Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidential Information Services UMMS Information Security Office Information Security Awareness Training.

Similar presentations

Presentation on theme: "Confidential Information Services UMMS Information Security Office Information Security Awareness Training."— Presentation transcript:

1 Confidential Information Services UMMS Information Security Office Information Security Awareness Training

2 Confidential Information Services What is Information Security? InfoSec is the protection of data in all forms Electronic files Static files Database files Paper documents Printed materials Hand written notes Photographs Recordings Video recordings Audio recordings Conversations Telephone Cell phone Face to face Messages Email Fax Video Instant messages Paper messages

3 Confidential Information Services Why is this Important? A data breach could result in: –Requirement to report the loss HIPAA, FERPA, MGL c.93H, PCI, SOX, others –Civil and criminal penalties –Damage to organizational reputation –Loss of revenue –Individual accountability

4 Confidential Information Services Isn’t this just a technical problem? Technology defenses comprise roughly 15% of our controls Technical controls often cannot compensate for user’s behavior Cyber-criminals focus on users as a weak link in security Having a security-aware workforce is a requirement in today’s threat landscape

5 Confidential Information Services What are the risks? Evolving “Threat Landscape” Older attacks targeted infrastructure Modern attacks target users Nature of threat landscape Over 90% of Cyber thieves are affiliated with organized crime Their sophistication rivals those of commercial software vendors Methods of infection Cyber thieves attack high-volume web sites Computers that visit the site become infected Email-borne ‘malware’ Infected machine “phones home” to say I’m infected Use the infected computer to strengthen their hold on the organization

6 Confidential Information Services Social Engineering and Top Techniques Social engineering is: “the art of manipulating people into performing actions or divulging confidential information”. E.G. Reply now in order to keep your email account from being deleted Did you see this video of YOU? Check out this link! Click here to see a message from your secret admirer. You’ve won the big sweepstakes! Click here to claim your prize. Can you hold the door for me? I don’t have my access card. Hi, I’m the rep from the copier company and I’m here to see Jeff. “APTs” Amateurs target systems -Professionals target people -Kevin Mitnick

7 Confidential Information Services An Honest Mistake To work at home you copy sensitive information onto a handy USB flash drive. You lose your flash drive. The data which you took from your secure work computer is now possibly in the hands of someone who can use it inappropriately. The likelihood of this scenario is increasing as the use of convenient plug and play devices like USB flash drives becomes more common.

8 Confidential Information Services What can I do? Become aware of cyber threats Understand that YOU are often the front line of defense against cyber threats Select a strong password, and never share it!! Remain guarded when working with data, email, WWW Understand data sensitivity and how to manage data appropriately Safeguard information that is entrusted to you Report suspected InfoSec incidents (UMass Help Desk, 508-856-UMHD)

9 Confidential Information Services Security Resources UMMS IS Help Desk 508-856-8643 Look for our IT Security postings on UMass Security Policy: 12%20University%20Information%20Security%20Policy.pdf 12%20University%20Information%20Security%20Policy.pdf Take the MSISAC Cyber Security Pledge: Daily tip:

10 Confidential Information Services FIN Welcome to UMMS! –Discussion

Download ppt "Confidential Information Services UMMS Information Security Office Information Security Awareness Training."

Similar presentations

Ads by Google