Presentation is loading. Please wait.

Presentation is loading. Please wait.

Online Course START Click to begin… Module 2 General Information Security.

Published byAbraham Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "Online Course START Click to begin… Module 2 General Information Security."— Presentation transcript:

1 Online Course START Click to begin… Module 2 General Information Security

2 Prev Introduction In this course, you will learn about UNC HCS’s information security policies and procedures. All UNC HCS workforce members must comply with our information security policies and procedures. PrevNext

3 Prev Information Security The purpose of Information Security is to protect the confidentiality, integrity, and availability of information. –Confidentiality means that data or information is not made available or disclosed to unauthorized persons or processes. –Integrity means that data or information has not been altered or destroyed in an unauthorized manner. –Availability means that data or information is accessible and useable upon demand by an authorized person. PrevNext

4 Prev Protected Information Protected Health Information (PHI) –Identifiable patient information Confidential Information may include: –personnel information –system financial and operational information (such as new business plans) –trade secrets of vendors and research sponsors –system access passwords Internal information may include: –personnel directories –internal policies and procedures –most internal electronic mail messages PrevNext

5 Prev Your Responsibilities Access information only in support of your job duties Report losses or misuse of UNC HCS information, or other security problems, promptly to your Information Security Officer Comply with all Security and Privacy policies Remember, YOU are responsible and will be held accountable for the security of protected information that you access or maintain. PrevNext

6 Prev Malicious Software Viruses, Worms, Spyware and Spam are examples of malicious software, sometimes known as “malware”. Most damage can be prevented by regular updates (patches) of your computer’s operating system and antivirus software. PrevNext

7 Prev Virus PrevNext Computer viruses are a major threat to information systems and your data. – –Viruses “infect” your computer by modifying how it operates and, in many cases, destroying data. – –Viruses spread to other machines by the actions of users, such as opening email attachments.

8 Prev Worms Worms are programs that can: –run independently without user action –spread complete working versions of themselves onto other computers on a network within seconds –destroy computer resources such as hard drives PrevNext

9 Prev Spyware Spyware is software that is secretly loaded onto your computer, monitors your activities, and shares that information without your knowledge. Certain websites install spyware on every computer that visits those sites. PrevNext

10 Prev For Example: While online at work, Amanda sees a “pop up” ad for a free “atomic clock.” She clicks on the “I agree” button and her computer downloads and installs the atomic clock utility. After a few days she notices that her computer is running slower and calls the Help Desk. What did she do wrong? Next

11 Prev For Example: She installed software from an unknown source She didn’t read the fine print before clicking “I agree” Many “free” applications include a spyware utility that will cause performance problems and potentially release confidential information. PrevNext

12 Prev Spam Spam is unsolicited or "junk" electronic mail messages, regardless of content. Spam usually takes the form of bulk advertising and may contain viruses, spyware, inappropriate material or “scams”. Spam also clogs email systems. PrevNext

13 Prev Safe Email Use Do not open email attachments if the message looks the least bit suspicious, even if you recognize the sender. When in doubt, throw it out. Do not respond to “spam” – simply discard or delete it, even if it has an “unsubscribe” feature. Email containing protected information such as PHI being sent outside the HCS requires additional protection. Contact your entity’s Information Security Officer for more information. PrevNext

14 Prev For Example: Bill receives an unsolicited email which, when he opens it, determines that it is “junk”. He “clicks” on the unsubscribe button at the bottom of the email and then deletes the original message. What did he do wrong? PrevNext

15 Prev For Example: Once he identified the email as “spam” he should have deleted the message He should not have “unsubscribed”; this confirms his address is valid and will result in additional “spam” PrevNext

16 Prev Password Control Most security breaches come from within the organization – and many of these occur because of bad password habits. Therefore: –Use strong passwords where possible (at least 6 characters, containing a combination of letters, numbers, special characters) –Change your passwords frequently (45-90 days) –Keep your passwords confidential! (Do not share them with ANYBODY.) –If you MUST write down your passwords: Store them in a secure location Do NOT store them under your keyboard, on a Post-it, etc!! PrevNext

17 Prev For Example: Charlotte has to pick a new password. So she can remember the password she decides to use one of the following passwords. ettolrahc (her name backwards) 12031965 (her birth date) Ch@r1web (based on her favorite book) Which password is the strongest? PrevNext

18 Prev For Example Ch@r1web is the strongest password because: –It is six or more characters long –It contains upper and lower case letters –It contains a number –It contains special characters –It’s based on something memorable PrevNext

19 Prev Peer-to-Peer(P2P) File Sharing P2P file sharing programs such as Morpheus, Kazaa, etc. are commonly used to download unauthorized or illegal copies of copyrighted materials such as music or movies. P2P programs also frequently contain spyware, viruses, etc. Use of P2P programs on UNC HCS networks is prohibited. PrevNext

20 Prev Mobile Computing Devices If you use a Palm/Pocket PC (PDA) device or a laptop PC, you must employ the following security controls: –power-on passwords –automatic logoff –data encryption or a comparable approved safeguard to protect the data Never leave mobile computing devices unattended in unsecured areas. Immediately report the loss or theft of any mobile computing device to your entity’s Information Security Officer. PrevNext

21 Prev For Example: A physician leaves his PDA which contains PHI as well as personal information on the back seat of his vehicle. The PDA did not have a power-on password nor encryption. When he returns to the vehicle, the PDA is missing. What should the physician have done? What should the physician do now? Next

22 Prev For Example: The physician should have password protected the PDA and PHI should have been encrypted to prevent unauthorized access. He should now: –Contact his Privacy or Information Security Officer –Report the loss to his immediate supervisor Next

23 Prev Remote Access All computers used to connect to UNC HCS networks or systems from home or other off-site locations should meet the same minimum security standards that apply to your work PC. PrevNext

24 Prev External Storage Devices Protected Information stored on external storage devices (diskettes, cd-roms, portable storage, memory sticks, etc…) must be safeguarded to prevent theft and unauthorized access. Whenever possible, encrypt protected information on these devices. External storage devices should never be left unattended in unsecured areas. Immediately report the loss or theft of any external storage devices to your entity’s Information Security Officer. PrevNext

25 Prev Faxing Protected Information Fax protected information only when mail delivery is not fast enough to meet patient needs. Use a UNC HCS approved cover page that includes the confidentiality notice with all faxes. Ensure that you send the information to the correct fax number by using pre-programmed fax numbers whenever possible. Refer to the UNC HCS fax policy. PrevNext

26 Prev PHI Notes PHI, whether in electronic or paper format, should always be protected! Persons maintaining notes containing PHI are responsible for: –Using minimal identifiers –Appropriate security of the notes –Properly disposing of information when no longer needed. Information on paper should never be left unattended in unsecured areas PrevNext

27 Prev Appropriate Disposal of Data Protected Information should be disposed of appropriately. –Hard copy materials such as paper or microfiche must be properly shredded or placed in a secured bin for shredding later. –Magnetic media such as diskettes, tapes, or hard drives must be destroyed or “electronically shredded” using approved software and procedures. –CD ROM disks must be rendered unreadable by shredding, defacing the recording surface, or breaking. –No Protected Information should be placed in the regular trash! PrevNext

28 Prev Physical Security Equipment such as PCs, servers, mainframes, fax machines, and copiers must be physically protected. –Computer screens, copiers, and fax machines must be placed so that they cannot be accessed or viewed by unauthorized individuals. –Computers must use password-protected screen savers. –PCs that are used in open areas must be protected against theft or unauthorized access. –Servers and mainframes must be in a secure area where physical access is controlled. PrevNext

29 Prev Reporting Losses or Misuses of Information You should immediately report any losses or misuses of protected information to your Information Security Officer. The Security Incident Response Team (SIRT) will investigate any incidents. PrevNext

30 Prev Disciplinary Actions Individuals who violate the UNC HCS Information Security Policy will be subject to appropriate disciplinary action as outlined in the entity’s personnel policies, as well as possible criminal or civil penalties. PrevNext

31 Prev For more information: www.unch.unc.edu/hipaa PrevNext

32 Prev You have now successfully completed the online HIPAA General Security Module - Click to end show - Prev

Download ppt "Online Course START Click to begin… Module 2 General Information Security."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an email from a stranger – it may contain viruses that.

Internet Safety Basics Never share names, schools, ages, phone numbers, or addresses. Never open an from a stranger – it may contain viruses that.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Similar presentations

Ads by Google