Penn Information Security: SWAT Deliverables


	Sunday, May 26, 2013

	New Resources
	Combating Malware
	SafeDNS
	Phishing Archive
	Cloud Computing and Data Outsourcing
	Best Practices for Applications with Confidential University Data

	Security "Greatest Hits"
	Managing Passwords
	E-mail Harassment & Forgery
	Hoaxes, frauds & scams
	Spam
	Phishing
	Wireless Networking
	Encryption & digital signatures

	Best Practices
	Secure desktop computing
	Secure servers
	Secure data deletion
	Securing printers
	Tips for safe computing
	Computing policies

	More in-depth information for
	Local support providers
	System administrators

	Security initiatives
	Critical host compliance
	Authentication & authorization
	Penn Security & Privacy Assessment (SPIA)
	Security Liaisons (Restricted Access)
	Secure Share
	Secure Space
	Vulnerability Scanner

	Related links
	Electronic privacy
	PennKey
	Viruses
	Worms, trojans, backdoors

Goals/Deliverables of the team:

Develop Best Practices
Create an Appendix to Critical Host Policy
Draft Web Application Standards - Technical Document
- Use OWASP as a starting point
Conduct 1-2 hour Annual Training Session
Develop Code Samples (Library of code sets by application - Java, Cold Fusion, etc.)
Volunteer Code Review (Between schools/centers); Special Interest Group;
- PennKey "gatekeeper" - Code Review is required if you use PennKey to Authenticate.

Begin by walking through OWASP Top 10 in detail, one vulnerability at a time, to develop Penn's Best Practices/Technical Documentation.

Last updated: Wednesday, January 3, 2007



Information Systems and Computing University of Pennsylvania Comments & Questions