Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company LOGO Creating a Security Risk-Aware Culture at NCCU Information Technology Services North Carolina Central University September 2008 1.

Similar presentations


Presentation on theme: "Company LOGO Creating a Security Risk-Aware Culture at NCCU Information Technology Services North Carolina Central University September 2008 1."— Presentation transcript:

1 Company LOGO Creating a Security Risk-Aware Culture at NCCU Information Technology Services North Carolina Central University September

2 Information Security Security is a negative deliverable. You dont know when you have it. You only know when youve lost it. 22

3 3 Cybersecurity - Why Do We Care? Chancellor – good legislative audits Provost – academic integrity Vice Chancellor Research – compliance HIPAA FERPA GLBA Sarbanes Oxley Act Grant requirements Local state and federal regulations

4 Todays Agenda Information Security in Higher Education NCCU Information Security Policies & Best Practices Banner Security Top 10 Reminders 4

5 Information Security Between February 2005 and July 2006, there were 237 reported security breaches involving the compromise of more than 89 million records containing personal information. Of these, 83 incidents involved institutions of higher education, including academic medical centers. 5 EDUCAUSE Review, vol. 41, no. 5 (September/October 2006): 46–61 5

6 6 Process Technology Systems must be built to technically adhere to policy People must understand their responsibilities regarding policy Policies must be developed, communicated, maintained and enforced Processes must be developed that show how policies will be implemented Security Implementation Relies On People

7 Todays Agenda Information Security in Higher Education NCCU Information Security Policies & Best Practices Banner Security Top 10 Reminders 7

8 NCCU IT Security Training Outline NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported 8

9 NCCU IT Security Training Outline Introductions NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported 9

10 NCCU IT Security Training Course Outline Introductions Steve Ornat IT Audit Compliance and Business Continuity NCCU – Information Technology Services

11 NCCU IT Security Training Course Outline Introductions NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported 11

12 NCCU IT Security Training Course Outline, Continued NCCU Security Policies Data and Information Policy File Sharing Policy Electronic Mail Policy Responsible Use Policy Wireless and Network Policy Server Policy Software License Policy NCCU Telephone and Cell Policy Documentation of all of NCCU Policies – Version: CD 12

13 Data and Information Policy General guidance on the protection of University data and information being processed by manual as well as automated systems and the protection of the records and reports generated by these information processing systems. NCCU IT Security Training 13

14 Handling of Institutional Data Guidelines The Chancellor, Provost, Vice Chancellors, General Counsel, and the Director of Athletics are responsible for ensuring the appropriate handling of Institutional data produced and managed by their division/unit ITS is responsible for ensuring that the appropriate technologies and system policies and permissions are in place to ensure appropriate access to electronic data. 14

15 Data Owners Owners of data are responsible for making decisions about the use and protection of information in their custody. Areas of concern shall include: 1. Accuracy and completeness of data and information; 2. Classification of data as confidential (subject to privacy laws), sensitive (non public salary information) or public; 3. The authorization process to permit access to the information and to terminate access when necessary; 4. The identification and minimization of risks and exposures; 5. The utilization of established procedures designed to protect information from unauthorized access or disclosure, whether accidental or intentional; 6. Communication of information protection procedures to authorized users; 7. Physical access to hard copy records, computers and other technologies 8. Providing procedural safeguards including backing up information for business 9. Evaluating security control procedures related to information in their custody. 15

16 File Sharing Policy File sharing applications allow users to download and share electronic files of all types and to use any computer as a server for file sharing requests. NCCU IT Security Training 16

17 H.R

18 18

19 Electronic Mail Policy This policy provides guidelines for the responsible and appropriate use of the North Carolina Central University's electronic mail ( ) and communication resources and services. NCCU IT Security Training 19

20 Responsible Use Policy Or called by the proper name: Responsible Use of University Computing and Electronic Communication Resources Policy Responsible use includes, but is not limited to, respecting the rights of other users, sustaining the integrity of systems and related physical resources, and complying with all relevant policies, laws, regulations, and contractual obligations. NCCU IT Security Training 20

21 Wireless and Network Policy This policy has been developed to ensure that North Carolina Central University (NCCU) community has a secure and reliable network with access and the performance needed to carry out the goals of the university as well as meet the needs of its constituents. NCCU IT Security Training 21

22 Server Policy Purpose of this policy is to define standards to be met by all servers owned and/or operated by North Carolina Central University (NCCU) on the Universitys network. NCCU IT Security Training 22

23 Software License Policy (Waiting approval by NCCU Board of Trustees) All University constituents must respect the rights of software developers and abide by copyright and other intellectual property laws. NCCU IT Security Training 23

24 NCCU Telephone and Cell Policy All University employees are prohibited from misusing University telephones and cellphones for personal calls. Misuse includes the use of office telephones and cell phones for personal long distance calls charged to departmental budgets and excess use of office telephones for local telephone calls. NCCU IT Security Training 24

25 NCCU IT Security Training Course Outline Introductions NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported 25

26 Copyright Laws of The United States of America Title 17 Circular 92 Copyright Law of the United States and Related Laws Contained in Title 17 of the United States Code October 2007 Contains: Table of Contents Chapter 11 – Sound Recordings and Music Videos Appendix A – The Copyright Act of 1976 Appendix B – The Digital Millennium Copyright Act of

27 Copyright Laws of The United States of America 27

28 Copyright Laws of The United States of America Chapter 11 – Sound Recordings and Music Videos § 1101 · Unauthorized fixation and trafficking in sound recordings and music videos Definition.As used in this section, the term traffic in means transport, transfer, or otherwise dispose of, to another, as consideration for anything of value, or make or obtain control of with intent to transport, transfer, or dispose of. 28

29 Copyright Laws of The United States of America Appendix A The Copyright Act of 1976 Title I – General Revision of Copyright Law Sec This Act does not provide copyright protection for any work that goes into the public domain before January 1, The exclusive rights, as provided by section 106 of title 17 as amended by the first section of this Act, to reproduce a work in phono- records and to distribute phono-records of the work, do not extend to any non-dramatic musical work copyrighted before July 1,

30 Copyright Laws of The United States of America Appendix A The Copyright Act of 1976 Title I – General Revision of Copyright Law Sec (a) The Librarian of Congress (hereinafter referred to as the Librarian) shall establish and maintain in the Library of Congress a library to be known as the American Television and Radio Archives (hereinafter referred to as the Archives). The purpose of the Archives shall be to preserve a permanent record of the television and radio programs which are the heritage of the people of the United States and to provide access to such programs to historians and scholars without encouraging or causing copyright infringement. 30

31 Copyright Laws of The United States of America Appendix B The Digital Millennium Copyright Act of 1998 Section 1 · Short Title. This Act may be cited as the Digital Millennium Copyright Act (DMCA). Title I WIPO Treaties Implementation Sec. 101 (World Intellectual Property Organization) Short Title. This title may be cited as the WIPO Copyright and Performances and Phonograms Treaties Implementation Act of

32 Copyright Laws of The United States of America Appendix B The Digital Millennium Copyright Act of 1998 Section 1 · Short Title. This Act may be cited as the Digital Millennium Copyright Act (DMCA). Title II Online Copyright Infringement Liability Limitation Sec. 201 · Short Title. This title may be cited as the Online Copyright Infringement Liability Limitation Act. 32

33 NCCU IT Security Training Course Outline Introductions NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported 33

34 NCCU IT Security Training Security Incidents – whom to call or how to report a security violation Reporting an incident via telephone: Call the Eagle Technical Assistance Center (ETAC) Extension X 7676 Call Steve Ornat IT Audit Compliance and Business Continuity Extension X

35 NCCU IT Security Training Security Incidents – whom to call or how to report a security violation Reporting an incident via Eagle Technical Assistance Center (ETAC) Steve Ornat IT Audit Compliance and Business Continuity 35

36 NCCU IT Security Training Security Incidents – whom to call or how to report a security violation Reporting an incident via the WEB: To be announced – Coming soon to the NCCU WEB page. 36

37 NCCU IT Security Training Course Outline Introductions NCCU Security Policies Copyright Laws of the United States Security Incidents – whom to call or a site for security incidents to be reported Documentation of NCCU ITS Employee Information CDVersion:

38 NCCU IT Security Training Table of Contents for: ITS Employee Information CD Version: File Description 1 - ITS Employee HandbookThe July 2008 version of the ITS employee Handbook 38

39 Todays Agenda Information Security in Higher Education NCCU Information Security Policies & Best Practices Banner Security Top 10 Reminders 39

40 Steps To Ensure User Account Security Every User should have his/her own assigned USERID Each User is accountable for transactions made with the assigned USERID Do not share you password If you feel your password has been compromised, request your password be reset. 40

41 Changing Banner Passwords Attempting to log into Banner more than twice unsuccessfully will cause your account to lock. Password must be at least 8 eight characters long Password must include at least 1 one number. 41

42 Avoid Special Characters Pound sign (#) Slash (/ ) Plus (+) Hyphen (- ) Ampersand (&) At-sign Dollar sign ($) Exclamation point (!) Comma (, ) Asterisk ( * ) Percent sign ( % ) 42

43 Banner Signatures Required for Access 43

44 Todays Agenda Information Security in Higher Education NCCU Information Security Policies & Best Practices Banner Security Top 10 Reminders 44

45 Top 10 Concerns / Reminders 45

46 Top 10 Information Security Reminders 10.Know University IS Policies & Procedures 9.NCCU is the official university provided system 8.Dont open SPAM – just delete 7.When you put your names on listservs and other distribution list outside the university – you are setting your self up for SPAM e- Mail – vendors sell their distribution list 46

47 Top 10 Information Security Reminders 6.Passwords should not be written on sticky notes placed on your computer or other locations within your office Passwords should not be your first initial, last name Passwords should be a minimum of 8-characters Passwords should be changed minimum every 60-days Do not share passwords with Admin Assistants or Workaid Students 5.Phishing s – ITS will NEVER ask for any personal information (userID, passwords, etc.) via (watch out for s that appear to come from someone on campus asking for personal info) 47

48 Top 10 Information Security Reminders 4.All units should have a SHREDDER – no personal or student information should ever be dropped in the garbage (same practice at home). 3.Access to University data is provided to University employees for the conduct of University business only. Faculty and staff must follow data privacy laws (FERPA). 2.Do not share Banner Passwords or Account Information. Follow Banner Data Standards when putting data into Banner. 48

49 Top 10 Information Security Reminders 1.Be conscious of Information Security concerns and report any incidents immediately: Banner employee access should be terminated if an employee job changes Laptops – passwords & security tracking software installed Memory sticks / thumb drives (sensitive data) Blackberries / Cellphones 49

50 NCCU IT Security Training In closing Keep the intellectual and private information of North Carolina Central University the private and intellectual property of North Carolina Central University Here to Serve 50

51 NCCU IT Security Training And remember! There may be a Pop Quiz soon! Steve Ornat Extension X

52 52 Thank you! QUESTIONS


Download ppt "Company LOGO Creating a Security Risk-Aware Culture at NCCU Information Technology Services North Carolina Central University September 2008 1."

Similar presentations


Ads by Google