Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Awareness:

Published byPhoebe Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Awareness:"— Presentation transcript:

1 Information Security Awareness:
Building a Culture of Commitment to Security

2 Security Awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization

3 UW Medicine IT Resources
IT Services ITS provides information systems support for UW Medicine. Its core mission is to make a difference through the use of information technology for teaching, research and patient care. A few services ITS provides are Help Desk support, work station support, account support, and clinical systems administration. The ITS Help Desk can be reached at or

4 Other IT Resources UW Technology – www.washington.edu/uwtech
or Departmental IT Provide local support for computing devices distributed by the department You If there is no assigned IT staff for a device then you are responsible for it’s security

5 Information Security Principles
UW Medicine computers and data need protection Protection is based on the needs to preserve Confidentiality, Integrity and Availability Security is everyone’s responsibility Decision Box Determine if the IT security training is required for all staff. This may require system specific training for various users vs. general training for a majority of the staff. Make sure management understands: the benefits of IT security training on staff behavior, that is cost effective, and the need to invest in adequate staff training.

6 Data Classification Public = This is information that is either approved for general access, or by its nature, is not necessary to protect, and can be shared with anyone. Restricted = This is information which is intended strictly for use by designated parties and requires careful management. Confidential = This classification of information is very sensitive in nature, and requires careful controls and protection. Examples of confidential data include PHI, PII, and passwords

7 STRONG Passwords Why is it important to use strong passwords?
Password guessing tools guess in 7 character sets. Lengths of 8 characters or more make it more difficult to guess An apparent random set of characters makes it more difficult for a hacker to guess. ABCD, abcd, 1234 Where supported a “pass phrase” should be used. They are easier to remember and much harder to break.

8 User ID and Password Management
Your manager is responsible for making sure your access rights are correctly assigned initially and to update your access upon role changes, transfer or termination. Each workforce member is assigned a unique User ID and must not share it with anyone. Each system that a user has access to will be logged and tracked. All passwords must be changed every 120 days. It is the user’s responsibility to do this. UW Medicine Account or AMC Login

9 Security Always be aware of phishing and social engineering scams, dangerous attachments, viruses, embedded links to malicious websites and social engineering All UW Medicine is open to public disclosure Delete confidential s as soon as they are no longer needed DO NOT forward confidential s to a third party system e.g., hotmail, yahoo, aol, gmail Check and double-check all messages containing restricted or confidential information for proper recipient addresses Encrypt messages when sending confidential information to systems outside of UW Medicine

10 Mobile Device Security
Mobile devices include laptops, Blackberries, smart phones, or any portable device capable of storing and interpreting data. Mobile devices are of special concern because they are easily lost and attractive to thieves. Personally owned mobile devices must comply with UW Medicine policies and standards when used for work purposes. The owner of the device is responsible. Encryption required when storing PHI, PII or passwords No automatic login, require password to log on to the device Passwords on these devices must be changed every 120 days Patched and up to date operating system

11 Data Transmission Security
There are many other ways to transmit data electronically. They also require encryption as a protection in certain cases. Examples of other forms of transmission include faxes, instant messaging, text messaging, smart phones and other file sharing mechanisms. PII, PHI or passwords transmitted by any mechanism or device across non-UW Medicine networks or any wireless networks, must be encrypted.

12 Wireless Security Throughout UW Medicine, wireless networks are provided by UW Technology. These wireless networks are labeled “University of Washington”. UW Technology does not provide encryption for transmission of data on their wireless networks. When using wireless networks you must use encryption when transmitting PHI, PII or passwords. Always disable your wireless when not in use. Windows will automatically scan for known (trusted) wireless networks. Wireless networks are easily monitored by unauthorized individuals. Users should be aware that any transmitted data could be stolen unless encrypted.

13 Workstation/Work Area Security
Workstations must be locked or logged out of when not in use or unattended. Never enter passwords or conduct UW Medicine business from 3rd party kiosks, such as an Internet café computer. Workforce members that use their personal computer for work must comply with the minimum computer security standard. Restricted or Confidential information in your work area must be secured when not in use. Always clear Restricted or Confidential information from printers immediately.

14 Risks of Web Browsing Users should be aware that even “trusted” websites can house malicious software. Clicking links on WebPages can download and run programs on your computer. Plug-ins should only be downloaded if absolutely necessary and after they are used should be removed. Where technically feasible an alternate web browser i.e. – Firefox, Opera, Safari should be used to conduct sensitive business.

15 Remote Access UW Medicine provides SSL VPN (encrypted transmission) for it’s remote access purposes. VPN access can be requested through IT Services Help Desk. Have your supervisor contact the Help Desk for the request form. Remote Access is only provided to conduct official UW Medicine business that is part of the requestors job function. Any transmission of PHI, PII, or passwords from a remote site to a UW Medicine site must be encrypted. This protection can be provided by the application, e.g. an SSL protected web application, or by VPN.

16 Copying of Data and Media Disposal
Media is any portable device that is capable of storing electronic data. Examples include USB drives, CD/DVD, external hard drives, tapes, flash memory cards, etc. Once a workforce member removes data from a controlled system it becomes their responsibility to ensure the protection of the data. PHI, PII and passwords stored on media must be encrypted. Media containing restricted or confidential information must be destroyed in such a way to make the data unrecoverable when no longer needed.

17 Security Incident and Complaint Response
Security Incidents are any event involving a breach or potential breach of a UW Medicine computing device or data. Security Complaints are a report of a suspected violation of UW Medicine policy, state or federal law, or other regulation. All UW Medicine workforce members must report security incidents and complaints to the ITS Help Desk. If you suspect a security incident has occurred on a UW Medicine computing device then you must not alter the state of the device. You should unplug the network cable and leave it powered on. A UW Medicine ITS or Compliance member will contact you once you report an incident or complaint.

18 Questions Brad Peda

Download ppt "Information Security Awareness:"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
THE WHY AND HOW OF DATA SECURITY YOUR ROLE IN DATA STEWARDSHIP DEPARTMENT OF MEDICINE IT SERVICES.

THE WHY AND HOW OF DATA SECURITY YOUR ROLE IN DATA STEWARDSHIP DEPARTMENT OF MEDICINE IT SERVICES.

Similar presentations

Ads by Google