Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Published bySusan Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How."— Presentation transcript:

1 Information Security 2013 Roadshow

2 Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How to Spot a Spoofed Web Site Recognize a Phishing Attempt What is Social Engineering  Privacy and Compliance PCI/HIPAA/FERPA Policy Privacy and Best Practice

3 Why We Care About Information Security Personal Reasons :  Identity Theft  Loss of Data  Financial Loss  Poor Computer Performance Institutional Reasons:  Protect Middlebury College  Compliance with Laws and Standards  Prevent Reputational Damage  Reduce Legal Liability for the College  As Well As the Personal Reasons Listed Above

4 How do I Know a Web Site is Secure? HTTPS in the Address bar is an indicator of a secure web site. A web site encrypted with SSL should display a near the address bar. Not all devices or browsers display the same.

5 What is a Spoofed Web Site Just because the site looks like Middlebury does not mean it is Check the address or URL Never enter login information unless the site is secure and you have checked the URL

6 How to Spot Phishing Do NOT click on links or open attachments in suspicious emails! Forward all suspected Phishing messages to phishing@middlebury.edu before deleting the message. If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk!

7 What Phishing Can Do Do NOT click on links or open attachments in suspicious emails! Forward all suspected Phishing messages to phishing@middlebury.edu before deleting the message. If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk! Infect a system with malware Mislead a user into giving up credentials Compromise email with rules and scripts Stet the stage for a larger attack

8 What is FakeAV Tries to look like regular AV Clicking on the warning will download a virus Often the best bet is a hard shutdown of the system Know what your AV warnings look like Sophos anti-virus does offer some web protections which help to prevent the download activity of FakeAV.

9 Social Engineering Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. (From Wikipedia) Examples: You are in a hotel and receive a call from the front desk to confirm your credit card details. You receive a call at work from support services asking for your password to fix a problem on your computer. You are at home and get a call from the help desk asking for your login information to reset your email account.

10 What Laws Protect Information Here at Middlebury Family Education Rights and Privacy Act (FERPA) = Student Data Health Information Portability and Accountability Act (HIPAA) = Health Data Sarbanes – Oxley Act (SOX) = Financial Data for Businesses Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions VT Act 162 = Data Breach Notification & SSN Handling Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data

11 What Policies Protect Information Here at Middlebury Privacy Policy = Confidentiality of Data http://go.middlebury.edu/privacy Network Monitoring Policy = Protection of College Technology Resources http://go.middlebury.edu/netmon Technical Incident Response Policy = Response to Information Security Events http://go.middlebury.edu/tirp Data Classification Policy = Defines Data Types Not in handbook as of yet Red Flags Policy = Identity Theft Protection Not presently in hand book PCI Policy = Payment Card Data Handling http://go.middlebury.edu/policy?pci Other Policies Live Here: http://go.middlebury.edu/handbook

12 What are Some Best Practices Do Look for HTTPS and other key address indicators when you are going to different web sites. Use a strong challenge question in Banner SSB Redaction – remove or mask (block out) personally identifiable information when sharing data Be suspicious of unsolicited email or phone calls. Lock your computer or secure information when you leave your work space. Use Anti-Virus on both your work and home systems Use secure passwords which you change often. This also applies to mobile devices. Do

13 What are Some Best Practices Do Not DO NOT write down or share your passwords - tools such as eWallet or 1Password work well as secure password storage alternatives. DO NOT store confidential data on unencrypted thumb drives or other unsecured media -if you need to transfer the data encrypt the file or password protect the file and keep a master copy on the server. Do Not DO NOT place confidential data in email -email a link to where the file is stored. This may add complexity but increases security. Windows Explorer can show you the path to the location of the file. DO NOT record sensitive data on the College web site, blog or Wiki

14 Discussion and Links Please share your thoughts! Information Security Resources: http://go.middlebury.edu/infosec http://go.miis.edu/infosec Report Information Security Events To: infosec@middlebury.edu

Download ppt "Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Information Security Awareness Training

Information Security Awareness Training
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Similar presentations

Ads by Google