Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences.

Published byRiley Starman Modified over 10 years ago

Similar presentations

Presentation on theme: "Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences."— Presentation transcript:

1 Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences Center Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences Center Information Security: New Employee Orientation

2 Information Security: Outcome Statement At the conclusion of this presentation you should be able to: 1.Define Information Security 2.Identify threats 3.State safe practices 4.Know where to report an incident 1.Define Information Security 2.Identify threats 3.State safe practices 4.Know where to report an incident

3 Information Security: What is it? Why? Information Security is: Protection of information from threatsProtection of information from threats Goals of Information Security: Ensure Business ContinuityEnsure Business Continuity Minimize RiskMinimize Risk Maximize Return on InvestmentMaximize Return on Investment

4 Information Security: Three Tenants Confidentiality Information is disclosed only to those authorized Confidentiality Information is disclosed only to those authorized Availability Information is accessible when requiredAvailability Information is accessible when required Integrity Information is accurate, authentic, complete and reliable.Integrity Information is accurate, authentic, complete and reliable. The right data to the right people at the right time at the right time

5 Information Security: What does it Protect… Patient InformationPatient Information Personal Identifiable InformationPersonal Identifiable Information Our IdentityOur Identity Our reputationOur reputation

6 Information Security: Threats Malware Malware Viruses Viruses Worms Worms Spyware Spyware Trojans Trojans Social Engineering Social Engineering Phishing Phishing Spear Phishing Spear Phishing Spam Spam

7 Information Security: E-mail Threat 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM89% of e-mail traffic contains viruses, phishing schemes, or is SPAM 27,735,000 malicious e-mails blocked from delivery to OUHSC in a month27,735,000 malicious e-mails blocked from delivery to OUHSC in a month

8 Information Security: Safe Practices for E-mail Do not open unsolicited email or attachmentsDo not open unsolicited email or attachments Do not reply to SPAMDo not reply to SPAM Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related businessDo not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business Place a confidentiality notice in your signature blockPlace a confidentiality notice in your signature block

9 Information Security: Malicious Software threat Malicious software downloads from the webMalicious software downloads from the web –Spyware –Trojan Horse –Key Loggers 1 in 10 web sites attempt to download software without permission1 in 10 web sites attempt to download software without permission

10 Information Security: Safe Practices for the Internet Set higher security settings in your browserSet higher security settings in your browser Do not install add-ons to your browser (Google tool bar, Comet Curser, Gator, HotBar, etc.)Do not install add-ons to your browser (Google tool bar, Comet Curser, Gator, HotBar, etc.) Avoid Game Sites and sites that require you to fill out online formsAvoid Game Sites and sites that require you to fill out online forms Install a spyware removal toolInstall a spyware removal tool Always remember that your computer is a business toolAlways remember that your computer is a business tool

11 Information Security: Employee Responsibilities Use resources appropriately Use resources appropriately Protect your user-id and system Protect your user-id and system Only access information that pertains to your job function Only access information that pertains to your job function Policies, Procedures, local, state and federal laws Policies, Procedures, local, state and federal laws Be responsible Be responsible

12 Information Security: Password Management Protect It! Memorize It! Protect It! Memorize It! Use Strong Passwords Use Strong Passwords At least 8 characters At least 8 characters No personal information No personal information No dictionary words No dictionary words Use 3 of 4 character types Use 3 of 4 character types Upper case letters Upper case letters Lower case letters Lower case letters Numbers Numbers Special Characters (!@#$%^&*) Special Characters (!@#$%^&*)

13 Information Security: Password Management Create Passphrases Make it memorable Make it memorable Use a secret code Use a secret codeExamples: il2pBB@6:30: I like to play basketball at 6:30 LMissMs04t: Little Miss Muffet sat on a tuffet RedPensTalk2WhiteG@tors: made up phrase

14 Information Security: Regulatory Compliance HIPAA – Healthcare Insurance Portability and Accountability Act HIPAA – Healthcare Insurance Portability and Accountability Act Protected Health Information PHI Protected Health Information PHI PCI DSS – Payment Card Industry Data Security StandardsPCI DSS – Payment Card Industry Data Security Standards Protects cardholder data Protects cardholder data GLBA – Gramm-Leach-Bliley Act GLBA – Gramm-Leach-Bliley Act Protects consumers personal financial information Protects consumers personal financial information

15 Information Security: Safe Practice- Follow Policies Follow policies to help protect your dataFollow policies to help protect your data Its the LAWIts the LAW See http://it.ouhsc.edu/policies/See http://it.ouhsc.edu/policies/http://it.ouhsc.edu/policies/

16 Information Security: Incident Response Types of Incidents Types of Incidents Suspicious email (spam or phishing attacks)Suspicious email (spam or phishing attacks) Viruses (usually via email) Viruses (usually via email) Sharing of authentication (passwords or privileges) Sharing of authentication (passwords or privileges) Attempts to gain unauthorized access Attempts to gain unauthorized access Unauthorized modifications of files and records Unauthorized modifications of files and records Attaching unapproved devices to the network Attaching unapproved devices to the network Abuse of authority or privilege Abuse of authority or privilege Theft Theft

17 Information Security: Incident Response How to report an Incident How to report an Incident Information Security Services should be notified immediately of an information security incident. Information Security Services should be notified immediately of an information security incident. Information Security Incidents can be reported in the following methods: Information Security Incidents can be reported in the following methods: Contact the Service Desk at 405.271.2203 Contact the Service Desk at 405.271.2203 Email: servicedesk@ouhsc.edu Email: servicedesk@ouhsc.eduservicedesk@ouhsc.edu Contact the Information Security Services office at 405.271.2476 Contact the Information Security Services office at 405.271.2476 Email: itsecurity@ouhsc.edu Email: itsecurity@ouhsc.eduitsecurity@ouhsc.edu Website: http://it.ouhsc.edu/services/infosecurity/ Website: http://it.ouhsc.edu/services/infosecurity/http://it.ouhsc.edu/services/infosecurity/

18 Information Security: Safe practices summary –Antivirus updates (daily) –Security patches (monthly) –Data backups (daily) –Browser security settings –Avoid unknown software from the Internet –Personal Firewall protection installed –Email caution –Report suspicious activity

19 Information Security: Stay Safe Online Information Security Information Security http://www.sans.org http://www.sans.org http://www.sans.org http://www.sans.org http://www.sans.org/tip_of_the_day.php http://www.sans.org/tip_of_the_day.php http://www.sans.org/tip_of_the_day.php http://www.sans.org/tip_of_the_day.php http://www.microsoft.com/protect/yourself/password/checker.mspx http://www.microsoft.com/protect/yourself/password/checker.mspx http://www.microsoft.com/protect/yourself/password/checker.mspx http://www.microsoft.com/protect/yourself/password/checker.mspx Free Anti-Virus and Anti-Spyware Tools Free Anti-Virus and Anti-Spyware Tools http://free.grisoft.com http://free.grisoft.comhttp://free.grisoft.com http://www.comodo.com http://www.comodo.com http://www.comodo.com http://www.comodo.com http://www.safer-networking.org/en/index.html http://www.safer-networking.org/en/index.html http://www.safer-networking.org/en/index.html http://www.safer-networking.org/en/index.html Online Safety Online Safety http://www.staysafeonline.org http://www.staysafeonline.orghttp://www.staysafeonline.org Identity Theft Identity Theft http://www.privacyrights.org http://www.privacyrights.orghttp://www.privacyrights.org http://www.usdoj.gov/criminal/fraud/websites/idtheft.html http://www.usdoj.gov/criminal/fraud/websites/idtheft.html http://www.usdoj.gov/criminal/fraud/websites/idtheft.html http://www.usdoj.gov/criminal/fraud/websites/idtheft.html

20 Information Security: Quiz Quiz Time… What is Information Security? 1. What is Information Security? The protection of information from threats

21 Information Security: Quiz Quiz Time… I have a responsibility to protect what two aspects of information security at OUHSC? 2. I have a responsibility to protect what two aspects of information security at OUHSC? a.Confidentiality and Integrity b.Confidentiality and Availability c.Integrity and Availability d.I am not responsible for information security at OUHSC

22 Information Security: Quiz Quiz Time… When I receive an email with an attachment from someone I do not know, I should… 3. When I receive an email with an attachment from someone I do not know, I should… a.Open it immediately to find out what it says b. Forward it to my friends and family c.Just delete it d.Unsubscribe

23 Information Security: Quiz Quiz Time… How do I report an incident? 4. How do I report an incident? a.Contact the Service Desk b.Contact Information Security c.Go to Website: http://it.ouhsc.edu/services/infosecurity/ http://it.ouhsc.edu/services/infosecurity/ d.All of the above

24 Information Security: Quiz Quiz Time… 5. What is the best way to remember your password? a.Write it down and hide it under the keyboard b.Share it with a coworker so he/she can help when you forget it c.Memorize it d.Create a simple password, like abc123

25 Information Security: Quiz Quiz Time… Bonus What are the characteristics of a complex password?

26 Information Security: Thank You

Download ppt "Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Nathan J. Gibson, CISSP-CISM-CCNA-MCSA. Virus Trojans Worms Spyware BotNets Social Engineering Thieves Hackers Sexual predators Harassers.

Nathan J. Gibson, CISSP-CISM-CCNA-MCSA. Virus Trojans Worms Spyware BotNets Social Engineering Thieves Hackers Sexual predators Harassers.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Security at Home www.staysafe.org The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues.

Security at Home The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues.
What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via

What is Bad ? Spam, Phishing, Scam, Hoax and Malware distributed via
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Security Issues: Phishing, Pharming, and Spam

Security Issues: Phishing, Pharming, and Spam
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.

Similar presentations

Ads by Google