Moving from a traditional data center model to AWS creates many challenges including handling incident response for AWS systems. UCSC has a substantial set of hosts deployed in AWS and has solved our incident response issue using AWS features coupled with an on-premise Elastic cluster.
Come to our session and you could win a prize! You can also find out how we implemented 2-step verification (or 2 factor authentication) for staff and faculty at UC Berkeley.
Get the low down on our technical approach (Duo, CAS, Grouper) as well as our outreach campaign tips and tricks. We'll tell you the full story - the highs, the lows and everything in between. See you there!
(No dance shoes required.)
General security awareness training, phishing simulation and education, posters, contests…all are important aspects of a security awareness program; but are these efforts changing the culture of our organization toward a more secure minded organization? One aspect that is making a difference in moving an organization to a secure culture is a security ambassador or cyber champion program. The Cyber-Risk Coordination Center (C3) at University of California established the Cyber Champion Program to support UC locations with existing ambassador/cyber champion programs as wel
When crafting access models for content management applications, there are two interconnected standard models: that of role assignment, and that of permissions assignment. Typically, a modern application will have customized roles ("admin", "approver") which are in turn fine tuned by the addition/exclusion of specific permitted actions ("can update forms", "can delete users"). These roles are in turn assigned by managers to users of the application, explicitly, giving them access in proportion to their needs.
UCOP rolled out a strategic sourcing contract with Zoom in 2016. Penetration was so successful that contract pricing fell by 10% in 2017. With the availability of this new tool to enhance collaboration, there has been a desire to utilize the tool in many areas. Some of those departments contain PHI where HIPAA compliance is expected. This session will review a basic understanding of HIPAA; departments which may need to protect PHI; and how those departments can utilize the Zoom collaboration platform while ensuring HIPAA compliance. Enabling the HIPAA configuration for Zoom will enhanc
UCSF has spent the last several years improving our security posture, including hardening systems, tightening border routers, expanding DLP, and adding other types of threat protection. A sudden increase in phishing pushed our rollout of two-factor authentication for VPN and email up by 6 months, to just before the holiday travel rush. It took a huge effort from many teams and stakeholders to get it done, but we successfully enrolled over 25,000 users in 3 weeks. Our CIO paid us the ultimate compliment, saying it was the quietest go-live he had ever seen.
