2015Computer Services – Information Security| Information Security Training Budget Officers.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Welcome to the SPH Information Security Learning Module.
Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
New Data Regulation Law 201 CMR TJX Video.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Protecting Sensitive Information PA Turnpike Commission.
Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.
Securing Information in the Higher Education Office.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Program Objective Security Basics
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Information Security Technological Security Implementation and Privacy Protection.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
1.1 System Performance Security Module 1 Version 5.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Privacy and Information Management ICT Guidelines.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Chap1: Is there a Security Problem in Computing?.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.
Information Management and the Departing Employee.
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Computer Security Sample security policy Dr Alexei Vernitski.
Computer Security Keeping you and your computer safe in the digital world.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Information Security Awareness Training
Information Security.
Introduction to the Federal Defense Acquisition Regulation
Information Security 101 Richard Davis, Rob Laltrello.
Staying Austin College
Cybersecurity Awareness
Red Flags Rule An Introduction County College of Morris
Welcome to the SPH Information Security Learning Module
12 STEPS TO A GDPR AWARE NETWORK
Premier Employee Program Version 4.0
School of Medicine Orientation Information Security Training
Presentation transcript:

2015Computer Services – Information Security| Information Security Training Budget Officers

2015Computer Services – Information Security| Goals of This Training Update staff on security threats to information and funds. To promote awareness of Information Security issues that affect staff. To make staff aware of Information Security Policy, and how it affects our work.

2015Computer Services – Information Security| What are the Consequences for Security Breaches? Risk to security and integrity of personal or confidential information. Loss of employee and public trust resulting in embarrassment and bad publicity. Costly reporting requirements in case of compromise of sensitive information. Security breaches hurt our students and colleagues.

2015Computer Services – Information Security| Phishing Be suspicious! Never automatically assume an is legitimate – even if it is from MSU! Do not reveal personal or financial information over . Reputable companies will never ask you for this information via . Pay attention to the URL of a web site. Look for a variation of the real name or a different domain (.com vs.net). Type URLs in manually. “Phishing” is an attack on your computer using or malicious websites to solicit personal information – often financial. Typically in the form of an seemingly from a reputable credit card company or financial institution that requests account information and often suggests that there is a problem with the account.

2015Computer Services – Information Security|

2015Computer Services – Information Security| Glen, I have assigned you to manage file T521. This is a strictly confidential financial operation, to which takes priority over other tasks. Have you already been contacted by Steven Shapiro (attorney from KPMG)? This is very sensitive, so please only communicate with me through this , in order for us not to infringe SEC regulations. Please do no speak with anyone by or phone regarding this. Regards, Gean Stalcup.

2015Computer Services – Information Security| Protect your Passwords Do not share your password. Avoid common words: Hackers use programs that can try every word in the dictionary. Change passwords regularly (minimum of every 120 days). Do not use the same password more than once.

2015Computer Services – Information Security| Passwords Weak Ilovemypiano Ihateliverandonions Strong Try a Passphrase Four score and seven years ago, our forefathers… 4scan7yeag,oufo

2015Computer Services – Information Security| Keep a clean machine! The absolute best defense against Malware is to make sure your computer stays current on the latest software/updates, especially anti-virus software. To verify the windows updates on your computer are current, click the Start button, click All Programs, and then click Windows Updates.

2015Computer Services – Information Security| Using USB Drives Safely Use an encrypted USB drive when storing private or restricted data. Remember to remove the drive from your computer before walking away – tethering the USB to a lanyard or keychain will help keep the USB visible at all times.

2015Computer Services – Information Security| Other Mobile Devices Employ all security practices on your laptop that you would on your desktop. Encrypt your laptop. If it is essential that you link your university to your phone or tablet, always use a passcode. Always be aware of apps on your mobile devices – they can provide a point of vulnerability if not monitored.

2015Computer Services – Information Security| Physical Safeguards Store paper records in a locked room, cabinet, or other container. Use password-activated screensavers. Ensure that storage areas are protected against destruction or potential damage from physical hazards, like fire and floods. Dispose of customer information appropriately. Dispose of hard drives in a safe manner – we can do this for you!

2015Computer Services – Information Security| Technical Safeguards Avoid transmitting sensitive data by . If you need to transmit sensitive data, use Voltage, an encryption provided by the university. Erase all data when disposing of computers, hard drives or any other electronic media that contains customer information. Promptly dispose of outdated customer information. Store electronic customer information on a secure server provided by Computer Services.

2015Computer Services – Information Security| Op Information Security Data Classification Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. Classification helps determine what baseline security controls are appropriate for safeguarding that data. There are three data classifications: Restricted data, private data, and public data

2015Computer Services – Information Security| Op Restricted Data Definition Data should be classified as Restricted when the unauthorized disclosure, alteration, or destruction of that data could cause a significant level of risk to the University or its affiliates. The highest level of security controls should be applied to Restricted data. Examples Social Security Numbers Personnel records Credit card numbers Medical records BearPass Login with password Academic records (grades, transcripts, etc.)

2015Computer Services – Information Security| Op Private Data Definition Data should be classified as Private when the unauthorized disclosure, alteration, or destruction of that data could result in a moderate level of risk. This is the “default” category. Acquisition or distribution of Private data by or between University agents or employees for legitimate purposes is allowed. Examples Budget Information BearPass Number Documentation Research not yet completed or published Vendor documentation Contracts

2015Computer Services – Information Security| Op Public Data Definition Data should be classified as Public when the unauthorized disclosure, alteration, or destruction of that data would result in little or no risk. Some level of control is required to prevent unauthorized modification or destruction. Examples Directory information addresses (directory) Course catalog information Data often found on university website

2015Computer Services – Information Security| Op Information Management Information that is Private or Restricted: Should not be transmitted to recipients external to MSU network unless approved by Records Custodian. Should not be posted to cloud services like Dropbox or Google Drive. Should not be carried on mobile electronic devices unless the data is encrypted.

2015Computer Services – Information Security| In summary… Remember – Information security starts with you! Keep a clean machine. Never assume – prove to yourself that sensitive links and phone calls are legitimate. Don’t save sensitive university information to portable devices. Learn more on the Information Security website and blog at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.