Information Security

Similar documents
Cyber Security. Maintaining Your Identity on the Net

Hang Seng HSBCnet Security. May 2016

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Business ebanking Fraud Prevention Best Practices

Common Cyber Threats. Common cyber threats include:

Frequently Asked Questions (FAQ)

National Cyber Security Month 2015: Daily Security Awareness Tips

Network and Workstation Acceptable Use Policy

Cyber Security Awareness

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Franciscan University of Steubenville Information Security Policy

Safe Practices for Online Banking

Infocomm Sec rity is incomplete without U Be aware,

Information Security. Louis Morgan, CISSP Information Security Officer

Remote Desktop Administration

CITY OF BOULDER *** POLICIES AND PROCEDURES

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

BERKELEY COLLEGE DATA SECURITY POLICY

Cyber Security Awareness

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Preparing Your Personal Computer to Connect to the VPN

An Introduction on How to Better Protect Your Computer and Sensitive Data

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

Boston University Security Awareness. What you need to know to keep information safe and secure

Cyber Security. Securing Your Mobile and Online Banking Transactions

College of DuPage Information Technology. Information Security Plan

Enhanced Security for Online Banking

BSHSI Security Awareness Training

Remote Deposit Quick Start Guide

Windows Operating Systems. Basic Security

Countermeasures against Spyware

Customer Awareness for Security and Fraud Prevention

Remote Access: Internet Explorer

Data Management Policies. Sage ERP Online

Welcome Guide for MP-1 Token for Microsoft Windows

UF IT Risk Assessment Standard

NATIONAL CREDIT UNION ADMINISTRATION CREDIT UNION ONLINE: CREDIT UNION PROFILE AND 5300 CALL REPORT

Introduction to WSU

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure Mail Registration and Viewing Procedures

Deter, Detect, Defend

COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT STANDARD POLICY AND PROCEDURE. Remote Access and Security I. PURPOSE.2 II. BACKGROUND.

How to Use Windows Firewall With User Account Control (UAC)

3 day Workshop on Cyber Security & Ethical Hacking

User Manual for e-banking Services for Business Clients

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Learn to protect yourself from Identity Theft. First National Bank can help.

Payment Fraud and Risk Management

California State University, Sacramento INFORMATION SECURITY PROGRAM

NATIONAL CYBER SECURITY AWARENESS MONTH

Basic Setup Guide. Remote Administrator 4 NOD32 Antivirus 4 Business Edition Smart Security 4 Business Edition

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

10 Quick Tips to Mobile Security

MSI Secure Mail Tutorial. Table of Contents

Introduction. PCI DSS Overview

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Background Information

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Cloud Services MDM. ios User Guide

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Procedure Title: TennDent HIPAA Security Awareness and Training

Logging In You must log in to the system before you can begin exchanging files with UMB. To log in to the system, follow the steps below.

PCI Data Security Standards (DSS)

K7 Business Lite User Manual

Secure User Guide Receiving Secure from Merchants Bank

Student Tech Security Training. ITS Security Office

Protect yourself online

Best Practices Guide to Electronic Banking

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

OKPAY guides. Security Guide

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Activity 1: Scanning with Windows Defender

Payment Card Industry (PCI) Compliance. Management Guidelines

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

Data Access Request Service

Directory and Messaging Services Enterprise Secure Mail Services

Working Practices for Protecting Electronic Information

Student Access Reference Guide

Information Security Policy

RESOURCE AND PATIENT MANAGEMENT SYSTEM. Drug Accountability (PSA) GUI Invoice Upload Program Installation and Configuration Guide

Transcription:

Information Security

Table of Contents Statement of Confidentiality and Responsibility... 2 Policy and Regulation... 2 Protect Our Information... 3 Protect Your Account... 4 To Change Your Password... 5 Secure Your Desktop... 6 Stay Safe Online... 6 Exercises... 8 Information Security - Introduction 1

Statement of Confidentiality and Responsibility I understand that this administrative office account is assigned to me at the request of the Department Head to be used only in connection with my assigned duties as an employee of the University and may be revoked without notice upon the request of this administrator. I understand and accept the following terms and conditions: I am aware that passwords are the first line of security on BANNER. I agree not to reveal my password nor allow anyone to use the account assigned to me. I am responsible for any changes made to the database under my user name. I agree to abide by the Family Education Rights and Privacy Act of 1974 (FERPA) regulations. Under this act, information about current and former MSU students is legally designated as private. I agree to refer all outside request for student information to the Office of the Registrar, unless I have been authorized by the Registrar to release pre-designated information. I must maintain the confidentiality of any and all data that I retrieve from BANNER in the course of my job duties, including data that I use for reporting purposes or in other software products. Access to administrative data will be determined by the requirements of my job, and therefore I am only authorized to retrieve this data on a need to know basis. I agree to comply with all institutional policies on security, computer access, confidentiality of data, data standards, and data integrity. I am aware that any violation of these policies may lead to the immediate suspension of my computer privileges. I understand that unauthorized release of sensitive or restricted information is a breach of data security and may be cause for disciplinary action, which could include dismissal. Policy and Regulation Policies are the foundation on which all standards and guidelines are based. It is the responsibility of all members of the University community to have an understanding of the security policies that are currently in place. Board of Regents (BOR) Policies The BOR has published several policies governing information technology for the Montana University System. These can be found in Section 1300 of the Board of Regents Policy and Procedures Manual available on the Web at: http://mus.edu/borpol/bor1300/bor1300.asp Information Security - Introduction 2

Montana State University Policies MSU continues to develop information technology related policies. The following policies exist to address the address the growing threat to information security: o Campus Network Policy o Network Connected Device Standards o Network Acceptable Use Policy (under development) The policies can be reviewed on the MSU Web site at: http://www2.montana.edu/policy/computing_manual http://www.montana.edu/itac/campusnetstds.doc Many of the policies governing information technology practices have been developed in direct response to the government regulations that the University must abide by. These regulations help protect the privacy and integrity of personal information about University constituents. It is not only in our best interest to comply with these guidelines, it is also required by law. The University has published policies and guidelines to ensure compliance with the following regulations: Family Education Rights and Privacy Act (FERPA) - Addressing the privacy of student education records. o Protects the privacy of student educational records, requiring written permission in order to release information. - Contact the Registrar s office (x2601) if you ever have any questions about FERPA Gramm-Leach-Bliley (GLB) - Addressing the privacy of personal financial information. o Requires limits and controls on sharing financial information, allowing customers to restrict such activity. Protect Our Information As a user of the Banner system, you have access to sensitive information that is protected under these policies and regulations. This information should be considered a vital asset of the University and as such must be protected. There are several considerations that must be taken into account for each of the above regulations and policies in order to ensure compliance. The following points outline the areas normally addressed as a starting point for a secure, compliant environment: Documented practices and procedures System and network hardening Physical security Access control Data availability and integrity assurance On-going assessment and auditing Incident handling Information Security - Introduction 3

As an individual, you play a role in several of these areas including physical security, access control, and assurance of integrity of the data we seek to protect. Please take the time to review the Data Stewardship Guidelines which outline the appropriate ways to recognize and handle sensitive information: http://www.montana.edu/itsecurity/guidelines/dsguidelines.pdf In general, recognizing sensitive information such as social security numbers, student grades, credit card information, or other personally identifiable information and handling this data appropriately is an integral part of your job. Be sure to remember that generated IDs (GIDs) are sensitive information. Take care when printing reports containing this information and be sure to use secure methods for any transmissions containing sensitive data. The IT Center manages Knox, a server that utilizes encryption to protect sensitive data such as student and employee records. Unlike other servers, Knox is centrally funded. For MSU employees, it is free for appropriate use. To request a Knox folder send an email to knox@montana.edu. Be sure to include a description of what you will be storing, who will be needing access, and what type of access will be needed by each individual (Read/Write or Read-Only.) You may also include a desired folder name. For employees who work remotely, secure connectivity is provided via the MSU virtual private network (VPN). You can find VPN instructions at: http://www2.montana.edu/desktop/vpn.htm. Most exposures of sensitive information occur simply because the individual handling them makes a mistake regarding where they put it, how they store it or where they send it. Remember to always think twice about doing anything with sensitive data, and if you ever have a question about what would constitute sensitive data, how to handle it or where to store it please don t hesitate to contact one of the references listed at the end of this section. Requesting Your Banner Account To request a new Banner account, or to request changes to an existing account, visit https://sais.montana.edu and click on the New Banner Account Request link. This will bring you to the request form. Fill out the information relevant to your request and then review and submit the form. Once your request has been completed you will receive notification. Protect Your Account Your Banner USERNAME has two primary functions: It determines your personal authority within the various modules (that is, your access to menus, forms and data elements required for query and maintenance activity). Information Security - Introduction 4

It is recorded as an electronic signature on each update transaction completed during your logon session. Because access within Banner forms is based on individual job responsibilities, it is important that only you use your personal electronic signature. To keep that USERNAME secure, when you first receive an assigned password for a Banner instance, use the password-change form described below to change the original assignment to a personal code that cannot be easily guessed by others. Use the password-change form whenever you feel your logon might have been compromised. In addition, it is good practice to change your password periodically (at least once every six (6) months). Consider the following when choosing a password to secure your electronic signature: Passwords must be a minimum of eight (8) characters long. Passwords must contain at least one letter of the alphabet, at least one number (but DO NOT use a number as the first character), and at least one special character listed below. Do not use a dictionary word or something that could be easily associated with you personally (for example, James Bond should not use IAM007). Consider using a pass phrase that will help you remember your password. For example: Bobcats are number one = B0bktzR_nmbr1! (note that the letter o is replaced with the number 0 ) Valid password characters are: All upper and lower case letters All numbers The following five special characters:! + - _ Once you have selected your new password, DO NOT SHARE IT WITH ANYONE. To Change Your Password 1. Access form GUAPSWD (or you can click the Change Password link on the right-hand side of the form you see when you open Banner). 2. Key your old password in the Oracle Password field, and click in the New Oracle Password field. 3. Choose a personal password based on the considerations outlined above 4. Key your new password in both the New Oracle Password and the Verify Password fields. 5. Click the Save button or press the F10 key. 6. Use your new password the next time you log on for a Banner session. Important note: If you forget your password, contact the Banner Security Administrator at bannersecurity@montana.edu. Information Security - Introduction 5

Secure Your Desktop Remember to never store any sensitive information on your desktop. You can take several simple steps to ensure the security of your desktop. These include: keep your operating system up to date with current patches and releases run current anti-virus (McAfee) and anti-spyware software (such as Windows Defender) keep your applications up to date enable your personal firewall ensure that you have a password protected screen saver and that you manually lock your screen whenever you leave your area For assistance with any of these items, be sure to contact your Help Desk: Stay Safe Online Using common sense when browsing the Internet, handling email, and instant messaging will go a long way to keeping your safe from most exploits but some malicious attacks can be difficult to detect if you don t know what to look for. While logged into Banner Self-Service be sure not to click any links that you receive through e-mail, instant messenger or a similar manner. Clicking the link could allow a hacker to execute commands through your account to either change information or receive sensitive data from Banner. Beware if you receive emails requesting confirmation of financial account data or other personal information. These phishing scams can appear to be legitimate communications from various institutions (Citibank, ebay, PayPal, etc) but in fact are fraudulent attempts at gaining access to your private information. Legitimate entities will not send messages requesting that you enter personal information. When in doubt, delete the message and initiate the communication with the entity either by phone or by opening a new Web browser and entering the correct URL manually. In addition, use caution when downloading items from the Internet and visiting web sites. Spyware and Malware can not only affect the performance of your desktop but software such as keyloggers can reveal your passwords to others on the Internet. When communicating via email, it is important to know that your communications are not secure and can be intercepted. Sensitive information should not be sent via email messages or attachments. Information Security - Introduction 6

Resources Your Help Desk helpdesk@montana.edu, x1777 Banner Security bannersecurity@montana.edu Justin van Almelo Banner Security Associate Justin.vanalmelo@montana.edu, x7464 Rich Shattuck Network Security Systems Analyst shattuck@montana.edu, x7930 Brandon Hardin Web Security Analyst hardin@montana.edu, x3271 Adam Edelman Chief Security Officer aedelman@montana.edu, x5091 Information Security - Introduction 7

Exercises 1. Under FERPA, the following activities are permissible: A. Releasing student grades over the telephone when the caller insists. B. Post a report listing student name, social security number, enrollment status, and GPA of all undergraduate students on the MSU Web site. C. Provide student transcripts to anyone without written consent from the student. D. None of the above. 2. When choosing a password, which of the following options describe the best approach? A. Using your dog s name. B. An 8 or more character mix of letters, numbers, and special characters, such as B1rDW!cH C. Any password less than 8 characters. D. Using your phone number. 3. On your Windows XP desktop, if a message pops up stating Updates are Ready for Your Computer. Click Here to Install, you should: A. Go home and take the rest of the week off. B. Ignore the message and continue working. C. Click the icon to install the updates as soon as possible. D. Post student information on the MSU Web site. 4. When storing reports containing sensitive information on your desktop, you should always be sure to: A. Include credit card numbers, social security numbers, student grades, other personally identifiable information. B. Leave your password written on a Post-It on your monitor in case anyone needs access to the information. C. Not tell anyone. D. None of the above. You should never store sensitive information on your desktop. answers: 1. D, 2. B, 3. C, 4. D Information Security - Introduction 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information