Information Security Office Home Page
Three New Security Training Courses Available
January 20, 2010: The Information Security Office is pleased to announce that we have two more courses available as part of the information security training program.
NETW221 - Wireless Network Management
PROG111 - OWASP Top Ten Vulnerabilities
INFO202 - Change Management
Click here to log into MnSite and participate in these courses, or any of the other five courses currently available to IT staff and other interested parties in MnSCU. Your username is your email address if you are not in the OoC. Click here to visit the Information Security Training website for more information and a course catalog.
Two New Security Training Courses Available
October 30, 2009: We are pleased to announce that two new courses.
PROG101 - Principles of Security in Software Development
ENCR210 - Check Point Full Disk Encryption Administration and Deployment
Click here to log into MnSite and participate in these courses, or any of the other five courses currently available to IT staff and other interested parties in MnSCU. Your username is your email address if you are not in the OoC. Click here to visit the Information Security Training website for more information and a course catalog.
Online Information Security Training from the Department of Homeland Security
October 25, 2009: TEEX Cyber Security Training (formerly Act Online), a collaborative project backed by FEMA/DHS, provides a unique combination of expertise and capabilities to deliver training on information security-related topics. Their program uses a comprehensive approach to prepare professionals in identifying assets, recognizing vulnerabilities, prioritizing assets and implementing protection measures in technology infrastructure. Click the link above to register for free and participate in their wide course offerings.
Open Web Application Security Project MSP September Meeting
September 21, 2009: The September OWASP MSP meeting will be held Monday, September 21. They will meet in a different location for this meeting in Eden Prairie at Midwave, rather than on the Campus of Minneapolis Community and Technical College.
Get more information and register for the meeting here: OWASP MSP on EventBrite.
Open Web Application Security Project MSP 2009 Conference
August 24, 2009: The local Minneapolis-Saint Paul chapter of OWASP (the Open Web Application Security Project), hosted a conference on 8/24 with several great speakers:
- Seth Peter (Chief Technology Officer, NetSPI) presented The Developers Guide to PCI DSS and PA-DSS Requirements
- Pravir Chandra (Director of Strategic Services, Fortify) presented Software Assurance Maturity Model (OpenSAMM)
- Bruce Schneier (Owner/Author, schneier.com; Chief Security Technology Officer, BT) presented The Future of the Security Industry: IT is Rapidly Becoming a Commodity
Find videos from the conference here: OWASP on Vimeo. Find more information about the conference itself here: OWASP MSP 2009 Conference Home.
About the Security Office
The Information Security Office serves to protect the information resources of the Minnesota State Colleges and Universities system while supporting the open access required by academic pursuit.
Our Responsibilities
The Information Security Office is responsible for:
- coordinating the development of system-wide security policies, standards, and procedures to help ensure that decentralized data, facilities, services, and processes are uniformly protected and
- ensuring that the integrity of MnSCU's central facilities, services and data are maintained through effective security management practices.
Our Projects
Incident Response
For security or urgent assistance for VMI, please email here.
Hard Disk Encryption
We are in the process of implementing Check Point's Endpoint Security - Full Disk Encryption product across the system. Periodic training has been offered on installing and managing this software, and additional information is available here.
Vulnerability Management Infrastructure
The nCircle IP360 platform has been deployed systemwide for vulnerability management. The operational deployed service is now called the Vulnerability Management Infrastructure (VMI). This allows institutions to identify hosts, services, and vulnerabilities on their networks. Institution IT staff can also run trending reports and current-state reports to identify critical issues in a more proactive manner.
For general information and group assistance for VMI, please send an email here to access the internal MnSCU VMI emailing list. (Note: you currently have to be enrolled in the mailing list prior to emailing it.)
For support and assistance for VMI, please email here.
