Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences.

Similar presentations


Presentation on theme: "Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences."— Presentation transcript:

1 Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences Center Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences Center Information Security: New Employee Orientation

2 Information Security: Outcome Statement At the conclusion of this presentation you should be able to: 1.Define Information Security 2.Identify threats 3.State safe practices 4.Know where to report an incident 1.Define Information Security 2.Identify threats 3.State safe practices 4.Know where to report an incident

3 Information Security: What is it? Why? Information Security is: Protection of information from threatsProtection of information from threats Goals of Information Security: Ensure Business ContinuityEnsure Business Continuity Minimize RiskMinimize Risk Maximize Return on InvestmentMaximize Return on Investment

4 Information Security: Three Tenants Confidentiality Information is disclosed only to those authorized Confidentiality Information is disclosed only to those authorized Availability Information is accessible when requiredAvailability Information is accessible when required Integrity Information is accurate, authentic, complete and reliable.Integrity Information is accurate, authentic, complete and reliable. The right data to the right people at the right time at the right time

5 Information Security: What does it Protect… Patient InformationPatient Information Personal Identifiable InformationPersonal Identifiable Information Our IdentityOur Identity Our reputationOur reputation

6 Information Security: Threats Malware Malware Viruses Viruses Worms Worms Spyware Spyware Trojans Trojans Social Engineering Social Engineering Phishing Phishing Spear Phishing Spear Phishing Spam Spam

7 Information Security: Threat 89% of traffic contains viruses, phishing schemes, or is SPAM89% of traffic contains viruses, phishing schemes, or is SPAM 27,735,000 malicious s blocked from delivery to OUHSC in a month27,735,000 malicious s blocked from delivery to OUHSC in a month

8 Information Security: Safe Practices for Do not open unsolicited or attachmentsDo not open unsolicited or attachments Do not reply to SPAMDo not reply to SPAM Do not use your OUHSC address in online forms and questionnaires unless it becomes necessary for University related businessDo not use your OUHSC address in online forms and questionnaires unless it becomes necessary for University related business Place a confidentiality notice in your signature blockPlace a confidentiality notice in your signature block

9 Information Security: Malicious Software threat Malicious software downloads from the webMalicious software downloads from the web –Spyware –Trojan Horse –Key Loggers 1 in 10 web sites attempt to download software without permission1 in 10 web sites attempt to download software without permission

10 Information Security: Safe Practices for the Internet Set higher security settings in your browserSet higher security settings in your browser Do not install add-ons to your browser (Google tool bar, Comet Curser, Gator, HotBar, etc.)Do not install add-ons to your browser (Google tool bar, Comet Curser, Gator, HotBar, etc.) Avoid Game Sites and sites that require you to fill out online formsAvoid Game Sites and sites that require you to fill out online forms Install a spyware removal toolInstall a spyware removal tool Always remember that your computer is a business toolAlways remember that your computer is a business tool

11 Information Security: Employee Responsibilities Use resources appropriately Use resources appropriately Protect your user-id and system Protect your user-id and system Only access information that pertains to your job function Only access information that pertains to your job function Policies, Procedures, local, state and federal laws Policies, Procedures, local, state and federal laws Be responsible Be responsible

12 Information Security: Password Management Protect It! Memorize It! Protect It! Memorize It! Use Strong Passwords Use Strong Passwords At least 8 characters At least 8 characters No personal information No personal information No dictionary words No dictionary words Use 3 of 4 character types Use 3 of 4 character types Upper case letters Upper case letters Lower case letters Lower case letters Numbers Numbers Special Characters Special Characters

13 Information Security: Password Management Create Passphrases Make it memorable Make it memorable Use a secret code Use a secret codeExamples: I like to play basketball at 6:30 LMissMs04t: Little Miss Muffet sat on a tuffet made up phrase

14 Information Security: Regulatory Compliance HIPAA – Healthcare Insurance Portability and Accountability Act HIPAA – Healthcare Insurance Portability and Accountability Act Protected Health Information PHI Protected Health Information PHI PCI DSS – Payment Card Industry Data Security StandardsPCI DSS – Payment Card Industry Data Security Standards Protects cardholder data Protects cardholder data GLBA – Gramm-Leach-Bliley Act GLBA – Gramm-Leach-Bliley Act Protects consumers personal financial information Protects consumers personal financial information

15 Information Security: Safe Practice- Follow Policies Follow policies to help protect your dataFollow policies to help protect your data Its the LAWIts the LAW See

16 Information Security: Incident Response Types of Incidents Types of Incidents Suspicious (spam or phishing attacks)Suspicious (spam or phishing attacks) Viruses (usually via ) Viruses (usually via ) Sharing of authentication (passwords or privileges) Sharing of authentication (passwords or privileges) Attempts to gain unauthorized access Attempts to gain unauthorized access Unauthorized modifications of files and records Unauthorized modifications of files and records Attaching unapproved devices to the network Attaching unapproved devices to the network Abuse of authority or privilege Abuse of authority or privilege Theft Theft

17 Information Security: Incident Response How to report an Incident How to report an Incident Information Security Services should be notified immediately of an information security incident. Information Security Services should be notified immediately of an information security incident. Information Security Incidents can be reported in the following methods: Information Security Incidents can be reported in the following methods: Contact the Service Desk at Contact the Service Desk at Contact the Information Security Services office at Contact the Information Security Services office at Website: Website:

18 Information Security: Safe practices summary –Antivirus updates (daily) –Security patches (monthly) –Data backups (daily) –Browser security settings –Avoid unknown software from the Internet –Personal Firewall protection installed – caution –Report suspicious activity

19 Information Security: Stay Safe Online Information Security Information Security Free Anti-Virus and Anti-Spyware Tools Free Anti-Virus and Anti-Spyware Tools Online Safety Online Safety Identity Theft Identity Theft

20 Information Security: Quiz Quiz Time… What is Information Security? 1. What is Information Security? The protection of information from threats

21 Information Security: Quiz Quiz Time… I have a responsibility to protect what two aspects of information security at OUHSC? 2. I have a responsibility to protect what two aspects of information security at OUHSC? a.Confidentiality and Integrity b.Confidentiality and Availability c.Integrity and Availability d.I am not responsible for information security at OUHSC

22 Information Security: Quiz Quiz Time… When I receive an with an attachment from someone I do not know, I should… 3. When I receive an with an attachment from someone I do not know, I should… a.Open it immediately to find out what it says b. Forward it to my friends and family c.Just delete it d.Unsubscribe

23 Information Security: Quiz Quiz Time… How do I report an incident? 4. How do I report an incident? a.Contact the Service Desk b.Contact Information Security c.Go to Website: d.All of the above

24 Information Security: Quiz Quiz Time… 5. What is the best way to remember your password? a.Write it down and hide it under the keyboard b.Share it with a coworker so he/she can help when you forget it c.Memorize it d.Create a simple password, like abc123

25 Information Security: Quiz Quiz Time… Bonus What are the characteristics of a complex password?

26 Information Security: Thank You


Download ppt "Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences."

Similar presentations


Ads by Google