Computer Security at Columbia College. Barak Zahavy April 2010

Size: px
Start display at page:

Download "Computer Security at Columbia College. Barak Zahavy April 2010"

Transcription

1 Computer Security at Columbia College Barak Zahavy April 2010

2 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations

3 Approach Broad range of awareness Cover a wide range of material 3

4 Computer Security Protection of computers and their information from theft, while allowing them to remain accessible and productive to their intended users Protection of sensitive and valuable information and services from publication or tampering by unauthorized parties 4

5 Why worry about Computer Security? 5

6 Why worry about Computer Security? 6

7 Why worry about Computer Security? Identity theft FTC estimates that as many as 9 million Americans have their identities stolen every year Such crimes involve personally identifying information such as: Name and address Social Security Number Credit Card Numbers Property theft 7

8 Identity Theft Common vulnerabilities Old-fashioned theft Dumpster diving Social engineering Phishing Viruses, hacking 8

9 Identity Theft What do thieves do with a stolen identity? Credit card fraud open new account, change billing address Phone or utilities fraud open new account, run up charges on existing accounts Bank fraud open new account, fraudulent checks, take out a loan Government documents fraud get driver s license, get gov t benefits Others get a job, rent a house, get medical services, and many more! 9

10 Data breach An unintentional release of secure information to an untrusted environment (Wikipedia) Data Breach does not necessarily imply Identity Theft 78 breaches at American educational institutions in 2009; over 800,000 records exposed (Identity Theft Resource Center) 10

11 Data Breach Recent Local Incidents Housing and Dining, June records on file uploaded to a Google project site Columbia College, January records on 3 stolen laptops 11

12 Costs: Personal Some cases are resolved quickly Some cases costs individuals hundreds of dollars and many days repairing good name and credit record Examples of potential risks Lose out on job opportunities Be denied loans for education, housing, or cars 12

13 Costs: Institutional Disruption to University business Report to government agencies as required by law Internal investigation Mail to affected individuals Ex-post response Media management Potential repercussions Regulatory fines Loss of funding from government agencies Lawsuits Loss of donations and gifts Loss of reputation Credit monitoring for affected individuals Estimated $202 per disclosed record, including direct and indirect costs (Ponemon Institute) [202 x 1400 = 282,800] 13

14 Prevention Our obligation: Protect the confidential information of others Protect your own confidential information 14

15 How? The number one rule to avoiding privacy problems is, don t have the information in the first place --Steven Bellovin, Columbia University Department of Computer Science 15

16 How? Know your data and your computer Follow safe computing best practices Be conscious of data security Employ physical security Scan your computer regularly Let your computer get updated Ensure smartphones have passcodes 16

17 Know your data and your computer Know what data elements you use People may be unaware that SSNs or credit card numbers are on their computers Know how information is processed and stored in our computing environment What you save to your profile is synchronized with a secure file server upon login and logout Your profile includes My Documents, Desktop, and various customized settings Know the security controls in place Logins: Windows (College domain) and Applications (e.g. Outlook, OnBase) Physical security (e.g. cable locks, door locks) Secure protocols (e.g. Terminal Services, HTTPS) Disk Encryption (rollout in progress) Configurations: Automatic updates, Firewall, Anti-virus software, managed system privileges, PCPhoneHome 17

18 Safe computing best practices Do Be suspicious of requests for personal information that come via Be careful about opening any attachments Be conscious of security threats and viruses Don t Don t use peer-to-peer file-sharing on University-issued computers Don t give out personal information unless you know who you are dealing with Never click on links in unsolicited s 18

19 Passwords Use strong passwords Use a combination of letters, numbers, and punctuation marks Switch between UppER and LoWer case Don t use easy-to-guess passwords like DOB, maiden name, password, dictionary words, names Commit passwords to memory Don t record them on post-its stuck to your monitor Don t share passwords with anyone 19

20 Data Security Precautions In general, do not store SSNs anywhere If you must store SSNs in a file, save it on a secure network file share (e.g. O drive ) If you need to share a file that contains sensitive data with a colleague, do it on the O drive, not via If you need to deliver sensitive data outside the office, you may encrypt files on USB keys or CDs Documentation to come from CCIT 20

21 Physical Security Lock doors to areas that contain sensitive information Ensure computers are locked down Notify CCIT if cables are missing or with any questions Use laptop security cables Notify CCIT if you have issues, lost the key, etc. Don t leave paper lying around faxes or printers Erase sensitive information on whiteboards 21

22 Data Discovery Software Goal: Remove all confidential numbers from individual computers Exception: circumstances where such numbers are still required for University business Tool: Spider data discovery software 22

23 Data Discovery Software Searches for sensitive information, such as SSNs or Credit Card numbers Produces report of files that may contain such data. Some false-positives may be included What if you find sensitive data? On a case-by-case basis, evaluate if the file may be deleted, edited (e.g. remove column of SSNs), or moved to secure network file share ( O drive ) CCIT in process of rolling out software and documenting procedures 23

24 System Updates Windows Updates Automatically get installed in the middle of the night on the second Tuesday of every month Leave your computer logged out and powered on overnight Laptops should be left in the office, logged out and powered on to get these updates. If not the designated night, as soon as possible afterward Virus scanning updates Automatically get installed when you are logged in at the office 24

25 Smartphones Blackberries, iphones, etc. Sensitive data may exist in or documents in memory Secure with a passcode Turn off Bluetooth if not in use 25

26 How? (Again) Know your data and your computer Follow safe computing best practices Be conscious of data security Employ physical security Scan your computer regularly Let your computer get updated Ensure smartphones have passcodes 26

27 What else? What else is being done about all of this? 27

28 CCIT is Keeping the servers secure Regular system maintenance, firewalls, system monitoring, backups, etc. Managing remote patches and updates So your computers reap the benefits 28

29 CCIT is in the process of Deploying encryption technology on all laptops Important tool to safeguard confidential data Rolling out Spider scanning tool and procedures Auditing physical computer locks and cables Looking for ways to remove reliance on SSNs 29

30 What may be coming Communications on records retention policies Data security agreement for your signature Sensitive data scanning updates Updates to procedures Results of CCIT network file share scans Reduced system reliance on SSNs 30

31 Further considerations Keep track of where you encounter sensitive data and report it to CCIT If you believe you inadvertently revealed sensitive University data, including any or your passwords, contact CCIT immediately 31

32 Policies and Regulations Relevant University Policies Social Security Number (SSN) and Unique Person Number Usage (UPN) Policy Information Security Charter Desktop and Laptop Security Policy Encryption Policy Federal laws protect the privacy and security of SSNs Personal Data Privacy and Security Act of 2007 Family Educational Rights and Privacy Act (FERPA) Federal law that protects the confidentiality of many student records 32

33 Summary Data breaches are costly Follow best practices and keep your computer secure Don t store SSNs in your profile Contact CCIT with questions 33

34 Questions? 34

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud. IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Paul Nguyen. 2014 CSG Interna0onal

Paul Nguyen. 2014 CSG Interna0onal Paul Nguyen 2014 CSG Interna0onal Security is Top- of- Mind Everywhere High- profile breaches: 2K+ breaches expose nearly 1B records in 2013 Increased regulatory pressure State- sponsored hacking around

More information

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

Presented by Dave Olsen, CPA, President

Presented by Dave Olsen, CPA, President Presented by Dave Olsen, CPA, President My Frame of Reference 15 Years in Public Practice 11 Years in Tax & Accounting Software (20% of prof. e-files) 3 Year term on IRS ETAAC committee and Security Sub-Group

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Computing Services Information Security Office. Security 101

Computing Services Information Security Office. Security 101 Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,

More information

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs. PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Protecting Yourself Against Identity Theft. Identity theft is a serious. What is Identity Theft?

Protecting Yourself Against Identity Theft. Identity theft is a serious. What is Identity Theft? Protecting Yourself Against Identity Theft Identity theft is a serious crime. Identity theft happens when someone steals your personal information and uses it without your permission. It is a growing threat

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

Wellesley College Written Information Security Program

Wellesley College Written Information Security Program Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as

More information

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use

More information

HIPAA Compliance Evaluation Report

HIPAA Compliance Evaluation Report Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations

More information

Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information

Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information Session 46 Information Security Creating Awareness, Educating Staff, and Protecting Information Chris Aidan, CISSP Information Security Manager Pearson Topics Covered Data Privacy Spyware & Adware SPAM

More information

ENISA s ten security awareness good practices July 09

ENISA s ten security awareness good practices July 09 July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European

More information

University of Northern Colorado. Data Security Policy for Research Projects

University of Northern Colorado. Data Security Policy for Research Projects University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...

More information

Better secure IT equipment and systems

Better secure IT equipment and systems Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government

More information

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) Below you will find the following sample policies: Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template) *Log in to erisk Hub for

More information

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff CYBER-SAFETY BASICS A computer security tutorial for UC Davis students, faculty and staff INTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

Information Security Policy

Information Security Policy Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

Cyber Risk in Healthcare AOHC, 3 June 2015

Cyber Risk in Healthcare AOHC, 3 June 2015 Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Acceptable Usage Guidelines. e-governance

Acceptable Usage Guidelines. e-governance Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you. At SunTrust, we re committed to protecting your accounts and identity. That s why we ve created this Identity Theft Guide. This guide provides information about online fraud and identity theft, as well

More information

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central. POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

INFORMATION SECURITY BASICS. A computer security tutorial for Holyoke Community College

INFORMATION SECURITY BASICS. A computer security tutorial for Holyoke Community College INFORMATION SECURITY BASICS A computer security tutorial for Holyoke Community College I NTRODUCTION This tutorial provides some basic information and practical suggestions for protecting your personal

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

TYPES OF POSSIBLE IDENTITY THEFT

TYPES OF POSSIBLE IDENTITY THEFT Identity Theft What is Identity Theft? Identity theft occurs when someone uses your personal information such as your name, social security number, and or other identifying information without your permission

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

ISEC Seminar : Protecting Personal Data in the Electronic Media Personal Data Security @ JPMorgan Micky Lo March 2007 1 Agenda Data Theft Incidence & Industry Figures Threats and Vulnerabilities Data Protection

More information

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about: financialgenius.usbank.com Course objectives learn about: Avoiding Identity Theft Recognize Phishing Attempts Getting Help for ID Theft Victims Identity Theft Protecting Yourself and Your Identity Index

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

SmartHIPAA! 5 simple and inexpensive tips to protect patient information

SmartHIPAA! 5 simple and inexpensive tips to protect patient information SmartHIPAA! 5 simple and inexpensive tips to protect patient information 5 simple and inexpensive tips to protect patient information HIPAA security guidelines can be confusing and compliance expensive.

More information

Protecting Yourself from Identity Theft

Protecting Yourself from Identity Theft Protecting Yourself from Identity Theft Identity theft is everywhere. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every two seconds. While we cannot

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources Boston Public Schools Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and Scope of Policy Technology Resources ACCEPTABLE USE POLICY AND GUIDELINES Boston

More information

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Deterring Identity Theft The evolving threats of Identity Theft The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Identity theft complaints

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

IBM Data Security Services for endpoint data protection endpoint encryption solution

IBM Data Security Services for endpoint data protection endpoint encryption solution Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Business Identity Fraud Prevention Checklist

Business Identity Fraud Prevention Checklist Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any

More information

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security

ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF. Cheryl Granto Information Security Manager, UFIT Information Security ADMINISTRATORS SERIES PRIVACY AND SECURITY AT UF Susan Blair Chief Privacy Officer Cheryl Granto Information Security Manager, UFIT Information Security RULES OF THE ROAD Information Highway Danger Zones

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

I dentity theft occurs

I dentity theft occurs 1.3.1.F1 Identity Family Economics and Financial Education W h at i s I d e n t i t y T h e f t? I dentity theft occurs when someone wrongfully acquires and uses a consumer s personal identification, credit,

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses

CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses Introduction Clear Lake Bank & Trust Company is committed to protecting your business, personal, and

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Identity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection

Identity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection Identity Theft: A Growing Problem presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection Identity Theft What it is How it happens How to protect yourself

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Do s & Don ts Reference website. www.farmersidentityshield.com

Do s & Don ts Reference website. www.farmersidentityshield.com What is identity theft? How do thieves steal an identity? What do thieves do with a stolen identity? How can you find out if your identity was stolen? How long can the effects of identity theft last? What

More information

Data Security and the Cloud

Data Security and the Cloud Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The

More information

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed

More information

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007 Gramm Leach Bliley Act 15 U.S.C. 6801-6809 6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007 1 Objectives for GLBA Training GLBA Overview Safeguards Rule

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

NC DPH: Computer Security Basic Awareness Training

NC DPH: Computer Security Basic Awareness Training NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Learning Objectives Discuss the aspects of identity theft Discuss the signs of recognizing when your identify has been stolen Understand the steps to take to reclaim your identity

More information