Information Security Office Home Page
Two New Security Training Courses Available
Octoer 30, 2009: We are pleased to announce that two new courses, Principles of Security in Software Development (PROG101) and Check Point Full Disk Encryption Administration and Deployment (ENCR210), have been completed and are now available as part of the Information Security Training program.
PROG101 is a 3 hour, self-paced online course introduces you to principles of security in software architecture, and how they carry through into coding/implementation. This course prepares developers of all kind for more advanced training that assumes a baseline of information security knowledge
ENCR210 is a 4-hour self-paced course that covers the features and capabilities of Check Point’s Full Disk Encryption (FDE) product and uses presentations to demonstrate installation, configuration and troubleshooting. In addition you will be able to explore various options for deployment suitable to your specific environment.
Click here (https://mnsite.ims.mnscu.edu/) to log into MnSite and participate in these courses, or any of the other five courses currently available to IT staff and other interested parties in MnSCU. Your username is your email address if you are not in the OoC. Click here (http://www.its.mnscu.edu/security/training/) to visit the Information Security Training website for more information and a course catalog.
Online Information Security Training from the Department of Homeland Security
October 25, 2009: ACT Online, a collaborative project backed by FEMA, provides a unique combination of expertise and capabilities to deliver training on information security-related topics. Their program uses a comprehensive approach to prepare professionals in identifying assets, recognizing vulnerabilities, prioritizing assets and implementing protection measures in technology infrastructure. Click the link above to register for free and participate in their wide course offerings.
Open Web Application Security Project MSP September Meeting
September 21, 2009: The September OWASP MSP meeting will be held Monday, September 21. They will meet in a different location for this meeting in Eden Prairie at Midwave, rather than on the Campus of Minneapolis Community and Technical College.
Get more information and register for the meeting here: OWASP MSP on EventBrite.
Open Web Application Security Project MSP 2009 Conference
August 24, 2009: The local Minneapolis-Saint Paul chapter of OWASP (the Open Web Application Security Project), hosted a conference on 8/24 with several great speakers:
- Seth Peter (Chief Technology Officer, NetSPI) presented The Developers Guide to PCI DSS and PA-DSS Requirements
- Pravir Chandra (Director of Strategic Services, Fortify) presented Software Assurance Maturity Model (OpenSAMM)
- Bruce Schneier (Owner/Author, schneier.com; Chief Security Technology Officer, BT) presented The Future of the Security Industry: IT is Rapidly Becoming a Commodity
Find videos from the conference here: OWASP on Vimeo. Find more information about the conference itself here: OWASP MSP 2009 Conference Home.
About the Security Office
The Information Security Office serves to protect the information resources of the Minnesota State Colleges and Universities system while supporting the open access required by academic pursuit.
Our Responsibilities
The Information Security Office is responsible for:
- coordinating the development of system-wide security policies, standards, and procedures to help ensure that decentralized data, facilities, services, and processes are uniformly protected and
- ensuring that the integrity of MnSCU's central facilities, services and data are maintained through effective security management practices.
Our Projects
Incident Response
For security or urgent assistance for VMI, please email here.
Hard Disk Encryption
We are in the process of implementing Check Point's Endpoint Security - Full Disk Encryption product across the system. Periodic training has been offered on installing and managing this software, and additional information is available here.
Vulnerability Management Infrastructure
The nCircle IP360 platform has been deployed systemwide for vulnerability management. The operational deployed service is now called the Vulnerability Management Infrastructure (VMI). This allows institutions to identify hosts, services, and vulnerabilities on their networks. Institution IT staff can also run trending reports and current-state reports to identify critical issues in a more proactive manner.
For general information and group assistance for VMI, please send an email here to access the internal MnSCU VMI emailing list. (Note: you currently have to be enrolled in the mailing list prior to emailing it.)
For support and assistance for VMI, please email here.
