10-11:30am, ML-Damon Room
Presentation by the UCAR Cybersecurity Program Office
Pantheon updates by David Vance
Timothy Fredrick, Zachary Hunsaker, Jose Castilleja, Konnie Phillips, David Vance, Stephen Geinosky, Ryan Johnson, Laura Hoff, Jennifer Philips, BJ Smith, Carl Drews, Emily Lauer, Don Kolinski, Tania Sizer
New WAG co-chairs for the next two year term are Carl Drews and Ryan Johnson!
Web Development and Cybersecurity Concerns
-- A Presentation by Timothy Fredrick, Jose Castilleja and Zachary Hunsaker
External Security Assessment by Talatak
External vulnerability scans, internal scans, and penetration tests
IT Tiger Team was convened by CISL
SQL Injection attacks are are a concern
Timothy recommends learning about the Equifax 2017 Data Breach
An Apache Struts vulnerability was not patched
PII data is what we are most concerned about protecting
UCAR has adopted the NIST RMF (Risk Management Framework), an industry standard
Privacy and UCAR
Colorado Privacy Law – Effective September 2018
- new definition of Personal Identifying Information (PII)
General Data Protection Regulation (GDPR) – Effective May 2018
- protects personal data (PD) of EU citizens
Zachary recommends using sqlmap tool to detect database vulnerabilities
Should google "OWASP top 10"
Web developers at UCAR need to report any time we have a PII breach to firstname.lastname@example.org (307-996-4300 or x4300)
David Vance: If you want your Pantheon website(s) monitored so that you are notified if there is an error or you site is down, let David know. Three severity levels, level 1 being the most severe. If you want something monitored, let David know which URL, the severity level to be notified at, and your contact information.