Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Awareness Training

Published byOsborne Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "General Awareness Training"— Presentation transcript:

1 General Awareness Training
* 07/16/96 General Awareness Training Security Awareness Module 2 What is a Security Incident? How Vulnerable am I? *

2 What is a Security Incident?
Computer or Network based activity which results (or may result) in: IDENTITY THEFT Additional Information PERSONAL LITIGATION TOWARD YOU Additional Information LOSS OF SENSITIVE DATA OR APPLICATIONS Additional Information USE OF YOUR COMPUTER TO COMMIT A CRIME Additional Information USE OF YOUR COMPUTER TO COMMIT MISCHIEF Additional Information LOSS OF DATA CONFIDENCE Additional Information UNABLE TO USE YOUR COMPUTER Additional Information LOST WORK TIME Additional Information

3 How vulnerable am I? Extremely likely unless your computer is properly protected and secured.

4 How vulnerable am I? IDENTITY THEFT
Use of personal information to commit fraud Use of your computer to commit mischief, misdemeanor crimes, or felony crimes Can be physical access or network access to your computer Lack of “due diligence” makes you responsible Use of your computer accounts to commit mischief, misdemeanor crimes, felony crimes Theft of your information (data) and used by others or merging of copyright material with your information Return What can you do to minimize the threat of identity theft? Additional Information

5 Personal Actions to Mitigate Identify Theft
Perform Vulnerability Assessment Minimize Computer Service Available Install and maintain anti-virus, spyware and firewall software Implement system and security logs and review daily Use patch management software to maintain operating system Establish STRONG passwords and change them frequently Encrypt all sensitive data stored on system Encrypt all sensitive data transfers Return

6 How Vulnerable am I? PERSONAL LITIGATION TOWARD YOU
If your identity (computer or accounts) is used in the commission of a crime, you are directly responsible If your computer or accounts are “owned” by the University and therefore, the State of Texas, the crime also involves the use of state property If your computer accesses another computer without permission it is a felony. If you change information on someone else’s computer without permission, it is a felony The University network is state property. Illegal access to the UH network is a felony The legal defense and costs for a security breach is your responsibility Return What can you do to mitigate potential litigation towards you Additional Information

7 Personal Actions to Mitigate Litigation Towards YOU
Understand principle of “Due Diligence” Assume separation of function across business functions Establish and review access controls frequently to application and data Document machine processes and procedures Assume viable backup and recovery Comply with Federal, State and Institutional requirements Return

8 How Vulnerable am I? LOSS OF SENSITIVE DATA OR APPLICATIONS
It is the data application owner’s responsibility legally to protect sensitive data or applications If sensitive data or applications are inadvertently or intentionally altered or stolen it is the owner’s responsibility to notify affected parties and remediate the damage Classification of data is the owner’s responsibility Backup/Recovery and availability of data and applications are the owner’s responsibility Return What can you do to prevent loss of sensitive data or applications Additional Information

9 Protect against loss of Sensitive Data or Applications
Document Data and Application classification in accordance with University of Houston policies Establish and frequently review Compliance with Federal, State and Institutional policies Access logs for sensitive data or application Business Continuity Plan for system recovery Encryption of sensitive data Return

10 How Vulnerable am I? USE OF YOUR COMPUTER TO COMMIT A CRIME
The user of the computer is directly responsible for the consequences of using the computer. Criminal defense and liability are the user’s responsibility Data and application owners of a computer used in security incident are responsible for adhering to the applicable university policies, state and federal laws Return What you can do to prevent use of your computer to commit a crime Additional Information

11 Personal Actions to reduce exposure of your computer to commit a crime
Assure completion of actions resulting from system vulnerability assessment Assure completion of actions resulting from system compliance assessment Analyze system logs daily and report suspicious activity to system administrator Review changes to system configuration Return

12 How Vulnerable am I? USE OF YOUR COMPUTER TO COMMIT MISCHIEF
Use of a computer or account for the purpose of mischief is usually not classified as a crime but can result in many wasted hours of staff time SPAM is a good example of mischief it is often offensive and definitely is expensive to try and defend Return What can you do to prevent use of your computer to commit mischief Additional Information

13 Personal Actions to prevent use of your computer to commit mischief
Review changes to system configuration Review activity of spyware Be cognizant of your surroundings and make personal and departmental hygiene changes Share your information security responsibility and reduce liability Do not write down your password and leave it easily accessible by others (like under your computer keyboard) Return

14 How Vulnerable am I? LOSS OF DATA CONFIDENCE Validation of data integrity is required by data owners Verification of data transactions is the responsibility of the data owners What can you do to prevent loss of data. Additional Information

15 UNABLE TO USE YOUR COMPUTER
How Vulnerable am I? UNABLE TO USE YOUR COMPUTER Loss of computer, application, or data availability is a security incident Recovery from the lost of “availability” must be reported Return What can you do to prevent being unable to use your computer Additional Information

16 Personal Actions to prevent loss of Data confidence and unable to use your computer
Credit card information should not be stored on individual computers Storage of social security numbers should be minimized Do not use simply, easy-to-guess passwords Use passwords that include numbers and letters Immediately contact IT if you believe that has been a breach of computer security Return

17 How Vulnerable am I? LOST WORK TIME
Security incidents require significant numbers of people and time to remediate “damaged” computers and notify those affected Legal response to security incidents can absorb significant amounts of time Forensic studies to investigate security incidents require significant amounts of time Time lost must be reported for each security incident Return Personal actions to prevent lost of work time due to a data security incident. Additional Information

18 Personal Actions to prevent loss work time
Do not use simply, easy-to-guess passwords Use passwords that include numbers and letters Use passwords on all secure systems and files and change frequently Use passwords for sensitive files or documents Immediately contact IT if you believe there has been a breach of computer security Seek more information as it is appropriate for your position Return

Download ppt "General Awareness Training"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google