Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
7 Effective Habits when using the Internet Philip O’Kane 1.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Security for Today’s Threat Landscape Kat Pelak 1.
Mr C Johnston ICT Teacher
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR TJX Video.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Program Objective Security Basics
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
IT Security for Users By Matthew Moody.
ESCCO Data Security Training David Dixon September 2014.
1.1 System Performance Security Module 1 Version 5.
IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.
Legal Division CSAA Insurance Group, a AAA Insurer Protecting Your Identity: What to Know, What to Do 2015 Risky Business Week.
ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Incident Security & Confidentiality Integrity Availability.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Chapter 2 Securing Network Server and User Workstations.
Internet Safety Internet Safety LPM
Incident Security & Confidentiality Integrity Availability.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.
Computer Security Sample security policy Dr Alexei Vernitski.
2015Computer Services – Information Security| Information Security Training Budget Officers.
Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Personal Data Protection and Security Measures
Trend Micro Consumer 2010 Easy. Fast. Smart.
DATA SECURITY FOR MEDICAL RESEARCH
OWASP CONSUMER TOP TEN SAFE WEB HABITS
Information Security 101 Richard Davis, Rob Laltrello.
Staying Austin College
Information Security Awareness 101
Digital $$ Quiz Test your knowledge.
Information Security Awareness
Premier Employee Program Version 4.0
School of Medicine Orientation Information Security Training
Presentation transcript:

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015

Agenda ➢ Data protection ➢ Data Classification ➢ IT Security Good practices

Data protection ➢ Data is one of the most valuable assets of the University ➢ Data could be any factual information that is stored on computer, USB drive, Cloud and paper. ➢ Risks to the data: 1. Theft 2. Loss 3. Leakage 4. Tamper

Data Classification

The importance of data classification Allow us to identify the data Manage the data better Employ appropriate level of security to the data

Three-level Data Classification In order to handle data properly, data should be classified into sensitivity levels, namely, PUBLIC, SENSITIVE and RESTRICTED information. Public Sensitive Restricted

Three-level Classification Public Data is generally open to the public. No existing local, national or international legal restrictions on access. Example: Events and Activities, communications notices and publications.

Three-level Classification Sensitive Data is “Official Use Only” Protected from unauthorized access due to proprietary, ethical or privacy considerations Example: Student Data; University partner or sponsor information where no NDA exists

Three-level Classification Restricted Data is protected by regulations, University policies or contractual agreement Unauthorized access may result in significant financial risk or negative impacts on the reputation of the University Example: Personal Information, Payment Records, Medical records

Data Handling ➢ Level of precautions and security controls are relevant to the data classification ➢ More protections for more sensitive data

Data Handling Security ControlPublic LevelSensitive LevelRestricted Level Access ControlNo restrictionAAA (Authentication, authorization, accounting) AAA, Confidentiality agreement Copying/PrintingNo restrictionLimitedLimited with label “Confidential” Network SecurityNo protectionFirewall, IPS, Allow remote Access Firewall, IPS, No remote Access System SecurityBest practicesHardeningHardening with specific security Physical SecurityLockedLocked, CCTVData Centre Data StorageMonthly BackupDaily BackupEncryption Data loss prevention Daily Backup AuditingNo LoggingLoginsLogins, access and changes

IT Security Good practices

Workstation ➢ Use complex password, more than 8 characters ➢ Enable login password and screen saver password ➢ Logout when unattended ➢ Do not install P2P software on computer that handles confidential data ➢ Physically secure the notebook PC, tablet PC ➢ Avoid using public computer to access confidential files ➢ Using VPN or other secure channel for remotely access from the outside of the university

Storage Data could be stored on personal PC, file server, mobile phone, NAS, Cloud, etc… ➢ Access control Need ID and password Read, write, deny access Logging ➢ Use encryption ➢ Backup

Removable Storage ➢ Only store sensitive data on portable devices or media when absolutely necessary ➢ Use Encryption ➢ Erase the data after use ➢ Don’t leave USB drive unattended ➢ Keep it safe ➢ Don’t use USB drive from unknown source. ➢ Report to supervisor if lost USB drive that contains sensitive data Guidelines on storing and accessing personal data on portable storage devices and personally owned computersGuidelines on storing and accessing personal data on portable storage devices and personally owned computers (Newly updated on Mar 2015)

Cloud storage Before uploading data to Cloud, you should consider: ➢ Privacy and confidentiality ➢ Data Encryption ▪ being uploaded to, or downloaded from, and stored in the cloud ➢ Exposure of data ▪ to operator, local and foreign government or agency

Social Networks Online Social networking sites are useful to stay connected with others, but you should be wary about how much personal information you post. Privacy and security settings Once posted, always posted Keep personal info personal Know and manage your friends

Mobile Security “New Technology, old Privacy and Security issue” ➢ Lost or stolen devices ▪Enable screen lock ▪Encrypt the data, such as and documents ▪Use Remote Wipe and Anti-Virus ▪Be aware the automatically login of company and file server ➢ Malware and virus ▪Steal bank details, Company Data, Personal identities, addresses ➢ Be aware apps sources and rights ▪Install from trusted sources only ▪Be aware the requested application permissions

Phishing Hyperlink Sample of phishing

Phishing is the act of attempting to acquire information such as usernames and password by pretending from a trusted entity, e.g. ITS or other department of the University ➢ Signs of a phishing Unoffical “From” address Urgent actions required Generic greeting Link to a fake website, sometimes with legitimate links ➢ What to do if you received phishing Delete these suspicious s Don’t reply or click any link on them Refer to HKU Spam report web site Phishing

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.