Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Slides:

Advertisements

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Advertisements

Identity theft Protecting your credit identity. Identity Theft Three hundred forty three million was lost from consumers in 2002 The number of complaints.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Online Learning and the Laptop Initiative Hidden Valley High School Roanoke County Public Schools 2006.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Baltic High School Classroom Connections Presentation.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Identity Theft Solutions. ©SHRM Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

10 Essential Security Measures PA Turnpike Commission.

New Data Regulation Law 201 CMR TJX Video.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Learning About Credit Advantages and Disadvantages.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Securing Information in the Higher Education Office.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.

3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge America,

ESCCO Data Security Training David Dixon September 2014.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

1.1 System Performance Security Module 1 Version 5.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Identity Theft  IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumer’s personal identification, credit, or account information.

Money Handling Procedures Updated by Roger Sparrow, Karen Ramage & David Herbst April 2014.

Privacy and Information Management ICT Guidelines.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

PHYSICAL ITSECURITY scope. 1.What is password security?. 2.Why can't I tell anyone my password? 3.What about writing my password down 4.Social engineering.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

SPH Information Security Update September 10, 2010.

Incident Security & Confidentiality Integrity Availability.

Incident Security & Confidentiality Integrity Availability.

Identity Theft What is it, is identity theft really a problem, how can I protect myself, what do I do if my Identity is stolen.

TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.

Cyber Safety Jamie Salazar.

Security and Ethics Safeguards and Codes of Conduct.

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Physical Security Concerns for LAN Management By: Derek McQuillen.

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

Step 2 – Register a Card To register a UR Card, you can send an to or fill out the registration form at one of our awesome

Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)

Computer Security Sample security policy Dr Alexei Vernitski.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

HIPAA Privacy What Every Staff Member Needs to Know.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

Handling Personal Data

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Protecting Your Identity

Protecting Your Credit Identity

Introduction to the PACS Security

School of Medicine Orientation Information Security Training

Presentation transcript:

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit

About Confidential, Personal, and Sensitive Information CDPH considers all information about individuals private and confidential, unless the information is determined to be of public record. Examples of information that should not be disclosed include, but are not limited to: –Social Security Number (SSN) –Address –Phone Number –Drivers license number or State-issued identification card number –Account number, credit or debit card number –Medical information –Health insurance information

Mobile Device Equipment Security Mobile device equipment presents a unique set of security concerns due to their portability. These devices include, but are not limited to: –Laptops –Portable computers –Personal Digital Assistants (PDA) –Compact Discs (CD) –Digital Video Devices (DVD) –Flash drives

Mobile Device Equipment Security Contractors must consider the physical security of these devices and the protection of the confidential and/or sensitive information that is often stored on them.

Mobile Device Equipment Security As a reminder, Contractors are responsible for: The security of their assigned mobile device equipment and any confidential, sensitive, or personal information (data) that it may contain. Any subcontractors and consultants under Contractors charge that utilize mobile device equipment purchased with Network funds and any confidential, sensitive, or personal information (data) that it may contain.

Mobile Device Equipment Security (continued) Prior to being reimbursed for the purchase of mobile device equipment, Contractors will have to sign and return the Contractor Mobile Device Policy, Procedures, and Guidelines Agreement. –This document can be found in the Fiscal Section of the Guidelines Manual (Appendix).

Mobile Device Equipment Guidelines The following guidelines are intended to help improve the protection of mobile device equipment.

Physical Security of Mobile Devices Dos and Donts Dont store your password with your mobile device. –You should secure your mobile device with a strong password, but dont keep the password in the carrying case or on a piece of paper attached to the equipment. Dont leave your mobile device in your car. –Dont leave your mobile device on the seat or even locked in the trunk. Locked cars are often the target of thieves. Dont store your mobile in checked luggage. –Never store your mobile device in checked luggage. Always carry it with you. Dont carry mobile devices in easily identifiable carrying cases. –Particularly when traveling through airports, mobile devices should be kept in briefcases, backpacks, or other carrying cases that are not obvious.

Physical Security of Mobile Devices Dos and Donts (continued) Do secure your mobile device when unattended. –Attach the mobile device with a security cable to something immovable or to a heavy piece of furniture when it is unattended (e.g. laptop). Do keep track of your mobile device when you go through airport screening. –Hold onto your mobile device until the person in front of you has gone through the metal detector. Watch for your device to emerge from the screening equipment. Do record identifying information and mark your equipment. –Record the make, model, and serial number of the equipment and keep it in a separate location. Consider having the outside of the equipment case labeled with your agencys contact information. Do backup your files. –Make a backup of your files before every trip. In the event that your mobile device is lost or stolen, you will still have a copy of your data.

Data Security on Mobile Devices If your mobile device contains confidential and/or sensitive information, do consider using a product that will encrypt the entire hard disk of your device, so that the device can not be accessed by anyone without a password. Insure that all files that reside on your mobile device are: –Regularly backed up to a secure server or other media (e.g. CD or flash drive) –Stored in a secure location –Encrypted Any mobile device that is lost, stolen, or damaged must immediately be reported to your assigned Contract Manager. Do use good judgment about the amount of confidential and/or sensitive data that you store on your mobile device. Only store data that will be needed while traveling.

About Encryption What is encryption? Encryption is the coding of data so that it cannot be read by anyone who does not know the password that decodes it. Encryption garbles your data by using irreversible mathematical functions in order to make it nearly impossible to retrieve.

About Encryption (continued) Why do I need encryption? Data on nearly mobile device is vulnerable to accessibility, theft, loss, or damage. Protecting personal, confidential, and sensitive information is paramount and can easily be done through encryption. Even if your mobile device is stolen or accessed without your knowledge or permission, the encrypted information is useless to an outside user.

Encryption Requirements Contractors are required to install a virus protection application and a 128 bit hard drive encryption application on all laptops or tablet PCs. Contractors may use Network funds to pay for these applications, but costs must be prorated according to Network full-time equivalent (FTE) percentages.

Reporting Mobile Device Theft, Loss, or Damage The following is a step-by-step process in the event that your mobile device is stolen, lost, or damaged: Immediately contact your assigned Contract Manager and the appropriate law enforcement agency. –Relay any information from law enforcement agencies, including police report number, to your Contract Manager. This information will be required for documentation of the incident. Your Contract Manager and other Network staff will notify appropriate State agencies about the incident and complete necessary reporting. Please make yourself available should your Contract Manager or other State staff need to contact you for more information.

Closing Thank you for reviewing this security brief and for proactively securing the mobile device equipment and confidential, sensitive, or personal information in your care. For additional questions, please contact your assigned Contract Manager.