Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome to New Hire Orientation Information Security

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Welcome to New Hire Orientation Information Security"— Presentation transcript:

1 Welcome to New Hire Orientation Information Security

2 Information Security Awareness Training
Welcome Why is this important… Identity theft is the #1 fastest growing crime in the (world) Many of us has (direct or indirect) access to sensitive data. Custodians, data entry people, call center employees, HR, IT, Healthcare. UMMS Information Security CWM Office of Compliance & Review

3 What is Information Security?
Info Sec is the protection of data in all forms Electronic files Static files Database files Paper documents Printed materials Hand written notes Photographs Recordings Video recordings Audio recordings Conversations Telephone Cell phone Face to face Messages Fax Video Instant messages Paper messages Whether or not an employee uses a computer in their job, We must consider that sensitive data can be found in many forms -Above List- Papers printed and left on the train Face-to-face conversations, FAX, telephone calls… Visible computer monitors with sensitive data can cause a reportable breach, and worse – the school may not even know it happened, much less – respond to it.

4 Why is this Important? A data breach could result in:
Requirement to report the loss HIPAA, FERPA, MGL c.93H, PCI, SOX, others Civil and criminal penalties Damage to organizational reputation Loss of revenue Individual accountability Potential impacts of breach HIPAA fee structure $50k per record up to $1.5M $10k per record up to $250k for repeat violations $100 per record up to $25k for repeat violations Criminal, Civil fines, Organizational reputation, Lost revenue (unlike TJX), Individual accountability

5 Isn’t this just a technical problem?
Technology defenses comprise roughly 15% of our controls Technical controls often cannot compensate for user’s behavior Cyber-criminals focus on users as a weak link in security Having a security-aware workforce is a requirement in today’s threat landscape Technology continues to keep out most “legacy” threats, (viruses, etc.) and many new ones. Users who click on SPAM or who visit infected web sites invite malware inside our network perimeter Getting users to click on the “bad things” is the focus of cyber criminals. These are organized criminal syndicates. Knowing not to click on XYZ is today’s best defense.

6 What are the risks? Evolving “Threat Landscape”
Older attacks targeted infrastructure Modern attacks target users Nature of threat landscape Over 90% of Cyber thieves are affiliated with organized crime Their sophistication rivals those of commercial software vendors Methods of infection Cyber thieves attack high-volume web sites Computers that visit the site become infected -borne ‘malware’ Infected machine “phones home” to say I’m infected Use the infected computer to strengthen their hold on the organization “Attacks” used to consist of mostly harmless, but annoying website defacements and viruses. These attacks were obvious and relatively unsophisticated. Today’s attacks are quiet, below the radar, and impactful. 90% are perpetrated by organized crime, and cross multiple international jurisdictions, typically those that do not have good diplomatic relations. Methods of infection: “Poisoned web site”, borne “badness”, each gives the attackers a ‘toe-hold’ on the target. Amateurs target systems, Professionals target users --Kevin Mitnick

7 What can I do? Become aware of cyber threats
Understand that YOU are often the front line of defense against cyber threats Understand data sensitivity and how to manage data appropriately Safeguard information that is entrusted to you Report suspected InfoSec incidents Develop awareness of these problems Understand that YOUR computer habits can either invite or discourage “badness” Understand the sensitivity of data that is entrusted to you, and know how to handle it. Report suspected incidents…

8 Security Resources On-line security awareness course:
UMMS IS Help Desk CWM Office of Compliance and Review Security Resources Awareness Course (UMMS)

Download ppt "Welcome to New Hire Orientation Information Security"

Similar presentations

Internet Safety and Cyber Bullying All info came from www.kidshealth.orgwww.kids.

Internet Safety and Cyber Bullying All info came from
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Welcome to Our Emergency Department Some reminders about Patient Confidentiality and Trust.

Welcome to Our Emergency Department Some reminders about Patient Confidentiality and Trust.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Health information security & compliance

Health information security & compliance
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.
Information Security Awareness Training

Information Security Awareness Training
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Local Company Est 1996. 50 Employees. Ex Police. Crime Prevention. CID & Drug Squad. Special Branch. Extensive Training & Experience in Preventing & Detecting.

Local Company Est Employees. Ex Police. Crime Prevention. CID & Drug Squad. Special Branch. Extensive Training & Experience in Preventing & Detecting.

Similar presentations

Ads by Google