CISO Memo: 2011 Brought Many Changes

David SherryIs it still admissible to say Happy New Year in February?  I’ll take the position that it is, seeing that this is the first Information Security Group newsletter for 2012.  The year 2011 saw many success stories for the group, as well as some changes and big plans for 2012.  I’d like to take this opportunity to share some of what has been, and what will be, going on.

We provided the university with several new tools and services recently.  A university-wide vulnerability scan was performed in the late summer, which assessed the security and risk of Brown’s entire external facing infrastructure.  The results were very favorable, while also identifying areas for improvement.  Also in the late summer and early fall, a new VPN solution was moved into production (while also phasing out the original one).  The new VPN, by F5, offers both a client and browser based solution for the university community.  This also will allow greater usage during times of university emergencies.  The F5 SSL was a long and technically challenging project, which was completed successfully thanks to the hard work of many CIS teams.

Other services were rolled out in the in the last few months, which affect or impact only certain populations throughout Brown.  These include Postini Messaging Security to support the efforts of emerging e-discovery requirements, and a new web certificate made available through our involvement with InCommon.  This new way of ordering and managing web certificates centralizes the charges associated with certs, and is a true enterprise solution for Brown.

More recently, several CIS teams implemented the eduroam wireless service across the campus.  Eduroam is a federated group of institutions who share a free and secure global access service, and was developed for the international research and education community. This “education roaming” service allows students, researchers and staff to use their Brown login credentials to obtain Internet connectivity when visiting other participating institutions. It also allows visitors from other academic institutions that use eduroam to access Brown’s wireless network, using their credentials from their own institution.

Finally, as part of new tools and solutions, ISG (once again with the help of many CIS teams) has announced two solutions that aid in the protection of personally identifiable information (or PII).  Identity Finder is a solution that scans your laptop or desktop, identifies PII (such as social security numbers, credit cards, birth dates, etc), and then offers solutions to destroy, redact, or encrypt the data.  In addition, an enterprise laptop encryption solution, Symantec Endpoint Encryption, is now available.  This centrally-managed solution for encrypting laptops with confidential, sensitive or restricted information is being rolled out with the help of the University technical community.

It has been a successful few months, and there is a great deal more to do.  With that came some changes in the ISG.  Beginning in early December, the ISG Engineers took their security expertise and responsibilities to the Network Technology Group.  This move created deeper coordination between security engineering and operations with the similar roles in NTG.  It also aligns with the overall CIS goals of improving efficiency and internal communication.  Great things have already been observed from this organizational change.

Pat Falcon continues to be part of ISG, and maintains her same role in support of the information security mission.  The ISG has been maintained, with the exception of security architecture and operations.  My mission has been broadened and deepened to provide greater focus on identity, risk, privacy, compliance, and data stewardship.  You’ll read more on these critical areas in future editions.

I also wanted to make note of our celebration of National Data Privacy Day.  Please see the article in this newsletter dedicated to this topic, and I hope you consider attending one of our sessions focused on privacy.

As always, I welcome your comments and feedback.  Please feel free to reach out to me directly at, or the group at  Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security.  And remember, sec_rity is not complete without U!

Twitter logo Follow David on his Twitter account: @CISOatBrownU

Posted in Safe Computing, Winter 2012 Edition | Comments Off on CISO Memo: 2011 Brought Many Changes