Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Published byEdwin Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How."— Presentation transcript:

1 Information Security 2013 Roadshow

2 Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How to Spot a Spoofed Web Site Recognize a Phishing Attempt What is Social Engineering  Privacy and Compliance PCI/HIPAA/FERPA Policy Privacy and Best Practice

3 Why We Care About Information Security Personal Reasons :  Identity Theft  Loss of Data  Financial Loss  Poor Computer Performance Institutional Reasons:  Protect Middlebury College  Compliance with Laws and Standards  Prevent Reputational Damage  Reduce Legal Liability for the College  As Well As the Personal Reasons Listed Above

4 How do I Know a Web Site is Secure? HTTPS in the Address bar is an indicator of a secure web site. A web site encrypted with SSL should display a near the address bar. Not all devices or browsers display the same.

5 What is a Spoofed Web Site Just because the site looks like Middlebury does not mean it is Check the address or URL Never enter login information unless the site is secure and you have checked the URL

6 How to Spot Phishing Forward all suspected Phishing messages to phishing@middlebury.edu before deleting the message. If you fall victim to a phishing attack RESET your password immediately and then call the Helpdesk.

7 What is FakeAV Tries to look like regular AV Clicking on the warning will download a virus Often the best bet is a hard shutdown of the system Know what your AV warnings look like Sophos anti-virus does offer some web protections which help to prevent the download activity of FakeAV.

8 Social Engineering Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims. (From Wikipedia) Examples: You are in a hotel and receive a call from the front desk to confirm your credit card details. You receive a call at work from support services asking for your password to fix a problem on your computer. You are at home and get a call from the College help desk asking for your login information to reset your email account.

9 What Laws Protect Information Here at Middlebury Family Education Rights and Privacy Act (FERPA) = Student Data Health Information Portability and Accountability Act (HIPAA) = Health Data Sarbanes – Oxley Act (SOX) = Financial Data for Businesses Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions VT Act 162 = Data Breach Notification & SSN Handling Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data

10 What Policies Protect Information Here at Middlebury Privacy Policy = Confidentiality of Data Network Monitoring Policy = Protection of College Technology Resources Incident Response Policy = Response to Information Security Events Data Classification Policy = Defines Data Types Red Flags Policy = Identity Theft Protection PCI Policy = Payment Card Data Handling College Policies Live Here: http://go.middlebury.edu/handbook

11 What are Some Best Practices Do Look for HTTPS and other key address indicators when you are going to different web sites. Use a strong challenge question in Banner SSB Redaction – remove or mask (block out) personally identifiable information when sharing data Be suspicious of unsolicited email or phone calls. Lock your computer or secure information when you leave your work space. Use Anti-Virus on both your work and home systems Use secure passwords which you change often. This also applies to mobile devices. Do

12 What are Some Best Practices Do Not DO NOT write down or share your passwords DO NOT store confidential data on unencrypted thumb drives or other unsecured media -if you need to transfer the data encrypt the file or password protect the file and keep a master copy on the server. Do Not DO NOT place confidential data in email -email a link to where the file is stored. While file links may not be as easy as a web link to add to an email or document they are much more secure then attaching a document. Windows Explorer can show you the path to the location of the file. DO NOT record sensitive data on the College web site, blog or Wiki

13 Discussion and Links Please share your thoughts! Information Security Resources: http://go.middlebury.edu/infosec http://go.miis.edu/infosec Report Information Security Events To: infosec@middlebury.edu

Download ppt "Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Similar presentations

Ads by Google