Presentation is loading. Please wait.

Presentation is loading. Please wait.

2015Computer Services – Information Security| Information Security Training Budget Officers.

Published byBennett Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "2015Computer Services – Information Security| Information Security Training Budget Officers."— Presentation transcript:

1 2015Computer Services – Information Security| Information Security Training Budget Officers

2 2015Computer Services – Information Security| Goals of This Training Update staff on security threats to information and funds. To promote awareness of Information Security issues that affect staff. To make staff aware of Information Security Policy, and how it affects our work.

3 2015Computer Services – Information Security| What are the Consequences for Security Breaches? Risk to security and integrity of personal or confidential information. Loss of employee and public trust resulting in embarrassment and bad publicity. Costly reporting requirements in case of compromise of sensitive information. Security breaches hurt our students and colleagues.

4 2015Computer Services – Information Security| Phishing Be suspicious! Never automatically assume an email is legitimate – even if it is from MSU! Do not reveal personal or financial information over email. Reputable companies will never ask you for this information via email. Pay attention to the URL of a web site. Look for a variation of the real name or a different domain (.com vs.net). Type URLs in manually. “Phishing” is an attack on your computer using email or malicious websites to solicit personal information – often financial. Typically in the form of an email seemingly from a reputable credit card company or financial institution that requests account information and often suggests that there is a problem with the account.

5 2015Computer Services – Information Security|

6 2015Computer Services – Information Security| Glen, I have assigned you to manage file T521. This is a strictly confidential financial operation, to which takes priority over other tasks. Have you already been contacted by Steven Shapiro (attorney from KPMG)? This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations. Please do no speak with anyone by email or phone regarding this. Regards, Gean Stalcup.

7 2015Computer Services – Information Security| Protect your Passwords Do not share your password. Avoid common words: Hackers use programs that can try every word in the dictionary. Change passwords regularly (minimum of every 120 days). Do not use the same password more than once.

8 2015Computer Services – Information Security| Passwords Weak Ilovemypiano Ihateliverandonions Strong ILov3MyPi@no 1Hat3liver@Onions! Try a Passphrase Four score and seven years ago, our forefathers… 4scan7yeag,oufo

9 2015Computer Services – Information Security| Keep a clean machine! The absolute best defense against Malware is to make sure your computer stays current on the latest software/updates, especially anti-virus software. To verify the windows updates on your computer are current, click the Start button, click All Programs, and then click Windows Updates.

10 2015Computer Services – Information Security| Using USB Drives Safely Use an encrypted USB drive when storing private or restricted data. Remember to remove the drive from your computer before walking away – tethering the USB to a lanyard or keychain will help keep the USB visible at all times.

11 2015Computer Services – Information Security| Other Mobile Devices Employ all security practices on your laptop that you would on your desktop. Encrypt your laptop. If it is essential that you link your university email to your phone or tablet, always use a passcode. Always be aware of apps on your mobile devices – they can provide a point of vulnerability if not monitored.

12 2015Computer Services – Information Security| Physical Safeguards Store paper records in a locked room, cabinet, or other container. Use password-activated screensavers. Ensure that storage areas are protected against destruction or potential damage from physical hazards, like fire and floods. Dispose of customer information appropriately. Dispose of hard drives in a safe manner – we can do this for you!

13 2015Computer Services – Information Security| Technical Safeguards Avoid transmitting sensitive data by email. If you need to transmit sensitive data, use Voltage, an email encryption provided by the university. Erase all data when disposing of computers, hard drives or any other electronic media that contains customer information. Promptly dispose of outdated customer information. Store electronic customer information on a secure server provided by Computer Services.

14 2015Computer Services – Information Security| Op.12.07-14 Information Security Data Classification Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. Classification helps determine what baseline security controls are appropriate for safeguarding that data. There are three data classifications: Restricted data, private data, and public data

15 2015Computer Services – Information Security| Op12.07-14 Restricted Data Definition Data should be classified as Restricted when the unauthorized disclosure, alteration, or destruction of that data could cause a significant level of risk to the University or its affiliates. The highest level of security controls should be applied to Restricted data. Examples Social Security Numbers Personnel records Credit card numbers Medical records BearPass Login with password Academic records (grades, transcripts, etc.)

16 2015Computer Services – Information Security| Op12.07-14 Private Data Definition Data should be classified as Private when the unauthorized disclosure, alteration, or destruction of that data could result in a moderate level of risk. This is the “default” category. Acquisition or distribution of Private data by or between University agents or employees for legitimate purposes is allowed. Examples Budget Information BearPass Number Documentation Research not yet completed or published Vendor documentation Contracts

17 2015Computer Services – Information Security| Op12.07-14 Public Data Definition Data should be classified as Public when the unauthorized disclosure, alteration, or destruction of that data would result in little or no risk. Some level of control is required to prevent unauthorized modification or destruction. Examples Directory information Email addresses (directory) Course catalog information Data often found on university website

18 2015Computer Services – Information Security| Op.12.07-3 Information Management Information that is Private or Restricted: Should not be transmitted to recipients external to MSU network unless approved by Records Custodian. Should not be posted to cloud services like Dropbox or Google Drive. Should not be carried on mobile electronic devices unless the data is encrypted.

19 2015Computer Services – Information Security| In summary… Remember – Information security starts with you! Keep a clean machine. Never assume – prove to yourself that sensitive links and phone calls are legitimate. Don’t save sensitive university information to portable devices. Learn more on the Information Security website and blog at: http://cio.missouristate.edu/ISO/

Download ppt "2015Computer Services – Information Security| Information Security Training Budget Officers."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:

Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Similar presentations

Ads by Google