ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Slides:



Advertisements
Similar presentations
Online Privacy A Module of the CYC Course – Personal Security
Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
P ASSWORD S ECURITY. I F SOMEONE HAS YOUR PASSWORD, EITHER FROM YOU GIVING IT OUT OR THEM FIGURING OUT, THEY COULD : 1.Send abusive or threatening .
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Internet Safety Part II CyberBullying. Judson Independent School District … strives to provide a safe, positive learning environment for students in our.
CPS Acceptable Use Policy Day 2 – Technology Session.
IT Security Awareness: Information Security is Everyone’s Business A Guide to Information Technology Security at Northern Virginia Community College.
Hacking Phishing Passwords Sourendu Gupta (TIFR).
An Educational Computer Based Training Program CBTCBT.
ESCCO Data Security Training David Dixon September 2014.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
SPH Information Security Update September 10, 2010.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
Cyber Safety Jamie Salazar.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.
Safe Computing Practices. What is behind a cyber attack? 1.
Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
2015Computer Services – Information Security| Information Security Training Budget Officers.
Technological Awareness for Teens and Young Adults.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Avoiding Frauds and Scams Barbara Martin-Worley Director, Consumer Fraud Protection 18 th Judicial District Attorney’s Office Serving Arapahoe, Douglas,
Two account types on this campus: UWB Access AccountUW NetID Account & 1.Not everyone has one as it must be requested by your supervisor 2.You are.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Information Security Awareness Training
Wednesday, November 7, 2012.
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Internet Identity, Safety, & Security
Information Security.
I S P S loss Prevention.
Information Security 101 Richard Davis, Rob Laltrello.
Information Security Seminar
Staying Austin College
Cybersecurity Awareness
Information Security Awareness 101
Robert Leonard Information Security Manager Hamilton
Red Flags Rule An Introduction County College of Morris
Welcome to the SPH Information Security Learning Module
Epic Introduction Basics
Epic Introduction Basics
Epic Introduction Basics
School of Medicine Orientation Information Security Training
Presentation transcript:

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff

Network And Computer Use Policy Users of information technology resources at the University of Mary Washington must use these resources responsibly and in compliance with the Network and Computer Use Policy. Using University-owned computers, networks, or other information technology resources constitutes acknowledgment that the user understands and commits to compliance with the University's Network and Computer Use Policy and related policies and procedures. The complete policy and user responsibilities may be viewed on the Policies Section of the UMW website.Policies Section of the UMW website

Other Information Security Related Policies There are a number of other Information Security policies that users should be aware of. Links to important policies that you should be aware of are on this slide. Information Technology Security Program Policy Administrative Data Access Policy Electronic Storage of Highly Sensitive Data Policy Identity Management Credentials Policy Other important information security policies, standards and proceduresOther important information security policies, standards and procedures

UMW Data Classification Standard The university has defined three levels of data classification for enterprise data. All enterprise data fall into one of these categories: Public Data Protected Data Highly Sensitive Data

UMW Data Classification Standard Public Data General administrative data that are intentionally made public are classified as not sensitive and defined asPublic Data. This includes all general administrative data that are not legally restricted or judged by data stewards to be limited access data. Examples of UMW public data include digital editions of such publications as the institutions Statistical Profile and the Presidents Annual Report of Gifts. The Schedule of Course Offerings, published each semester, along with the universitys online PeopleSearch Directory serve as other examples of public data. Public data access does not require personal authentication credentials.

UMW Data Classification Standard Highly Sensitive Data The following data is classified as Highly Sensitive Data: Personally identifiable information including: SSNs, Passport Numbers, Drivers License Numbers, financial account numbers (credit card numbers, debit card numbers, banking account numbers), and full name in conjunction with corresponding full date of birth.

UMW Data Classification Standard Highly Sensitive Data Access to Highly Sensitive Data may only be authorized by Data Stewards and Data Security Contacts, as defined in the Administrative Data Access Policy, and requires the completion of the University of Mary Washington Administrative Data User Account Request Form.

Securing Highly Sensitive Data Highly Sensitive Data must not be stored or kept on any non-network storage device or media. Prohibited storage media includes storage on desktop computers, laptop computers, PDAs, cell phones, USB drives, thumb drives, memory cards, CDs, DVDs, local external hard drives and other USB devices. Highly Sensitive Data should not be distributed via reports, spreadsheets, s or attachments.

UMW Data Classification Standard Protected Data By default, all administrative data that is not explicitly defined as Highly Sensitive Data, or is not intended to be made publicly available, is classified as Protected Data. For example, FERPA protected data not covered under the definition of Highly Sensitive is classified as Protected. Access to Protected Data is authorized by data stewards and data security contacts as described in the Administrative Data Access Policy and requires the completion of the University of Mary Washington Administrative Data User Account Request Form.

UMW Data Classification Standard Protected Data Secure credentials are required to access protected university data. Standards or guidelines governing the release, distribution and dissemination of protected data by individuals authorized to access it is controlled and administered by the designated Data Stewards.

UMW Data Classification Standard DefinitionAccess Secure Credentials ExampleOther Public Highly Sensitive Protected Data General administrative data UnrestrictedNoReport of Annual Gifts Personally identifiable information. RestrictedYesSSNs, credit card numbers May only be stored on a network drive. Data that isnt publically available, but that isnt highly sensitive. RestrictedYesStudent addresses

Phishing Phishing is a cyber crime where well designed and legitimate looking s and pop up messages lure victims into revealing their username, password, credit card number, Social Security number, or other sensitive information. Even though the problem is not new, there never seems to be a shortage of victims. Phishing messages appear to be authentic and often mimic the type of communication you would expect to receive from trusted organizations, such as banks, merchants, or university system administrators. You should never trust or pop up messages that ask you to confirm, validate, or update your information by responding to the or by following a link.

Phishing The UMW IT Help Desk and system administrators will never send you an requesting you to validate, confirm or update your account passwords or other personal information.

Reporting a Security Incident If you fall victim to a phishing scam, believe that your UMW account credentials have been compromised, or have reason to believe that UMW IT system protocols, policies or procedures have been violated, you should immediately 1.Change your password, and 2.Report the incident by sending an to it- or contacting UMWs ISO at Additional information about reporting security incidents, or about information security in general, may be found at the IT Information Security website. IT Information Security

Protect Your Passwords There are a number of steps that you can take to protect your passwords. These tips apply to the passwords that you have for the UMW systems, as well as for other systems. Some of these tips are: Never share your passwords with anyone. Your password verifies your identity as an authorized user. You will be held responsible for misuse of your account if your password is shared with others.

Protect Your Passwords Choose a strong password that is hard to guess. Passwords should never be dictionary words or names. More secure passwords are those which are based on pass phrases. Dont record or leave passwords where others can find them. Remembering multiple passwords can be challenging, especially if they have to be changed regularly. This often results in passwords be written down, often in inappropriate locations, like under a keyboard or taped to a computer screen. Password Safe is free open-source software you can use to securely store your passwords.Password Safe

Protect Your Passwords Never provide your password in an or in a response to an request. Please know that UMW IT personnel will never ask for your password. Use different passwords for different websites and services. Do not use your UMW account credentials on other, non-UMW, systems and applications. Use passwords that are easy for you to remember and difficult for others to guess. Again, passwords should not be dictionary words or names, more secure passwords are those which are based on pass phrases.

Protect Your Passwords Change passwords immediately if they have been compromised. Contact or the Universitys ISO if it has been Change passwords frequently. UMW requires that passwords be changed every 90 days. Be careful about where passwords are saved on computers. Some software dialog boxes present an option to save or remember a password. Selecting this option poses a potential security risk. It is best to never save passwords in dialog boxes.

Security Awareness Most breaches and compromises of sensitive data can be prevented by security awareness and good security habits. All UMW employees are required to complete security awareness training. Employees responsible for administering or supporting central UMW IT systems, or for authorizing access to sensitive data, will be required to attend additional security awareness training. University employee security awareness training requirements are outlined in the Security Awareness Education Standard. Security Awareness Education Standard

ANNUAL SECURITY AWARENESS TRAINING – 2011 You may close this window. You have now completed the

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.