Information Security Awareness

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Understand Database Security Concepts
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
System and Network Security Practices COEN 351 E-Commerce Security.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Chapter 7 HARDENING SERVERS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Incident Response Updated 03/20/2015
Information Security Information Technology and Computing Services Information Technology and Computing Services
TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
1.1 System Performance Security Module 1 Version 5.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Appendix C: Designing an Operations Framework to Manage Security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Database Role Activity. DB Role and Privileges Worksheet.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Security Awareness Our security depends on you. What IT Security Protects ECU Campus network and everything attached to it Information –personal data.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
What is Information Security?
Managing Windows Security
Trend Micro Consumer 2010 Easy. Fast. Smart.
Securing Network Servers
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Chapter 7: Identifying Advanced Attacks
Configuring Windows Firewall with Advanced Security
Secure Software Confidentiality Integrity Data Security Authentication
Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.
I S P S loss Prevention.
Data Compromises: A Tax Practitioners “Nightmare”
OWASP CONSUMER TOP TEN SAFE WEB HABITS
Information Security 101 Richard Davis, Rob Laltrello.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Common Security Mistakes
Information Security Session November 11, 2004
Cybersecurity Awareness
Call AVG Antivirus Support | Fix Your PC
Risk of the Internet At Home
Information Security Session October 24, 2005
County HIPAA Review All Rights Reserved 2002.
12 STEPS TO A GDPR AWARE NETWORK
Part 3.
AppExchange Security Certification
Top Ten Cyber Security Hygiene Tips
Unit 4 IT Security Kerris Davies.
PLANNING A SECURE BASELINE INSTALLATION
Designing IIS Security (IIS – Internet Information Service)
Introduction to the PACS Security
G061 - Network Security.
6. Application Software Security
Presentation transcript:

Information Security Awareness Systems Administrators

Why Us? Institutions of Higher Education are far more tantalizing targets Exploit vulnerabilities and weaknesses Publicity/recognition for hacking Profitability a key motivator The threat from within *Over 44% of incidents in 2007 targeted Education and Government *per Web Application Security Consortium

Roles and Responsibilities Strong Passwords Data Backups Physical Security Daily Log Reviews Software Licensing User Access P2P File Sharing Avoid Disclosure/Compromise

Minimum Security Standards for Systems – Backups (Cat I) Establish/follow regular system backups Monthly verification of backups through customer/trial restores System administrator must maintain documented restoration procedures for systems and the data on those systems

Minimum Security Standards for Systems – Change Mgmt (Cat I) System configuration/documented change control process Evaluation of system changes prior to application in production environment - test patches - if no test environment, communicate to data customer - communicate change in environment due to patches

Minimum Security Standards for Systems–Virus Protection (Cat I) Install & enable Antivirus software Recommend installation of Anti-spyware software if browsing Must be configured to update daily Maintain/make available a description of the standard configuration of antivirus software

Minimum Security Standards for Systems – Physical Access (CatI) Physically secure systems in racks/areas with restricted access Physically secure portable devices if left unattended Secure backup media from unauthorized physical access Encrypt backup media if stored off-site OR document process to prevent unauthorized access

Minimum Security Standards for Systems – Hardening Checklist System is set up in a protected network environment Install OS and application services security patches expediently Enable automatic notification of new patches Disable/uninstall services/apps/user accounts not being used

Hardening Checklist (continued) Limit connections to services running on host to authorized users only Encrypt commo & storage of services/ apps for systems using Cat I data (confidentiality-integrity-availability) Integrity checks of critical OS files & system accounts (user least privilege) University warning banner required Use of strong passwords

Minimum Security Standards for Systems – Security Monitoring Enable and test log activities Document and routinely monitor/ analyze OS/service logs Follow a documented backup strategy for security logs (e.g., acct mgmt, access control, data integrity, etc.) Retain security logs 14-days minimum Admin/Root Access must be logged

Minimum Security Standards for Systems For more information please visit the Information Security Office website at http://admin.utep.edu/Default.aspx?alias= admin.utep.edu/securityawareness

Password Security At Least 17-characters in length Do not share or disclose Use complex or pass phrases containing letters, numbers and special characters Change at least every 6-months or if a suspected compromise exists Change anytime Team Member leaves

Safe Practices Browsing and downloading Privacy Misuse of domain credentials Remote access New users and folder shares Disable “Remember Password” features Report suspected compromise of account(s) or password(s) to ISO

Safe Practices (cont) Antivirus – run weekly scans User Access – check for appropriate approvals Disaster Recovery Business Continuity Don’t give away the “Keys to the Kingdom” *Use of SQL Injection was 20% in 2007 *according to Web Application Security Consortium

Statistics Attack Goal % Stealing Sensitive Information 42% Defacement 23% Planting Malware 15% Unknown 8% Deceit 3% Blackmail Link Spam Worm 1% Phishing Information Warfare The Web Hacking Incidents Database 2007 Annual Report Prepared by O fer Shezaf and Breach Security Labs team http://www.webappsec.org/projects/whid/statistics.shtml

Questions & Answers Information Security Office web page http://admin.utep.edu/securityawareness 2007 Statistics: http://www.webappsec.org/projects/whid/statistics.shtml from Web Application Security Consortium

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.