Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

How to protect yourself, your computer, and others on the internet

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Welcome to the SPH Information Security Learning Module.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Springfield Technical Community College Security Awareness Training.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Information Security Awareness Training

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

New Faculty Orientation to Privacy and Security at UF Susan Blair, Chief Privacy Officer Kathy Bergsma, Information Security.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Securing Information in the Higher Education Office.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

STAY SAFE ONLINE. STAY SAFE ONLINE! PLEASE MAKE SURE YOU LOGIN AT THE CORRECT BANK URL / ADDRESS 1.NEVER LOGIN VIA LINKS 2.NEVER REVEAL YOUR PIN.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

By: Daniel Krueger ITC 525: Computers for Educators Summer II 2010 Click Here to Begin.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

ESCCO Data Security Training David Dixon September 2014.

IT security By Tilly Gerlack.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.

Information Systems Services How to Protect Yourself On-Line – Keeping Safe At Home Neil Jowsey, IT Security Team 25 th September 2013.

Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Cybersecurity Test Review Introduction to Digital Technology.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Safe Computing Practices. What is behind a cyber attack? 1.

SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.

Computer Security Keeping you and your computer safe in the digital world.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

2014 From Phish to Phraud Kat Seymour October 10, 2014 #GHC

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Information Security Awareness Training

Personal spaces.

Report Phishing Forward phishing s to

Information Security 101 Richard Davis, Rob Laltrello.

Phishing is a form of social engineering that attempts to steal sensitive information.

Protect Your Computer Against Harmful Attacks!

Cybersecurity Awareness

Practice Safe Computing

4 ways to stay safe online 1. Avoid viruses and phishing scams

Red Flags Rule An Introduction County College of Morris

Report Phishing Forward phishing s to

Security Hardening through Awareness August 2018

School of Medicine Orientation Information Security Training

Presentation transcript:

Information Security 2013 Roadshow

Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How to Spot a Spoofed Web Site Recognize a Phishing Attempt What is Social Engineering  Privacy and Compliance PCI/HIPAA/FERPA Policy Privacy and Best Practice

Why We Care About Information Security Personal Reasons :  Identity Theft  Loss of Data  Financial Loss  Poor Computer Performance Institutional Reasons:  Protect Middlebury College  Compliance with Laws and Standards  Prevent Reputational Damage  Reduce Legal Liability for the College  As Well As the Personal Reasons Listed Above

How do I Know a Web Site is Secure? HTTPS in the Address bar is an indicator of a secure web site. A web site encrypted with SSL should display a near the address bar. Not all devices or browsers display the same.

What is a Spoofed Web Site Just because the site looks like Middlebury does not mean it is Check the address or URL Never enter login information unless the site is secure and you have checked the URL

How to Spot Phishing Do NOT click on links or open attachments in suspicious s! Forward all suspected Phishing messages to before deleting the message. If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk!

What Phishing Can Do Do NOT click on links or open attachments in suspicious s! Forward all suspected Phishing messages to before deleting the message. If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk! Infect a system with malware Mislead a user into giving up credentials Compromise with rules and scripts Stet the stage for a larger attack

What is FakeAV Tries to look like regular AV Clicking on the warning will download a virus Often the best bet is a hard shutdown of the system Know what your AV warnings look like Sophos anti-virus does offer some web protections which help to prevent the download activity of FakeAV.

Social Engineering Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. (From Wikipedia) Examples: You are in a hotel and receive a call from the front desk to confirm your credit card details. You receive a call at work from support services asking for your password to fix a problem on your computer. You are at home and get a call from the help desk asking for your login information to reset your account.

What Laws Protect Information Here at Middlebury Family Education Rights and Privacy Act (FERPA) = Student Data Health Information Portability and Accountability Act (HIPAA) = Health Data Sarbanes – Oxley Act (SOX) = Financial Data for Businesses Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions VT Act 162 = Data Breach Notification & SSN Handling Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data

What Policies Protect Information Here at Middlebury Privacy Policy = Confidentiality of Data Network Monitoring Policy = Protection of College Technology Resources Technical Incident Response Policy = Response to Information Security Events Data Classification Policy = Defines Data Types Not in handbook as of yet Red Flags Policy = Identity Theft Protection Not presently in hand book PCI Policy = Payment Card Data Handling Other Policies Live Here:

What are Some Best Practices Do Look for HTTPS and other key address indicators when you are going to different web sites. Use a strong challenge question in Banner SSB Redaction – remove or mask (block out) personally identifiable information when sharing data Be suspicious of unsolicited or phone calls. Lock your computer or secure information when you leave your work space. Use Anti-Virus on both your work and home systems Use secure passwords which you change often. This also applies to mobile devices. Do

What are Some Best Practices Do Not DO NOT write down or share your passwords - tools such as eWallet or 1Password work well as secure password storage alternatives. DO NOT store confidential data on unencrypted thumb drives or other unsecured media -if you need to transfer the data encrypt the file or password protect the file and keep a master copy on the server. Do Not DO NOT place confidential data in - a link to where the file is stored. This may add complexity but increases security. Windows Explorer can show you the path to the location of the file. DO NOT record sensitive data on the College web site, blog or Wiki

Discussion and Links Please share your thoughts! Information Security Resources: Report Information Security Events To: