Security Awareness. Top Security Issues. Office of Informa(on Technology Informa5on Security Department BE CYBER SAFE

Size: px
Start display at page:

Download "Security Awareness. Top Security Issues. Office of Informa(on Technology Informa5on Security Department 2011-2012 BE CYBER SAFE"

Transcription

1 Security Awareness Office of Informa(on Technology Informa5on Security Department Top Security Issues BE CYBER SAFE 1

2 Top Security Items for Passwords Social Networking Phishing Malware, Spyware, & An5- virus Confiden5al Data What is Confiden5al Data? Protec5on of Mobile Confiden5al Data Computer Disposal & Informa5on Destruc5on Regulatory Compliance (FERPA, HIPAA, PCI) PC Desktop Security Repor5ng a Security Incident Security Awareness INTERNAL USE 2

3 Passwords First line of security Password Paradox: use a strong password and remember it. Password Strength depends on Length & Complexity At least 8 characters long At least one alphabe5c character A mix of upper and lower case characters At least one numeric character At least one special character Security Awareness Weak passwords: roll5de, crimson4ever, querty, CharlieBrown, default Strong passwords: M00dR!ng32, C5$atw13!, Zufzy101* Passwords should be mobile. Change them ocen, and do not use the same password for all of your accounts. 3

4 Social Networking Online communi5es like Facebook, Google+, MySpace, and Twifer, that allow people to interact with family, friends, and others who may have similar interests. Some cau(ons include: Phishing & Iden5ty Thec Loss of Privacy Viruses and Malware Cyberbullying Other Predators How to be Cyber Safe Keep private informa5on private! Use privacy seings Only approve friend requests from those you know Only post info you are comfortable with others seeing Always make sure you are at the REAL site when entering your creden5als Be skep5cal! 4

5 Phishing Phishing is a type of fraud, usually carried out electronically using , Instant Messaging, or Text Messaging. It seeks to steal private informa5on (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organiza5on. How to be Cyber Safe Never reply to an unsolicited that asks for personal informa5on Never click on any links within an unsolicited Always visit a commerce or financial ins5tu5on s website directly Never share account informa5on/passwords. It is against UA policy Regularly check your accounts for unusual ac5vity Always use common sense and good judgment 5

6 Malware, Spyware, & An5virus Malware is malicious code that is designed to secretly access a computer system without the owner s informed consent. Includes: viruses, worms, trojan horses, spyware, adware, scareware, crimeware, rootkits, etc. According to the major an5virus vendors, there were more than 20 million new strains of malware iden5fied in 2010 alone. In 2011, 73,000 new strains of malware created daily according to Panda Labs. How to be Cyber Safe Do not download shareware or freeware from suspicious sites Do not click on web pop- ups claiming to be an5- virus protec5on Keep an5virus and an5spyware socware up to date Ensure an5virus socware is configured to update automa5cally Scan documents for malware when you access files from external devices or import afachments At UA we use McAfee & manage over 8600 computers via epo. 6

7 What is Confiden5al Data? Generally, confiden(al data is any informa5on that contains the following elements in conjunc5on with an individual s name, birth date, or other iden5fier: Social Security number Credit card number Driver s license number Bank account number Pa5ent treatment informa5on How to be Cyber Safe Scrub old class rosters/student lists of any SSNs used as ID numbers Ensure research/irb data is secured with appropriate controls For students: Protect your personal confiden5al data UA houses confiden5al data in secure systems in a secure data center with appropriate controls Encrypted at rest and in transit 7

8 Mobile Confiden5al Data Confiden(al data can also be transmifed/stored in mobile devices such as laptops and smart or mobile phones. How to be Cyber Safe Be aware of confiden5al data in files, s, and afachments Treat your mobile device like a wallet or purse. It may contain as much personal iden5ty informa5on Check over your shoulder when in public Specifically for Laptops Enable Passwords UA offers Hard Drive encryp5on via Checkpoint USB flash drive encryp5on via Endpoint Specifically for Smart/Mobile Phones Enable screen password Flash storage cards and SIM cards can hold sensi5ve data Remote wipe is available for select phones 8

9 Computer Disposal & Informa5on Destruc5on Prior to disposal, computer systems should be sani5zed and secured. Confiden(al data can remain hidden on old hard drives and may not be cleaned off by the system s new owner. How to be Cyber Secure Prior to disposal, wipe hard drives to ensure confiden5al data is destroyed. Use KillDisk Be aware of any confiden5al data that you store on external storage like USB Flash Drives, DVDs, CDs, and external hard drives Destroy unwanted media to ensure they are secured 9

10 Confiden5al Data & Regulatory Compliance UA is required to comply with federal regula5ons regarding the handling of par5cular types of confiden5al informa5on: HIPPA: Use and disclosure of protected health informa5on FERPA: Use and disclosure of protected student informa5on PCI DSS: Merchant compliance with payment card industry data security services How to be Cyber Secure Afend basic security training annually (in process) If you use pa5ent treatment data or have access to a facility that contains pa5ent treatment informa5on: HIPAA annual training and acknowledgement If you use student records of current students: FERPA training If you process credit cards for customers: PCI 10

11 PC Desktop Security Most security incidents are caused by flaws in socware called vulnerabili(es. According to Symantec sta5s5cs, the number of new vulnerabili5es reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabili5es in products such as Internet Explorer, Adobe Reader and Adobe Flash. How to be Cyber Secure Keep your Opera5ng System and other socware up to date on security patches Keep your an5- virus socware up to date Turn on your local Windows Firewall Backup your system and files periodically Be mindful of the web sites you visit Lock your PC whenever you are away from your desk Set a secure screen saver that auto- locks acer 15 idle minutes Use strong passwords for all your accounts 11

12 Repor5ng a Security Incident Please contact the OIT Service Desk ( ) or send an to security@ua.edu to report any of the following: Suspected compromise of a UA informa5on technology system Suspected unauthorized disclosure of Confiden5al data or internal use only data Suspected unauthorized use of your bama, e- mail, or network account Misuse of informa5on technology resources Stolen or vandalized informa5on technology owned by UA General suspicious computer ac5vity or concerns For more informa5on regarding safe on- line prac5ces, go to hfp://cybersafe.ua.edu, hfp://oit.ua.edu/security or hfp://onguardonline.gov. 12

13 Ques5ons/Comments Security Awareness Security is everyone s responsibility. 13

An Introduction on How to Better Protect Your Computer and Sensitive Data

An Introduction on How to Better Protect Your Computer and Sensitive Data An Introduction on How to Better Protect Your Computer and Sensitive Data Common Security Problems Computer users who fail to use strong passwords Constant attacks by viruses, worms, key loggers and bots

More information

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness

PATRIOT BANK CUSTOMERS. Corporate Account Takeover & Information Security Awareness PATRIOT BANK CUSTOMERS Corporate Account Takeover & Information Security Awareness What will be covered! What is Corporate Account Takeover?! How does it work?! Sta9s9cs! Current Trend Examples! What can

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

Member Municipality Security Awareness Training. End- User Informa/on Security Awareness Training

Member Municipality Security Awareness Training. End- User Informa/on Security Awareness Training End- User Informa/on Security Awareness Training 1 Why Awareness Training? NCLM sanc:oned mul:ple Security Risk Assessments for a broad spectrum of member municipali:es The assessments iden:fied areas

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO

Build a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO Build a HIPAA- Compliant Prac5ce Wes Strickling, Founder & CEO Agenda What is HIPAA Compliance? What does it mean to your prac5ce? What should you do? Q & A What Is HIPAA Compliance? Health Insurance Portability

More information

Corporate Account Takeover & Information Security Awareness

Corporate Account Takeover & Information Security Awareness Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security The IT Security Office (ITSO) What We Do? Risk Assessment Network and System Security Monitoring Vulnerability Scanning

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The

More information

Cyber Security Awareness. Internet Safety Intro. www.staysafeonline.org

Cyber Security Awareness. Internet Safety Intro. www.staysafeonline.org Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

How to stay safe online

How to stay safe online How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

HIPAA Security Education. Updated May 2016

HIPAA Security Education. Updated May 2016 HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)

More information

HIPAA and Health Information Privacy and Security

HIPAA and Health Information Privacy and Security HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015 Computer Network and Internet Security Awareness and Responsible Use Indian River County School District 2014-2015 1 Through the availability of electronic resources provided by the School District of

More information

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Welcome to Information Security Training

Welcome to Information Security Training Welcome to Information Security Training Welcome to Georgia Perimeter College s Information Security Training. Information security consists of processes, measures, and technologies employed to protect

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

HIPAA Privacy and Security

HIPAA Privacy and Security HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,

More information

Network Security for End Users in Health Care

Network Security for End Users in Health Care Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

Protecting Yourself from Identity Theft

Protecting Yourself from Identity Theft Protecting Yourself from Identity Theft Identity theft is everywhere. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every two seconds. While we cannot

More information

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users Table of Contents... 1 A. Accountability... 1 B. System Use Notification (Login Banner)... 1 C. Non-... 1 D. System Access... 2 E. User IDs... 2 F. Passwords... 2 G. Electronic Information... 3 H. Agency

More information

Countermeasures against Spyware

Countermeasures against Spyware (2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

Financial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank

Financial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank Financial Fraud Threats & Preven3on Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank Why Pay ACen3on to Fraud Risks? Fraud occurs everywhere, and NO organiza3on is immune Changing business

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO

More information

CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses

CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses Introduction Clear Lake Bank & Trust Company is committed to protecting your business, personal, and

More information

Angard Acceptable Use Policy

Angard Acceptable Use Policy Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants

More information

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services Malware, Spyware, Adware, Viruses Gracie White, Scott Black Information Technology Services The average computer user should be aware of potential threats to their computer every time they connect to the

More information

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 1. Procedure Title: PCI Compliance Program COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6 2. Procedure Purpose and Effect: All Colorado State University departments that accept credit/debit

More information

FTC Data Security Standard

FTC Data Security Standard FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls

More information

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer? Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer? 1 2 This is the second part of a two-part course on spyware and adware. In this portion of the course we will: Review

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

Customer Awareness for Security and Fraud Prevention

Customer Awareness for Security and Fraud Prevention Customer Awareness for Security and Fraud Prevention Identity theft continues to be a growing problem in our society today. All consumers must manage their personal information wisely and cautiously to

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

IT@DUSON. IT Service Desk

IT@DUSON. IT Service Desk IT@DUSON Technology plays a key role in the learning process for nursing students at Duke. This is your guide to the technology used at the Duke School of Nursing and how to request assistance for all

More information

How To Manage A Mobile Device Management At Harvard

How To Manage A Mobile Device Management At Harvard Demys&fying Mobile Device Management Challenges Indir Avdagic Director of Informa.on Security and Risk Management, SEAS Objec&ves Our hope is that this conversa0on will get people thinking about mobile

More information

Protecting personally identifiable information: What data is at risk and what you can do about it

Protecting personally identifiable information: What data is at risk and what you can do about it Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

PCI Security Awareness for ECU Payment Card Merchants

PCI Security Awareness for ECU Payment Card Merchants PCI Security Awareness for ECU Payment Card Merchants Read this document carefully. Sign, date, and return the last page to your departmental PCI coordinator, who is required to store the documentation

More information

Security Awareness. ITS Security Training. Fall 2015

Security Awareness. ITS Security Training. Fall 2015 Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data

More information

NC DPH: Computer Security Basic Awareness Training

NC DPH: Computer Security Basic Awareness Training NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects

More information

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?

More information

Acceptable Usage Guidelines. e-governance

Acceptable Usage Guidelines. e-governance Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

Paul Nguyen. 2014 CSG Interna0onal

Paul Nguyen. 2014 CSG Interna0onal Paul Nguyen 2014 CSG Interna0onal Security is Top- of- Mind Everywhere High- profile breaches: 2K+ breaches expose nearly 1B records in 2013 Increased regulatory pressure State- sponsored hacking around

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Keeping you and your computer safe in the digital world.

Keeping you and your computer safe in the digital world. Keeping you and your computer safe in the digital world. After completing this class, you should be able to: Explain the terms security and privacy as applied to the digital world Identify digital threats

More information

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting

UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting SECURITY HANDBOOK Mission Statement: UIT Security is responsible for developing security best practices, promoting security awareness, coordinating security issues, and conducting investigations. UIT Security

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Critical Data Guide. A guide to handling critical information at Indiana University

Critical Data Guide. A guide to handling critical information at Indiana University Critical Data Guide A guide to handling critical information at Indiana University What is critical information? IU defines critical information as sensitive data requiring the highest level of protection.

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Smith College Information Security Risk Assessment Checklist

Smith College Information Security Risk Assessment Checklist Smith College Information Security Risk Assessment Checklist This form contains a checklist for individual data handlers who are conducting an information security risk assessment of their work environment.

More information

Information Security

Information Security Information Security Table of Contents Statement of Confidentiality and Responsibility... 2 Policy and Regulation... 2 Protect Our Information... 3 Protect Your Account... 4 To Change Your Password...

More information

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers

More information

Data Management & Protection: Common Definitions

Data Management & Protection: Common Definitions Data Management & Protection: Common Definitions Document Version: 5.5 Effective Date: April 4, 2007 Original Issue Date: April 4, 2007 Most Recent Revision Date: November 29, 2011 Responsible: Alan Levy,

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA PURPOSE PURPOSE This document provides guidance to offices about protecting sensitive customer and company information. The protection of Non-public Personal

More information

Staying Safe after the Anthem Breach. Dartmouth College 3/25/15 ITS Security Team

Staying Safe after the Anthem Breach. Dartmouth College 3/25/15 ITS Security Team Staying Safe after the Anthem Breach Dartmouth College 3/25/15 ITS Security Team Anthem Breach Reported on Feb 4, 2015 80 million records exposed Current and former members since 2004 Data exposed: o Names

More information

Computer Security at Columbia College. Barak Zahavy April 2010

Computer Security at Columbia College. Barak Zahavy April 2010 Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a

More information

SHS Annual Information Security Training

SHS Annual Information Security Training SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention

More information

Information Security Policy. Policy and Procedures

Information Security Policy. Policy and Procedures Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable

More information

Risks REGIONAL IT COORDINATOR UNIVERSITY OF MARYLAND EXTENSION FEBRUARY 2012

Risks REGIONAL IT COORDINATOR UNIVERSITY OF MARYLAND EXTENSION FEBRUARY 2012 Minimizing Technology-Related Risks NAN STENZEL NAN STENZEL REGIONAL IT COORDINATOR UNIVERSITY OF MARYLAND EXTENSION FEBRUARY 2012 Current Computer Topics Buying a New Computer In-home Wireless Security

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

BSHSI Security Awareness Training

BSHSI Security Awareness Training BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement

More information

Who must complete this training

Who must complete this training Stop!! THINK Click Who must complete this training All Users: This training is required for all individuals, including contractors and vendors, with security access to sensitive or confidential systems

More information

Desktop and Laptop Security Policy

Desktop and Laptop Security Policy Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

CYBERSECURITY POLICY

CYBERSECURITY POLICY * CYBERSECURITY POLICY THE CYBERSECURITY POLICY DEFINES THE DUTIES EMPLOYEES AND CONTRACTORS OF CU*ANSWERS MUST FULFILL IN SECURING SENSITIVE INFORMATION. THE CYBERSECURITY POLICY IS PART OF AND INCORPORATED

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

FORBIDDEN - Ethical Hacking Workshop Duration

FORBIDDEN - Ethical Hacking Workshop Duration Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once

More information

Information Security Awareness

Information Security Awareness Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation

More information

Appendix H: End User Rules of Behavior

Appendix H: End User Rules of Behavior Appendix H: End User Rules of Behavior 1. Introduction The Office of Management and Budget (OMB) has established the requirement for formally documented Rules of Behavior as set forth in OMB Circular A-130.

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

ANNUAL SECURITY RESPONSIBILITY REVIEW

ANNUAL SECURITY RESPONSIBILITY REVIEW ANNUAL SECURITY RESPONSIBILITY REVIEW For Faculty and Staff Who Use Computers Minimally in their work May 2012 Training Topics What is Information Security? Review Security Vulnerabilities Phishing email

More information