Taking a Bite Out of Vulnerability: Realistic Configuration Management

In this session, we will explore the principles used by Pepperdine University's device management project to successfully attack cross-platform device vulnerabilities. The project achieved significant security compliance (e.g., increasing Java patch compliance from 17% to 94%) without significantly offending institutional culture or being perceived as impeding mission. The presenters will overview their approaches to constructing and developing a project team, testing and implementing a configuration management system, and successfully deploying the system to staff and faculty colleagues. In addition to organizational principles, we will demonstrate tips for rollout and keys to operational success and selected examples of specific technical successes.

OUTCOMES: Understand strategies for organizing security projects that you can adapt to your institutional culture and resources * Engage in evaluation of tactics for deployment of security controls in a minimally disruptive manner