Training and Awareness

ITS Training Services provides learning opportunities in technology to students, faculty, and staff to facilitate learning, teaching, and professional development activities. Below is a comprehensive list of all primary SOS marketing materials that SOS uses keep faculty, staff, and students informed.

ITS Classroom Seminars available for registration

SOS training opportunities

Five brochures: Protecting Your Password, Reporting Computer Security Incidents, Desktop Security, Responsible Computing, and Internet and Computing Privacy are used in training and informational sessions

Security Trainer offers Simple Tips to Protect Your Personal Computer

Free online web based training technology and business/professional skills courses are available: https://wbt.psu.edu

Take Control Campaign: Take sixsteps to protect your computer

Safe Computing Website: http://its.psu.edu/safecomputing/

The Security Day Conference: http://sos.its.psu.edu/conference2009.html

  ITS Event Presentation: Securing Your Home Computer

  Faculty Senate Presentation: Internet Security

Security Tools

A variety of tools to administer your system. You must be an authorized user to utilize these tools to scan machines across the network, exceptions must be authorized by the Security Operations and Services Director in accordance with policy AD20. Violations will result in a referral to OJA or OHR.

• Windows/DOS Security Tools
   

• Macintosh Security Tools
   

• *nix Security Tools
  

Incident Response

You can report any incident to SOS that you feel is a violation of The Pennsylvania State University's policies, guidelines, or laws or is an information security issue involving a subject at the University. See reporting pages for more information.

Vulnerability Assessment

SOS uses the following tool to provide assessments to identify systems that are susceptible to certain vulnerabilities.

ISS: The Internet Security Scanner (ISS) is a commercial grade scanning tool. Penn State network contacts may request a scan of their network(s) or computer(s) via the SOS web page.

Risk Analysis

Hands-on security analysis that provides in-depth insight into the security posture of a given Local Area Network of application.

Risk analyses can be scheduled by contacting Security Operations and Services. Such analyses are useful in determining the broad spectrum of threats that may apply to a given setting, plus the safeguards that can be applied to mitigate risks. Units should be advised that a full risk assessment is time consuming, so results will not be available immediately.

Intrusion Detection & Prevention

SOS uses a spectrum of tools to discover and prevent internal and external attacks and compromised systems on the network.

Detecting and preventing network based attacks directed at University systems, while attempting to maintain an open computing environment at Penn State, is being accomplished utilizing a variety of intrusion detection and prevention devices. Analysts collect data, review, and report incidence of misuse and abuse to University network contacts in order to reduce the amount of harmful exposure to vulnerable networked systems. Remote scanning tools as wells as passively networked systems combine to provide layers of security benefiting the University systems.

Forensics

SOS uses forensics analysis to thoroughly examine a computer system using software and tools to extract and preserve evidence.

 A full forensics copy or examination is usually associated with a criminal investigation, but occasionally may be used for civil or archival purposes. A forensic-quality copy preserves an exact mirror of information on a hard drive and special software may extract items thought deleted by normal processes. In some rare cases, online forensics can also be employed to examine contents of computer memory. This service is sometimes handled in conjunction with the Penn State Police Services and is not available without just cause.