

5/9/2005: Bob Ono, IT Security Coordinator, announced that IET is preparing to launch a number of improvements to the ways in which the campus email servers identify and filter unsolicited commercial spam. Referring to the handout in Council members’ packets, Ono briefly reviewed the anti-spam services already available to all members of the campus community and explained the enhancements planned for June and July (see UC Davis Anti-Spam Program Overview handout). Announcements will be made in campus print publications, some will be posted on the Web, and targeted communications will be sent to various campus groups, including all faculty, in early June. Ono noted that more information about this program is available on the Security Web site at http://security.ucdavis.edu/spam.cfm.