Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager.

Published byDavid McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager."— Presentation transcript:

1 IT Security is Everyone’s Responsibility Presented by Hooman Moayyed hooman@ucsf.edu IT Security Awareness Program Manager

2 Why is IT Security Everyone’s Responsibility? Technology isn’t enough You are the best defense against breaches. Regulatory HIPAA Fines to the University and you. Fine ceilings have recently been raised.Fine ceilings Ethical Patient’s deserve privacy. Press We do not want to put the University in a negative spotlight. HIPAA Can fines to the University and you. Fine ceilings have recently been raised. Financial loss Average breach costs $2,000,000 to handle. 2 Leon Rodriguez, HIPAA’s new enforcement officer

3 Patient Privacy PHI – Protected Health Information Patient health status, provision of health care or payment for health care that can be linked to a specific individual. PII – Personally Identifiable Information Names, social security numbers, addresses, phone numbers, MRNs, email addresses For more details see WikipediaWikipedia 3

4 Top Issues On Campus 1.Phishing 2.Theft & Loss 3.Malware 4.Insider Misconduct 5.Illegal File Sharing 4

5 PhishingPhishing Definition: The act of sending deceptive emails in order to steal your personal information. Emails are designed to evoke an emotional response. 5

6 Phishing Example Phishers pose as official organizations. Stop, think, connect. Delete email when in doubt or forward to security@ucsf.edu security@ucsf.edu 6

7 Theft & Loss #1 cause of breaches Passwords are not a deterrent Devices affected Laptops Public places Cars Hotel rooms Unlocked rooms Mobile devices, tablets and portable devices Cars Pickpocketing Purse snatching Grab & run What do to if it happens to you 1.Immediate call the UCSF police department 2.Contact the help desk 3.Send us an email 7

8 MalwareMalware Types Viruses Spyware Adware Causes File sharing programs Illegally downloaded files Opening email attachments Visiting questionable websites 8

9 Insider Misconduct Unauthorized queries UCLA Sharing of PHI Improper disposal Free disposal service available 9

10 Illegal File Sharing How it’s done File sharing programs Bitorrent Limewire Pirate websites Emailing Consequences Puts you and UCSF systems at risk Malware May compromise your machine Can attack other UCSF systems Fines Lawsuits Jail time 10

11 Maintaining IT Security 1.Prevent theft & loss 2.Encryption 3.Antivirus 4.Proper password use 5.General good practice 6.Be Aware 11

12 Prevent Theft & Loss Never leave devices in your car. Take them with you. Be aware of your surroundings Use cable locks. Immediately report any theft or loss to the UCSF PD and the IT help desk. 12

13 EncryptionEncryption Install our free software: PGP 1.Scrambles data on your machine 2.Adds a layer of protection in the event of a theft or loss of device 3.Requires external backup drive or backup solution such as CrashPlanCrashPlan Install PGP on 1.Computers 2.External drives 3.Flash drives Setup UCSF email on mobile devices Enables remote wipe & pin lock Use secure flash drives 13

14 AntivirusAntivirus Free antivirus software UCSF Symantec Endpoint Protection No system is perfect Be wary of file attachments such as 1..exe 2..bat 3..com 4..zip Don’t install file sharing programs Don’t illegally download files Don’t visit questionable websites 14

15 Proper Password Use Use passphrases Minimum length is 7 characters Use strong passwords Substitute at least 1 letter with numbers or symbols Use upper and lower case letters Never use your UCSF password on other websites Never give out your password to anyone including UCSF staff. Never write down your password Never use dictionary words For more details see Unified UCSF Enterprise Password StandardUnified UCSF Enterprise Password Standard 15

16 General Good Practice Install SEP antivirus software. Use encryption. Properly use passwords. Never illegally share files. Don’t react to an email as it could be a phishing scam. Stop, think, connect. Properly dispose of old hardware and documents. 16

17 Be Aware Security Awareness Site http://awareness.ucsf.edu Everyone wins a prize Monthly grand prize drawing Formal Security Awareness Training UC Learning Center Everyone who passes earns a badge holder lanyard Monthly $50 gift card drawing 17

18 ResourcesResources IT Help Desk Request services at http://help.ucsf.edu or call 415- 514-4100http://help.ucsf.edu IT Security Site Your total IT security information resource http://security.ucsf.edu http://security.ucsf.edu Email: security@ucsf.edusecurity@ucsf.edu UCSF Police Department From campus phones 9+911 All other phones 415-476-6911 18

19 Questions?Questions? 19

Download ppt "IT Security is Everyone’s Responsibility Presented by Hooman Moayyed IT Security Awareness Program Manager."

Similar presentations

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.

Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BE CYBER SAFE Office of Information Technology Information Security Department 2011-2012 1 Security Awareness Top Security Issues.

BE CYBER SAFE Office of Information Technology Information Security Department Security Awareness Top Security Issues.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?

C USTOMER CREDIT CARD AND DEBIT CARD SECURITY (PCI – DSS COMPLIANCE) What is PCI – DSS Compliance and Who needs to do this?
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Information Security Awareness:

Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Similar presentations

Ads by Google