Who must complete this training
|
|
- Tamsin Lloyd
- 8 years ago
- Views:
Transcription
1 Stop!! THINK Click
2 Who must complete this training All Users: This training is required for all individuals, including contractors and vendors, with security access to sensitive or confidential systems owned by the Department for Aging and Rehabilitative Services (DARS). New Users: Each individual must complete this training when security access is granted. Annually: Refresher security training is required annually. Certification: Supervisors must certify and report completion of training to their DARS system administrator or security contacts: FRS-Support/LTESS-EES: Donna Bonessi Div for the Aging: Leonard Eshmont DSA Videoconferencing (VTC): Joyce Haskins-McKune
3 Accessibility This program is designed to meet standards for accessibility for individuals with disabilities. Class Presentation: This presentation is adapted for use in a small class or staff meeting that allows individuals to participate by listening to the narrator or reading the content directly from each slide. The program should be narrated directly from the slide presentation. For individuals that are deaf or hard of hearing, closed captioning is not required and interpreters are not needed unless external discussion is included. Self-Paced: This presentation can also be used as a standalone, self paced learning module using screen reader assistive technologies.
4 Learning Objectives In this program you will review: Policy: Review and understand current security policies that govern your use of COV and DARS systems and data. Threats: Identify common threats to COV systems, confidential data and sensitive information. Your Role: Understand what you can do to improve security, and how to report incidents and suspicious activities.
5 Section One: Overview of Cyber Security Policies This section reviews current scope of policies for the Commonwealth of Virginia (COV) as they relate to devices and files, logons and passwords, security updates, physical security, and protected data.
6 Section One-Policies: Scope of Policies All COV agencies, contractors and vendors with access to sensitive or confidential systems are required to adhere to policies governing personally identifying data, protected health information, and sensitive data, including policies published by the Virginia Information Technology Agency (VITA). All Users with access to COV networks and DARS systems must follow these policies. The Information Security Access Agreement (ISAA) and Acceptable Use Policy must be signed by all individuals requesting access to COV and DARS systems.
7 Section One-Policies: Logons and Passwords COV requires enforcement or the following standards Use of strong passwords which include upper case alpha, lower case alpha, numeric (0-9) and non-alphabetic characters (~! # $ % ^ & *) in positions 2-6. Passwords must be changed every 90 days. Passwords cannot be changed in less than 7 days. and cannot have been used within last 4 changes. Five unsuccessful attempts will lock your account. Tip: These are secure standards you should also apply to all of your accounts, including personal accounts.
8 Section One-Policies: Logons/Passwords (continued) Your Role: The policy also states that end users are responsible for enforcement of certain standards: Your system or browser may not be configured to remember passwords. Passwords will not be written down and posted in plain sight. You may NEVER share your passwords with anyone else for any reason.
9 Section One-Policies: Security Updates VITA policy mandates the following standards for security updates and patches: Operating systems will be protected by applying automatic security updates and patches. Applications are configured for automatic security updates and patches (For example, for Microsoft Office, Outlook, Internet Explorer, Adobe Reader). Security Software such as McAfee and Norton Antivirus will be kept up to date and configured for regular scans. Security software should be set to scan Internet pages, , attachments, and downloads. Your role: You should not change automatic settings or over-ride security updates.
10 Section One-Policies: Devices and Files Devices, including external digital storage devices, must be owned or approved by your organization to be connected to sensitive DARS systems. PC s will be manually locked when unattended, automatically locked after a period of inactivity, for example, fifteen minutes, set to require a password to re-activate, logged off overnight. Files must be stored and backed up on your server and must be encrypted when shared over network connections.
11 Section One-Policies: Physical Security Physical security policy requires protection of your work space, physical devices and files. You must: Lock or shut down your workstation when you leave your desk or leave your laptop/mobile device unattended. Lock sensitive paper documents and materials in a file cabinet. Dispose of sensitive materials appropriately. Never share your building access key, card or security fob. Always question unescorted strangers. You must always report incidents and suspicious activities to your manager and security officer.
12 Section One-Policies: Protected Data Certain types of data are protected and regulated by the: Social Security Administration (SSA) Controls the use of social security numbers (SSN s) U.S Department of Health and Human Services (HHS) Administers the Health Insurance Portability and Accountability Act (HIPAA) Virginia Information Technology Agency (VITA) Responsible for the information security standards commonly referred to as Sec 501 Library of Virginia (LVA) Governs all records, including electronic files, under the authority of the Virginia Public Records Act )
13 Section One-Policies: Protected Data (continued) Types of protected data can include: Protected Health Information (PHI) Such as data contained in medical and health records and is governed by HIPAA. Personally Identifiable Information (PII) Includes use of Social Security Numbers (SSN) governed by the SSA, and can include the SSN in combination with other identifying information such as name, date of birth, employment, insurance, residence and telephone numbers. If lost, compromised, or disclosed without authorization, this information could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Sensitive data Defined as data, documents, or files which, if compromised, would have an adverse effect on the COV, your agency or organization, and is governed by VITA (Sec 501) and the Library of Virginia (Records Act).
14 Section One-Policies: Protected Data (continued) Required Protections by Users: All PHI, PII and sensitive data must be protected by: Storing data and files in a secure physical environment, Storing files only on devices owned and approved by your organization, Encrypting mobile and external storage devices that contain these files, including laptops, external hard drives, USB thumb drives and CD s. Encrypting files that are in transit which includes files sent via and non-secure direct file transfer.
15 Section One-Policies: Summary of Policies Your role: Always be aware that COV/DARS systems are governed by security policies and regulations, and follow safe practices that are in your control. Do not share your access with anyone, including your passwords, keys, badges, and access codes. Keep your PC desktop locked when you are not using it, and lock your mobile devices in a secure location. Protect your files and do not send them via or share them electronically without encryption. Be aware of your work area and physical surroundings and report suspicious activity.
16 Section Two: Common Cyber Security Threats This section reviews common cyber security threats with suggestions on what you can do to protect yourself and COV/DARS systems from harm.
17 Section Two-Threats: Basic Concepts Concept One: Electronic systems may not be secure. VITA and DARS, and your organization attempt to provide protections with firewalls, electronic enforcement and monitoring systems. But that does not completely protect you from interacting with malicious and harmful software. You can still be targeted directly and persistently by messages, texts, and malicious Internet links. Concept Two: You control what you click. Even with all the security COV/DARS and your organization can apply, most end user threats are targeted specifically in hopes that you will go ahead and click on a harmful link, attachment, picture, video or icon in an or web page, including social media applications.
18 Section Two-Threats: Your Role Stop! Pause before you click Your work relies on and Internet interactions. Take a moment and remember that each click could be potentially harmful. Even if it at first appears to be from a legitimate source. Think! Verify and Validate You must be aware, be alert and diligent. Always look for the signs that external entities are trying to gain access to your PC and your network. Click! Proceed only if you are confident it is safe
19 Section Two-Threats: Threats Phishing, Spoofs, Hoaxes, Malware, Scams and Spam The most prevalent and persistent threats to your security arrive in your Inbox. They come by different names and may even appear legitimate and even supposedly from people you may know. The Common Threat: Malicious s appeal to your greed, your fear, your sense of humor, your curiosity, and even your compassion. They are designed to get you to click on an item such as an attachment, link, picture, or video. Result: If you click, you may launch a harmful program or be directed to a harmful web site. You may then find your personal information compromised, and you may subject your organization s network to malicious software and possibly direct infiltration.
20 Section Two-Threats: (continued) Stop: Do not assume that links in your are automatically safe, Especially if the link is requesting you to provide personal information. Think: Look at all s carefully. If you cannot identify the source and attachments as legitimate, or you cannot be sure the links are safe by looking at the actual destination web address, you can logically conclude that you should be cautious. Click: Only after you are confident that the action is legitimate and safe. Protect all of your accounts. Report all incidents and suspicious activity to security.
21 Section Two-Threats: Internet Threats Browsing Can Hazardous To Your PC The Internet is a significant resource for business and government services. However, some of the same issues that attack can create security issues that you need to be aware of while browsing directly on the Internet. The Common Threat: On the web, the threats mainly come from malicious links. Most of the threats come when you click on a link, icon, picture, video, etc., that launch malicious programs or re-direct you to dangerous sites. Result: If you click, you may then find your personal, client, and sensitive business information compromised. You may also subject your network, PC and other devices to malicious software.
22 Section Two-Threats: Internet (continued) Stop: Do not automatically click on Internet links until you have confidence in them. This includes pictures, videos, and navigational elements. Think: Look at the actual address for the links in question. For instance if the link indicates Click Here be sure to identify the actual destination web address before you proceed. Look for external web addresses that are secure. The address should begin with instead of Click: Only after you are sure the destination web site is safe. Browse Safely Report all suspicious links and web sites to security.
23 Section Two-Threats: Social Media Social Media can be un-sociable While usually relatively safe (for instance, DARS Face Book and Twitter pages) the rapid increase in social networking and collaborative sites like Face Book, LinkedIn, You Tube, and Twitter have offered new opportunities for hackers and thieves. The Common Threat: It is PERSONAL! By nature these sites are personal. You may be sharing highly personal information, including information about yourself, employer and perhaps even about clients. You are communicating with others in a highly interactive, very public, and non-secure environment. Result: You could find highly personal and sensitive information compromised. When visiting and using these sites always use the highest level security settings and be careful of the personal information and even images that you post.
24 Section Two-Threats: Social Media (continued) Stop: before you, like, share or post Assume that everything you post can possibly be re-posted and used without your permission Think: Is it secure and appropriate? Use the highest security and privacy settings for your personal social media accounts Be careful of sharing work related information and in particular do not share any information about clients or violate the mandate against dual relationships Be aware that malicious links, videos, and other harmful items can be posted on social networking sites Check to see if links posted by others are designed to take you to alternate sites that appear suspicious Click: Only after you are sure the action is legitimate and appropriate and that you are not compromising your personal information or others Be social, but also be careful, and be appropriate. Report all suspicious postings and information breaches to security
25 Section Two-Threats: Files Files Require Protection and Encryption The business process may require sharing of information that is confidential, personally identifiable and sensitive. This information must be secured and maintained according to federal standards, COV security standards and Library of Virginia requirements. Information that is being digitally shared is termed In Transit and must be encrypted. This includes files that are being sent via . If digital encryption is not available the policy allows for files to be faxed. The Common Threat: Data Leak and Data Breach Unprotected files may be leaked and data may be stolen. Result: Potential financial and legal penalties Data leaks and breaches may result in identity theft, financial loss, and other malicious uses. Incidents come with legal and financial implications to the COV and DARS, and to individuals.
26 Section Two-Threats: Files (continued) Stop: Before you save or share a file Assume there is a potential for a data leak or data breach. Understand that sending unprotected files via is not secure. Be cautious that transferring files on the Internet may also not be secure, depending on how the site is configured. For instance, https versus http. Think: Is it Secure? When you are saving a file, are you storing it on a secure server, an encrypted PC or external device that is owned and approved by your organization? Assume that sharing any file is potentially a data leak. If sharing a file using , are you able to use encryption? Click: Only if you are saving the file to a secure location Only if you are sharing a file using encryption. If not, use fax Share Files Securely. Report immediately all suspected data breaches and data losses
27 Section Two-Threats: Telework/Internet Connections For mobile workers: be careful with your connections The ability to work away from the office is beneficial and flexible. But mobile workers need take special note of the inherent risks when connected to public access points including wireless connections. Special care should taken when working with these connectopms. The Common Threat: It is Public! Public access points, or Internet connections, are just that: Public. All your activity is potentially exposed. Especially if it is wireless. Result: Compromised systems and data breaches Individuals with the knowledge and ability can take over an unprotected PC and load malicious software or steal information including passwords.
28 Section Two-Threats: Telework/Internet Connections (continued) Be sure to connect securely to public access points Virtual Private Network (VPN): VPN allows you to launch a secure Internet connection so that even with a public access point, you are able to work connected securely to DARS systems, connect to your own organization s applications and file shares with a greater level of confidence. Device Encryption: Always make sure your Laptop, Tablet Smart Phone or other mobile device is password-protected. Device encryption and anti-virus software should be installed on all mobile devices that connect to COV systems.
29 Section Two-Threats : Telework/Internet Connections (continued) Stop: Check your connection Assume all public Internet connections are not secure, including all wireless access points. Think: Is it Secure? When you are prompted to connect to a public access point, be sure you know what you are connecting to. It is not secure unless you connect to a public access point using VPN. Click: Only if you are confident in the connection and you are using VPN. Telework Safely! Always use VPN when you are mobile
30 Section Two-Threats : Reporting Incidents Report incidents and suspicious activities including potential data leaks and data breaches to: Your Manager Your Organization s Security Officer Your DARS System Administrator or Security Contact For ESO s (LTESS/EES): - Donna Bonessi or Ella Barnes For AAA s (NWD): - Leonard Eshmont For Videoconferencing (VTC): - Joyce Haskins-McKune
31 Take the Cyber Security Pledge! Print and sign the pledge on the next slide and post it as a reminder.
32 DARS Cyber Security Pledge I, Date: PLEDGE to: Stop, and Think (consider appropriateness and risk) before I Click on links, attachments and other objects that connect to the Internet or launch programs. Take personal responsibility for security, follow my organization s security policies, and adhere to sound security practices. Lock my computer whenever I leave my work area. Safeguard portable computing equipment when I am in public places. Create and use strong passwords, and never share my password(s) with anyone. Never leave a written password (sticky note, etc.) near my computer, or easily accessible. Promptly report all security incidents or concerns to my organization s security officer or other appropriate contact. Safeguard Protected Health Information (PHI), Personally Identifiable Information (PII) and sensitive data from any inappropriate disclosure. Work to the best of my ability to keep my organization s staff, property and information safe and secure. Spread the message to my friends, co-workers and community about staying safe online
33 Remember: Security is a shared responsibility. Take the time and care every day to protect yourself, your organization, your clients, and your family, through your own cyber-safe practices.
34 THANK YOU For completing the DARS Cyber Security Awareness Training. Certification: Please register your completion with your ISO or Supervisor And report completion of training to your DARS system administrator or contact. FRS-Support/LTESS-EES: Donna Bonessi Div for the Aging: Leonard Eshmont DSA Videoconferencing (VTC): Joyce Haskins-McKune
35 Additional Resources VITA OnGuardOnline.Gov: Securing your computer: NIST: 7 Practices for Safer Computing pthinkclick.pdf
SHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationNC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
More informationMarlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU 10-17-2013
Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU 10-17-2013 Todays Discussion Overview of Computer and Internet Security What is Computer and Internet Security Who Should
More informationCyber Security Best Practices
Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationHIPAA Security Training Manual
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
More informationThe Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015
The Department of Health and Human Services Privacy Awareness Training Fiscal Year 2015 Course Objectives At the end of the course, you will be able to: Define privacy and explain its importance. Identify
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationDHHS Information Technology (IT) Access Control Standard
DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of
More informationHFS DATA SECURITY TRAINING
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationComputing Services Information Security Office. Security 101
Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification,
More informationHow To Protect Your Information From Being Hacked By A Hacker
DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate
More informationAppendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.
Appendix A Cyber Security 1 Copyright 2012, Oracle and/or its affiliates. All rights Overview This lesson covers the following topics: Define cyber security. List the risks of cyber security. Identify
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More informationYour security is our priority
Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products
More informationIT Security DO s and DON Ts
For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationCybersecurity Best Practices
Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationIntroduction to Computer Security
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationHow To Protect Research Data From Being Compromised
University of Northern Colorado Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data...
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010
ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationProtect Yourself. Who is asking? What information are they asking for? Why do they need it?
Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationTopics. What are privacy and security all about? How can I protect confidential information? What should I do if I see a problem?
Federal: Privacy And Security 1 Topics What are privacy and security all about? What s confidential here? How can I protect confidential information? What should I do if I see a problem? How can I get
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationWellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationKnow the Risks. Protect Yourself. Protect Your Business.
Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE TIPS FOR S MALL AND MEDIUM BUSINESSES If you re like most small or medium businesses in Canada, the Internet
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationINFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationGeneral Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information
General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information The following rules of behavior apply to all Department of Homeland Security
More informationCyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationInformation Systems Security & Privacy Awareness Training
LEADERSHIP FOR IT SECURITY & PRIVACY ACROSS CMS ISPG-INFORMATION SECURITY and PRIVACY GROUP OFFICE OF THE CHIEF INFORMATION OFFICER The Centers for Medicare & Medicaid Services Information Systems Security
More informationInformation Security
Information Security Table of Contents Statement of Confidentiality and Responsibility... 2 Policy and Regulation... 2 Protect Our Information... 3 Protect Your Account... 4 To Change Your Password...
More informationSafe Practices for Online Banking
November 2012 Follow these guidelines to help protect your information while banking online. At First Entertainment Credit Union, our goal is to provide you with the best all around banking experience.
More informationFor All HIPAA Workforce Members Revised April 2013
For All HIPAA Workforce Members Revised April 2013 1 } ephi = Electronic Protected Health Information Medical record number, account number or SSN Patient demographic data, e.g., address, date of birth,
More informationSecurity Awareness. ITS Security Training. Fall 2015
Security Awareness ITS Security Training Fall 2015 Why am I here? Isn t security an IT problem? Technology can address only a fraction of security risks. You are a primary target, or rather, your data
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationNew River Community College. Information Technology Policy and Procedure Manual
New River Community College Information Technology Policy and Procedure Manual 1 Table of Contents Asset Management Policy... 3 Authentication Policy... 4 Breach Notification Policy... 6 Change Management
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationProtect yourself online
Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationPart 14: USB Port Security 2015
Part 14: USB Port Security This article is part of an information series provided by the American Institute of Healthcare Compliance in response to questions we receive related to Meaningful Use and CEHRT
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationNetwork Security for End Users in Health Care
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
More informationAustin Peay State University
1 Austin Peay State University Identity Theft Operating Standards (APSUITOS) I. PROGRAM ADOPTION Austin Peay State University establishes Identity Theft Operating Standards pursuant to the Federal Trade
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationKeeping you and your computer safe in the digital world.
Keeping you and your computer safe in the digital world. After completing this class, you should be able to: Explain the terms security and privacy as applied to the digital world Identify digital threats
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationChronic Disease Management
RESOURCE AND PATIENT MANAGEMENT SYSTEM Chronic Disease Management (BCDM) Version 1.0 Office of Information Technology (OIT) Division of Information Resource Management Albuquerque, New Mexico Table of
More informationHIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationSUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE
SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE Directive Concerning the Colorado Judicial Department Electronic Communications Usage Policy: Technical, Security, And System Management Concerns This
More informationIdentity Theft Prevention Program Compliance Model
September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All
More informationHow To Protect The Time System From Being Hacked
WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer
More informationWhen visiting online banking's sign-on page, your browser establishes a secure session with our server.
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationHealth Insurance Portability and Accountability Act (HIPAA) Overview
Health Insurance Portability and Accountability Act (HIPAA) Overview Agency, Contract and Temporary Staff Orientation Initiated: 5/04, Reviewed: 7/10, Revised: 10/10 Prepared by SHS Administration & Samaritan
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationFedEx Guide for. Information Security. Version 5.0
FedEx Guide for Information Security Version 5.0 FedEx Guide for Information Security Version 5.0 Revised June 2013 The FedEx Guide for Information Security provides the general user with an introduction
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationTahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
More informationHot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationCareer Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity
Career Connection, Inc. Data Privacy Objectives This course is intended for CCI employees. The course gives guidance on data privacy concepts and describes how data privacy is relevant when delivering
More informationHamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)
Hamilton College Administrative Information Systems Security Policy and Procedures Approved by the IT Committee (December 2004) Table of Contents Summary... 3 Overview... 4 Definition of Administrative
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationHIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
More informationProtecting Yourself from Identity Theft
Protecting Yourself from Identity Theft Identity theft is everywhere. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every two seconds. While we cannot
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationCUSTOMER SECURITY AWARENESS PROGRAM
CUSTOMER SECURITY AWARENESS PROGRAM In response to FFIEC guidance regarding customer awareness and education, East River Bank has created a program that will provide its customers with information about
More informationHow to stay safe online
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationSECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS
SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people
More informationResponsible Access and Use of Information Technology Resources and Services Policy
Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong
More information