Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Security Essentials Ian Lazerwitz, Information Security Officer."— Presentation transcript:

1 IT Security Essentials Ian Lazerwitz, Information Security Officer

2 Trends in Email, Web, and Malware Threats Mail/Spam Volume Mail volumes increased dramatically during the month of August, eclipsing even the record highs established last December, with spam making up 89% of all email. The increase was largely caused by the huge number of fake greeting card and YouTube video emails with links to malicious websites sent by the Storm worm, as well as large amount of PDF spam also distributed by Storm. At the end of the month, Storm had ceased to distribute PDF spam, most likely due to a lower response rate from users for this type of spam

3 Spam Statistics

4 Trends in Email, Web, and Malware Threats II Malware Trojans accounted for over 78% of all newly discovered malware in August, followed by Adware and Spyware that made up almost 14%. 97% of all new malware came in the form of Windows Executable files. Zombies An average of 264,133 new zombies were detected daily in August, many associated with the new infections caused by the Storm worm.

5 Trends in Email, Web, and Malware Threats III Web Threats An average of 11,906 total new malicious websites were detected daily in August. Over 30,000 of them had been used by the Storm worm to host the Mpack exploit toolkit that it uses to infect victim machines.

6 Fundamentals of Security Confidentiality Integrity Availability Confidentiality IntegrityAvailability

7 Why all the concern about security? Computer hacking has become a big business We store large amounts of personal data in our systems on students and employees We need that data to be accurate and available in order to do our jobs We must comply with state and federal regulations

8 What are we doing about it? Constantly monitoring our systems and threats to keep our servers and our network secure Implementing policies, procedures and practices to assure only authorized users have access to data Educating users

9 What can you do? Security is everyone’s responsibility Contact the IT Security Office with any questions or if you suspect there has been a security breach Follow some basic guidelines:

10 Be aware Make information security a regular practice Recognize poor security practices in your own habits and in your office Remain vigilant where information security is concerned

11 Passwords Never share a password –If more than one person needs access work with DoIT to create a network share so each can use their own password –Even the DoIT Helpdesk should never ask for your password

12 Passwords Choose a strong password –We recommend that you change your password regularly –Use a phase that’s easy to remember but hard to guess –Your password must contain 3 of 4 Uppercase letters Lowercase letters Numbers Special Characters

13 Password Examples Weak Passwords –Fluffy –Password3 –Lazerwitz Strong Passwords –str0ngPa55 –3plus3=Six –myc@tisf!uffy

14 Passwords Never post your password –On your computer monitor –Under your keyboard –In a desk drawer –Anyplace that someone might look

15 Passwords Never save passwords in applications –E-mail, Web Authoring, Dialup, VPN –Anyone who site at your computer has access to those applications –Equally important at home

16 Personally Identifiable Information (PII) is information that can be used to steal identities, disrupt University operations and damage Pace’s reputation includes: –Social Security Numbers (SSNs) –Health Information – including immunization information, FMLA information and –Credit Card information –Non public directory information – including student grades

17 PII Date Handling Best Practices Assign a complex password and change it regularly; Don’t use Internet files sharing software such as Kazaa or BitTorrent.; It is important to treat other people’s information as if it was your own!!!!

18 PII Date Handling Best Practices Delete files from ALL locations (hard drive and network drive) when no longer valid. Do not hold on to old queries or reports that contain personal information. Empty your computer’s recycle bin and clear temporary file folders

19 PII Date Handling Best Practices Never share passwords; Avoid emailing sensitive files. If email is absolutely necessary, use password protection; Use a password protected screen saver; Shut down or turn off the computer when not in use;

20 PII Printing Best Practices Printed reports with PII data must contain the creator’s name, date and time, data source and a confidential notice. Limit display of personal information. Do not leave paper containing personal information on desks or in open view; avoid printing SSN unless required by law.

21 PII Printing Best Practices Always store paper reports containing PII in a secure location such as a locked filing cabinet and know who has access to the location. Avoid taking PII reports with you to unsecured locations such as your home or car.

22 PII Printing Best Practices Limit distribution of documents with PII and know who is receiving the documents and how it will be used.

23 Physical Security Always lock your computer when you leave it unattended (ctrl-alt-del) Never leave hard copies with sensitive date in plain view Always log out of web applications (Banner, e-mail, calendar) and close the browser

24 Laptops and Mobile Devices Theft Access on unsecure networks Strong passwords Encryption

25 Did you know? (Antivirus) Pace University has a site license to install Symantec Antivirus on all Pace computer We also provide Antivirus software for staff, faculty, and student home use

26 Did you know? It is a violation of University policy to share your password You should keep your computer operating system and applications patched to protect against unwanted intrusions

27 Did you know? You should make backups of critical files At home use a personal firewall Do not open unexpected emails

28 Information Security Office Ian Lazerwitz –Information Security Officer ilazerwitz@pace.edu itsecurity@pace.edu Http://www.pace.edu/safecomputing

Download ppt "IT Security Essentials Ian Lazerwitz, Information Security Officer."

Similar presentations

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
PC Security 101 Keeping your data safe. Security is a real concern Identity theft is a hot topic in the news. Data theft is a very real and serious issue.

PC Security 101 Keeping your data safe. Security is a real concern Identity theft is a hot topic in the news. Data theft is a very real and serious issue.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1

Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

Similar presentations

Ads by Google