CyberSecurity and

System Administration
IT4GIS
Keith T. Weber, GISP
GIS Director
ISU-GIS Training and Research Center
 Today’s Topics
• Users
• Privileges, Permissions, and Sharing
• User groups
• Other Topics:
– Mapped drives
– ROI
– TCO
– Data retention and deletion
• Think “Enterprise”
 Users
• Local
• Remote
• Generic Account Profiles
– Guest
– Administrator
– Others
Privileges, Permissions, and Sharing
• Privileges
• Rights
• Permissions and
Sharing permissions
User Groups
• Administrators
• Guest
• Others:
– User
– Power User
– Backup Operator,
etc.
 User “Needs”
• What is the user’s functional need?
• What is the user’s level of “sophistication” or “computer
literacy”.
• What is the user’s job description.
• Do not confuse rank with authority
Assigning Privileges and Permissions
• Based on these considerations, add the user to the
appropriate user group(s). This gives them Privileges
– Basic = User
– Advanced = Power User
– Basic + Temporary = User + Guest
• Apply Permissions to their workspace
– Administrator always has full control
– The user (owner) always has full control
– Everyone has read access only (if any)
 Sharing Resources

• Files and folders

• Devices
• Important for ArcGIS
Geoprocessing
Servers
 Ownership
• Who (one account) ultimately owns a file or folder
• Administrators can take ownership
 Security
• We have talked about data
integrity (information
assurance) when we discussed
servers
• We now need to discuss data
security (information security)in
detail as it is an important topic
in system administration
 Data Security
• Why is it important?
– Aside from ethical reasons
– There are compelling legal reasons
– Idaho’s CyberSecurity initiative
 Professional Hints and Tips

• Create passwords that are:

– Strong, Unique, Random
– Do not use the same username/password combo more than
once
• Visit http://www.passwordmeter.com/
What did you learn?
 Primary Target…
• Personal information
• So, how can we secure the desktop?
– Disable anonymous log in
– Use Firewalls
What is a firewall?
– Employ Intrusion Prevention/ Intrusion Detection
software/ hardware at the LAN (AKA IP-ID or
IDS [Intrusion detection systems])
 The Desktop
• Well-trained/educated
workforce
• E-mail is an easy “IN”
 Professional Hints and Tips
• Administrators should consider increasing
authentication requirements
– What is authentication?
– Proving your credentials that then give you access to the
system and network, where you have privileges and
permissions
 Authentication
• Single factor (1FA)
• Two factor (2FA)
• Three factor (3FA)
Questions & Other Topics
 Mapped Drives

• Remote drives
• Same as “Connect to
Folder” with ArcGIS
 ROI
• Return on Investment
 TCO
• Total Cost of Ownership
 Policies
• Writing and seeking approval for administrative policies or
procedures
– Data retention and deletion
– Data sharing
 Considerations
• Once you decide what must be kept, you must still
consider:
– Format of data in archive
– Archiving media
– Archiving frequency
– Task delegation
• In Idaho, Geospatial Data are listed as perpetual records
 Thinking Enterprise
• What is meant by the term “Enterprise”
 An Enterprise…
• Is Amorphous
• Shrinks and swells with the scope of the
question, problem, or task
• Works toward a common goal as a group
• Is connected
 GIS and the Enterprise
• GIS is part of the enterprise
– Tends to be a technical resource
– Information supplier
– Analyzer
– Integrator
• GIS is NOT
– THE enterprise
– THE decision maker
A GIS Manager Must
• Keep the “goal” of the enterprise
in mind
• Communicate the benefits and
capabilities of GIS to decision
makers
• Understand GIS, networks,
servers, system administration,
ROI, TCO, and
– People
 Key Concepts

• We have explored several important GIS and

IT topics
• New terms of significance- Enterprise, ROI,
and TCO
– Keep these in mind throughout the semester
along with effectiveness
 Your Assignment
• Complete the exercise
• Review the GIS TReC Data Retention and Deletion
Procedures and Data Sharing documents
• Prepare for the first exam (mid-term)
• Grad students… proposal due Friday
 Questions?

Get ready for the 2-minute write

Preparation

REVIEW FOR EXAM ONE