Presentation on theme: "Computer Based Training Program"— Presentation transcript:
1Computer Based Training Program C B TTherainingTPostAn EducationalComputer Based Training Program
2UTPA Information Security Awareness Course General Information Security TrainingThe University of Texas - Pan AmericanInformation Security Office
3Information Security Awareness Training Objectives How UTPA protects its systems, data, and researchAcceptable use of UTPA Information Technology resourcesRecognition of different types of sensitive informationAccess control and how to ensure login credentials are secureStaying safe while visiting the World Wide WebHeighten awareness of physical security measures and illustrate the value of backing up workEvaluate what can be done to increase workstation security
4UTPA User Acknowledgement Please be aware that by viewing this presentation, you agree to follow UTPA’s policies and requirements regarding the use and protection of state resources.
5UTPA User Acknowledgement, cont. UTPA HOP – Policy for the Use and Protection of Information ResourcesUTPA HOP – Computer and Information Technology Use PolicyUTPA HOP – Server Management PolicyUTS165 – Information Resources Use and Security Policy
7How does UTPA protect its systems? Spam Filter forFirewallsIntrusion detection (from outside the UTPA campus)24-7 Network monitoringAnti-virus software for servers, workstations and
8Main Goals of I.T. Security Confidentiality – the requirement that sensitive information is protected from unauthorized disclosureAvailability – automated systems are available when needed
9Main Goals of I.T. Security (cont.) Integrity – electronic information that is not corruptedAuthenticity - the ability to verify that data has not changed in transitNon-repudiation – the origin and receipt of a message can be verifiedAccountability – the actions of a person can be traced to that individual
10What Can You Do to Help?Follow the technical, personnel, administrative, and telecommunication safeguards for computer systems you use.Follow the UTPA and UT-System information resource policies.Report computer incidents or any incidents of suspected fraud, waste, or misuse.Obtain a Verisign Digital Certificate by contacting the I.T. Help DeskAllows an sender to use a “digital signature” to verify their identity in as well as encrypt messages deemed “security sensitive”
11Where can you find more information? The UTPA Information Technology web page (http://www.utpa.edu/it)
13Using I.T. Resources Why do we have rules? Knowledgeable users are the foundation of a successful security program.People behave best when they know their responsibilities and boundaries.
14Using I.T. ResourcesThe UTPA general rules for the staff use of I.T. resourcesLimit personal use on the Internet, as it is primarily for business purposesBe careful when navigating to sites of unknown securityBe aware that sensitive information can be intercepted on the Internet and over unless encrypted.No downloading of videos, music, or other software that uses large amounts of network resources and that can be subject to copyright laws
15Questions to ask before opening suspicious E-mail attachments Is the subject line strange?Do I recognize the sender?Is it work-related?Does the filename and/or extension seem to be suspicious?Was I expecting an attachment in the reply?Does the received message ask for personal data?If you’re still in doubt, DO NOT OPEN!
16UTPA Acceptable Use Policy with regards to personal use of equipment UTPA policy does allow for limited personal use if…The use is incidental and does not interfere with staff productivity or operationsIt’s not used to potentially embarrass UTPAIt does not compromise UTPA systems or security safeguardsIt does not violate applicable laws or UTPA policies
18Internet Safety What can Internet intruders do? infect machines steal informationTurn your machine into a zombie to launch attacks on other machines and networksCan deface UTPA’s websites, bring and Internet services to a crawl, disrupt operations, and cause financial and productive chaosThey can also learn about YOU
19Internet Safety Where do intruders come from? Teenage pranksters Hackers (both foreign and domestic)Disgruntled former employeesTerrorists and/or criminalsForeign intelligence agentsSpyware
20Internet Safety What to do to reduce your machine’s vulnerability Scan machine for viruses and other malware on a regular basisAvoid Phishing scams in and on InternetPhishing – term coined by hackers who imitate legitimate companies in s to entice people to share personal information. Do not provide personal information, such as passwords, credit card numbers or any data that can be used to grant access to your information, in reply to an message.Use good judgment when visiting websites and opening messages from people you don’t know
21Internet Safety, cont.What to do to reduce your machine’s vulnerabilityKeep your machine up to date with any patches and critical updates that are released with regards to new and existing vulnerabilitiesContact the UTPA Help Desk to have your computer centrally managed… all essential updates and antivirus definitions will be automatically pushed out to your machine
22Section 4: Office, Personal, and Workstation Basics
23Office Considerations As you look at the entrance to your office, ask yourself:Is it easy for people to walk up and get access to my workstation?Is my paperwork hidden from view or easily accessible to anyone that walks in?Is the fax machine access limited only to UTPA employees and are the printouts picked up in a timely manner?Do we shred documents regularly?
24Office ConsiderationWhen leaving the office at the end of the day, ask yourself:Do I log off and shut down when leaving for the day?Do I regularly back-up important files in case my computer crashes and isn’t recoverable?Is my laptop locked away or secured with a security cable to prevent theft?Do I lock my door when I leave the office?Is my screensaver set to activate after 5 or 10 minutes of inactivity?
25Password BasicsOne of the most effective ways to protect access to a computer system is password protection.Unfortunately, people often create weak passwords. A name, a pet’s name, a dictionary word… all can be guessed, generally within seconds.Take time to create a strong password.Strong password: Consists of at least 10 characters (uppercase and lowercase letters, numbers, and any of the following special characters:!#%^*()-=+/;:,.`~Example: tolmerr12!Never post or share your password, or store it in your workstation. Memorize it and do not have it written down where it can be compromised.Change it frequently.
26Workstation Basics Final housekeeping advice: Periodically clean up your workstation by deleting files you no longer need. They take up space and use network resources unnecessarily.Dispose of old disks and workstations by contacting the I.T. Help x2020.Clear out your Internet browser cache on a regular basis.
28Access Controls What do access controls do? Keeps out unauthorized users and limit what authorized uses can do.Helps stop people with various motives from reading, copying, stealing, deleting, disclosing, or modifying sensitive information.Also helps prevent access that is above and beyond a person’s span of authority.
29Access ControlsUnderstanding your access responsibility is important because you play a significant role in preventing unauthorized access. So that everyone understands what it means to use State Agency computers, UTPA uses a Warning Banner that appears when you logon.
30Access controls The Warning Banner tells you that: State Agency computers are to be used by authorized users for authorized purposes only.Failure to follow this restriction can lead to disciplinary action, which can include criminal prosecution.You could be monitored at any time.You should have no expectation of privacy.
32Sensitive DataOne may think that is a secure medium in which to send sensitive data, but the reality is, it’s not. Because it’s clear text, a person monitoring the network can see the message going across and easily steal the information it contains.
33Sensitive Data Portable Devices Storing sensitive data on portable devices must be approved by both the Data Owner and Supervisor before an individual can place any sensitive data on a portable device… if approval is given, the device MUST BE encrypted.
34What is considered sensitive data? Credit Card NumbersSocial Security NumbersDriver’s License NumbersAutomatic Clearing House information (i.e., bank account numbers)Certificate/License NumbersCredit Reports/HistoriesElectronic SignaturesPasswordsPIN NumbersFERPA and or HIPAA protected information would also be included.
35Sensitive Data As per UTS 165: “Except in those instances in which an Entity is legally required to collect a social security number, an individual shall not be required to disclose his or her social security number, nor shall the individual be denied access to the services at issue if the individual refuses to disclose his or her social security number”
36Sensitive DataWhat can you do to make sure sensitive data is kept safe?Do not send it over . If you absolutely must send sensitive data via , it’s recommended that you obtain a Verisign Digital ID by contacting the I.T. Help Desk.The Digital ID allows the sender to use encryption to keep the information secure… however, the receiver must also have a Digital ID for the encryption to be successful.Encryption is a way of coding the information in a file or message so that if it is intercepted by a third party as it travels over a network it cannot be read. Only the persons sending and receiving the information have the key and this makes it unreadable to anyone except the intended persons.
37Sensitive Data, cont.What can you do to make sure sensitive data is safe?Do not place any sensitive data on any publicly accessible medium, including web servers, FTP servers, or public shares.Keep your workstation secure, and shred any documents that contain sensitive data on a regular basis. Also, make sure to properly dispose of any media (CDs, floppy disks, flash drives, ZIP drives) that contains sensitive data by contacting Environmental Health and Safety.If you absolutely have to deal with sensitive data, please contact the Help Desk for encryption software for your workstation.
38Sensitive Data For further information: UT System Security Bulletin on Encrypting and Storing Sensitive DataTAC 202 – Information Security StandardsUTS 165 (UT System Information Resources Use and Security Policy)UTPA HOP (Privacy and Security of Personal Information)
40Test Your KnowledgeFollowing are several questions to test your knowledge of the information presented.Answer all questions correctly to receive credit for the training.
41Question #1 Which of the following is TRUE? Access controls keep out unauthorized users andlimit what authorized users can do.One of the most effective ways to protect access to a computersystem is password protection.Both of the above statements are true.
57The University of Texas - Pan American Information Security Office Congratulations… you have completed your training for Information Security Awareness.General Information Security TrainingThe University of Texas - Pan AmericanInformation Security Office
58An Educational Computer Based Training Program C B TTheEndThe Training PostAn Educational Computer Based Training Program