Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Information Security Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy,

Similar presentations


Presentation on theme: "Introduction to Information Security Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy,"— Presentation transcript:

1 Introduction to Information Security Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy, IT Security Officer

2 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Agenda Introduction The State of Texas States Information Security program Appropriate Use Policy Confidential Information Identity Finder demo Current Threats and Protections Best Practices Q&A

3 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Whats Information Security? The protection of data against unauthorized access. This includes: –How we access, process, transmit, and store information –How we protect devices used to access information –How we secure paper records, telephone conversations, and various types of digital media

4 itsecurity@txstate.eduhttp://security.vpit.txstate.edu The State of Texas States Information Security Program Comprehensive Set of Security Policies, Practices, and Services for: –Network Access Management –Threat Management –Incident Management and Response –http://security.vpit.txstate.edu/services.htmlhttp://security.vpit.txstate.edu/services.html

5 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Program Compliance Texas State University Policies –Appropriate Use of Information Resources (UPPS 04.01.07) http://www.txstate.edu/effective/upps/upps-04-01-07.html –Security of Texas State Information Resources (UPPS 04.01.01) http://www.txstate.edu/effective/upps/upps-04-01-01.html –Appropriate Release of Information (UPPS 01.04.00) http://www.txstate.edu/effective/upps/upps-01-04-00.html Other federal and state laws –Texas Administrative Code, Chapter 202 (TAC 202) –TPIA – Texas Public Information Act –FERPA - Federal Educational Rights & Privacy Act –HIPPA - Health Insurance Portability & Accountability Act –GLBA - Gramm-Leach-Bliley Act

6 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Program Awareness Annual Cyber Security Awareness Month-October –October 22 nd, LBJ Student Center 10am-3pm Introductory and technical security classes TXState security discussion lists: Information-Security@groups.txstate.edu TXState-ServerAdmins@groups.txstate.edu File sharing risks outreach –H.R. 4137, the Higher Education Opportunity Act –http://security.vpit.txstate.edu/awareness/digital_copyri ght-p2p-filesharing.htmlhttp://security.vpit.txstate.edu/awareness/digital_copyri ght-p2p-filesharing.html –University Seminar –CSAD –Notice to students and parents

7 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Appropriate Use Policy UPPS 04.01.07 Applies to all faculty, staff, and students Acceptance when you change your password

8 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Appropriate Use Policy Highlights Illegal, threatening or deliberately destructive use Authorized use only Email use Circumventing security procedures Protect your identity Copyright infringement Protect confidentiality

9 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Confidential Information Classes of Information e.g., job postings, service offerings, published research, directory information, degree programs. Public information e.g., performance appraisals, dates of birth, and email addresses), donor information. Sensitive information e.g., SSN, credit card info, personal health info. Restricted information http://security.vpit.txstate.edu/policies/data_classification.html

10 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Confidential Information Release Precautions FACT 1 Texas State is a public institution FACT 2 Texas State is subject to the Texas Public Information Act FACT 3 TPIA does not make all Texas State information freely available to the public IMPORTANT NOTE: If you receive a request for information from any external party, and you arent certain that the information can be released, consult the Office of the University Attorney before releasing the information.

11 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Confidential Information Protections What should you do about phone conversations? What should you do with printed, scanned, copied, or faxed copies? Where should you store media or hard copies? What should you do before disposing of or transferring media (including cell phones)? –http://www.tr.txstate.edu/itac/repair/hardware-disposalhttp://www.tr.txstate.edu/itac/repair/hardware-disposal What about your monitor screen?

12 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Confidential Information Protections What should you do before disposing of records? What should you do if you receive a phone call asking you to disclose information? What should you do when you walk away from your workstation? How should you protect your password?

13 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Confidential Information Discovery Identity Finder Demonstration

14 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Current Trends Symantec – Last six months of 2007 Professional hackers are commercializing –$ is the motivator –They are selling our information (medical, credit card, identities) The Web as the focal point –Where we spend our time and divulge our information End-users are the primary target –Phishing, web browsers (plug ins), malware, spam, botnets –Mobile device security (clever ploys) Increasing privacy data breaches –http://www.privacyrights.org/identity.htmhttp://www.privacyrights.org/identity.htm –https://www.ssnbreach.org/https://www.ssnbreach.org/

15 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Current Threats and Protections Phishing – what is it and how do I protect myself from it? –See IT Security Awareness pages for detailed information: http://security.vpit.txstate.edu/awareness/phishing.html http://security.vpit.txstate.edu/awareness/phishing.html –View a video from Microsoft on Phishing: http://www.microsoft.com/protect/videos/Phishing/Phishi ngMSHi.html http://www.microsoft.com/protect/videos/Phishing/Phishi ngMSHi.html –Protections: Do not submit personal information in response to an email Verify the authenticity and security of web sites before entering your personal information (https, certificates)

16 itsecurity@txstate.eduhttp://security.vpit.txstate.edu

17 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Current Threats and Protections SPAM – what is it and how do I protect myself from it? –Protections: Dont open emails or attachments from an unknown source Use available filtering/blocking tools http://www.tr.txstate.edu/get- connected/computerservices/e-mail- setup/spam-filter-faq.html) http://www.tr.txstate.edu/get- connected/computerservices/e-mail- setup/spam-filter-faq.html Dont click on any links in spam Dont forward spam on to your friends Validate hoax email: www.snopes.com, www.hoax-slayer.com www.snopes.com, www.hoax-slayer.com

18 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Current Threats and Protections Spyware – what is it and how do I protect myself from it? –View a video from Microsoft on Spyware: http://www.microsoft.com/protect/videos/Spyware /SpywareMSHi.html http://www.microsoft.com/protect/videos/Spyware /SpywareMSHi.html –Protections: Do not download or install untrusted or unknown programs Use anti-spyware software, such as Ad-Aware (www.lavasoftusa.com) or Windows Defender http://www.microsoft.com/windows/products/wi nfamily/defender/default.mspxwww.lavasoftusa.com http://www.microsoft.com/windows/products/wi nfamily/defender/default.mspx Demo Windows Defender

19 itsecurity@txstate.eduhttp://security.vpit.txstate.edu

20 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Download Security Video EDUCAUSE Computer Security Awareness Video Contest 2006 honorable mention, Act Now - Know Your Sources by Stephen Hockman, Christina Manikus, John Sease, & Erin Shulsinger, James Madison University http://www.educause.edu/SecurityVideoContest200 6/7103

21

22 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices Data Backup –Regular or automatic backups –Protect backup media –Protect sensitive information stored on backup media –Critical data should be backed up frequently –Test your recovery

23 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices System, Software, & Anti-Malware Updates –Operating system patches –Anti-Virus and anti-spyware –Host-based firewalls –Application software Automatic or regularly scheduled updates are best –Demo McAfee

24 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices User Accounts and Passwords –Use separate user accounts Administrator accounts for installing software, etc. User accounts for normal usage –Use strong passwords Mix upper case, lower case, and numeric characters The longer the better, but a minimum of 8 characters Use passphrases Avoid valid dictionary words and proper names Avoid re-using passwords

25 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices Create strong passwords that are easy to remember Strong password checker websites –http://www.microsoft.com/protect/yourself/pass word/checker.mspxhttp://www.microsoft.com/protect/yourself/pass word/checker.mspx –http://strongpasswordgenerator.com/http://strongpasswordgenerator.com/ Use different passwords for different functions –Banking –Purchasing –Email Password management tools –Password safe

26 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices Mobile computing and portable media –Confidential or Personally Identifiable Information (PII) is your responsibility to protect Use Passwords, preferably power on passwords Use an additional authentication factor, such as a fingerprint reader on a laptop -Remove or shred all data before disposing or transferring -Always keep the device with you when you are away from the office (e.g. do not leave it unattended in a hotel room, conference, or your vehicle -Laptop theft tracker http://adeona.cs.washington.edu/http://adeona.cs.washington.edu/

27 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices Wireless network security –Texas State University's wireless networks Open network Encrypted wireless network setup: http://www.tr.txstate.edu/get- connected/computerservices.html http://www.tr.txstate.edu/get- connected/computerservices.html –Wireless security at home Change the routers default password Use strongest available encryption Use MAC address restrictions –Use public wireless networks only for risk- free activities

28 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Wireless Security Video EDUCAUSE Computer Security Awareness Video Contest 2007 bronze award, When You Least Expect It, by Nolan Portillo, California State University – Bakersfield http://www.educause.edu/SecurityVideoContest2007 /713549

29

30 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices Identity Theft and Credit Card Fraud –http://security.vpit.txstate.edu/awareness/idtheft.htmlhttp://security.vpit.txstate.edu/awareness/idtheft.html –View a video from the Federal Trade Commission http://www.ftc.gov/bcp/edu/microsites/idtheft/video/avoid -identity-theft-video.html http://www.ftc.gov/bcp/edu/microsites/idtheft/video/avoid -identity-theft-video.html –Do not give out your personal information unnecessarily –Limit use on public computers or networks –Check your receipts for credit card numbers –Apply for your free annual credit report from all 3 agencies –Identity Theft IQ Test

31 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Identity Theft Video EDUCAUSE Computer Security Awareness Video Contest 2007, Out in the Open, Mark Lancaster, Texas A&M University http://www.researchchannel.org/securityvideo2007/

32

33 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices MySpace and Facebook – most popular –http://security.vpit.txstate.edu/awareness/socia l_networking.htmlhttp://security.vpit.txstate.edu/awareness/socia l_networking.html –Use caution when posting personal information –Photos can be used by a stalker to gather information about you or your family –Talk about social networking protections with your family and friends –Limit access to your personal site –Remember that pages are cached

34 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security Best Practices – Useful Links Use secure (https) for Gmail -- DEMO Top 20 Vulnerabilities http://www.sans.org/top20/http://www.sans.org/top20/ Identity Theft –http://onguardonline.gov/idtheft.htmlhttp://onguardonline.gov/idtheft.html –http://www.vpit.txstate.edu/security/items_interest/ide ntity.htmlhttp://www.vpit.txstate.edu/security/items_interest/ide ntity.html Annual Credit Report –https://www.annualcreditreport.com/cra/index.jsphttps://www.annualcreditreport.com/cra/index.jsp Best Practices –http://security.vpit.txstate.edu/awareness/best_practice s.htmlhttp://security.vpit.txstate.edu/awareness/best_practice s.html

35 itsecurity@txstate.eduhttp://security.vpit.txstate.edu Information Security How Do I Find Out More? Texas State Sites –IT Security - http://www.vpit.txstate.edu/securityhttp://www.vpit.txstate.edu/security –Privacy Rights Notice - http://www.tr.txstate.edu/privacy-notice.html http://www.tr.txstate.edu/privacy-notice.html –Identity theft - http://webapps.tr.txstate.edu/security/identity.html http://webapps.tr.txstate.edu/security/identity.html –FERPA at Texas State - http://www.registrar.txstate.edu/persistent- links/ferpa.html http://www.registrar.txstate.edu/persistent- links/ferpa.html Contacts –Information Technology Security 512-245-HACK(4225), itsecurity@txstate.edu –Information Technology Assistance Center (Help Desk) 512-245-ITAC(4822) or 512-245-HELP, itac@txstate.edu

36 Q & A


Download ppt "Introduction to Information Security Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy,"

Similar presentations


Ads by Google