Child pages
  • December 12, 2019
Skip to end of metadata
Go to start of metadata

10-11:30am, ML-Damon Room


Agenda

Presentation by the UCAR Cybersecurity Program Office

Pantheon updates by David Vance

Attendees

Timothy Fredrick, Zachary Hunsaker, Jose Castilleja, Konnie Phillips, David Vance, Stephen Geinosky, Ryan Johnson, Laura Hoff, Jennifer Philips, BJ Smith, Carl Drews, Emily Lauer, Don Kolinski, Tania Sizer

Notes

New WAG co-chairs for the next two year term are Carl Drews and Ryan Johnson!

Web Development and Cybersecurity Concerns

-- A Presentation by Timothy Fredrick, Jose Castilleja and Zachary Hunsaker

External Security Assessment by Talatak

External vulnerability scans, internal scans, and penetration tests

IT Tiger Team was convened by CISL

SQL Injection attacks are are a concern

Timothy recommends learning about the Equifax 2017 Data Breach 

An Apache Struts vulnerability was not patched

PII data is what we are most concerned about protecting

UCAR has adopted the NIST RMF (Risk Management Framework), an industry standard

Privacy and UCAR

https://internal.ucar.edu/counsel/privacy-protection

Colorado Privacy Law – Effective September 2018

  • new definition of Personal Identifying Information (PII)

General Data Protection Regulation (GDPR) – Effective May 2018

  • protects personal data (PD) of EU citizens

Zachary recommends using sqlmap tool to detect database vulnerabilities

Should google "OWASP top 10"

Web developers at UCAR need to report any time we have a PII breach to security@ucar.edu (307-996-4300 or x4300)


View the PPT Presentation

View Tools Demonstration Video


David Vance:  If you want your Pantheon website(s) monitored so that you are notified if there is an error or you site is down, let David know.  Three severity levels, level 1 being the most severe.  If you want something monitored, let David know which URL, the severity level to be notified at, and your contact information.

View the entire meeting video












  • No labels