Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
© Peter Readings Data Leakage Pete Readings CISSP.
POSSIBLE THREATS TO DATA
Layered Security Solutions - Simplified © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!
4 Information Security.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Controls for Information Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Session 3 – Information Security Policies
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR TJX Video.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
General Awareness Training
Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.
Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
1.1 System Performance Security Module 1 Version 5.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Madison Security Systems. Computer Viruses Types of Viruses  Nuisance Viruses  Data-Destructive Viruses  Espionage Viruses  Hardware-Destructive.
Northland Security Systems. Computer Viruses Types of Viruses  Nuisance viruses  Data-destructive viruses  Espionage viruses  Hardware-destructive.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Note1 (Admi1) Overview of administering security.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Chapter 2 Securing Network Server and User Workstations.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.
 Nuisance viruses  Data-destructive viruses  Espionage viruses  Hardware-destructive viruses.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
CS457 Introduction to Information Security Systems
E&O Risk Management: Meeting the Challenge of Change
Managing Secure Network Systems
Secure Software Confidentiality Integrity Data Security Authentication
Data Compromises: A Tax Practitioners “Nightmare”
Chapter 17 Risks, Security and Disaster Recovery
Joe, Larry, Josh, Susan, Mary, & Ken
Answer the questions to reveal the blocks and guess the picture.
Chapter 3: IRS and FTC Data Security Rules
Move this to online module slides 11-56
INFORMATION SYSTEMS SECURITY and CONTROL
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Security week 1 Introductions Class website Syllabus review
Session 1 – Introduction to Information Security
Presentation transcript:

Women in Technology 2009 Mary Henthorn

Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security Policies Protect Privacy

Whos responsible?

Chief Executive Officer Chief Technology Officer Chief Security Officer IT Professional Other Business Mom Everyone

Physical Logical

Cameras Logs Monitoring Breach notification letters Data backup tapes RFID

Breach laws Freedom of information $20 Million Settlement on VA Data Theft State tape with data on 800,000 missing

Know your enemies Classify your assets Identify constraints and parameters Assess risks Implement security, develop policies Repeat!

Physical Equipment failure Natural disaster Manmade disaster Theft Logical Malware Denial of service Data corruption

Physical accessibility Physical weaknesses Location People Application weaknesses Memory, input, race, privilege, user interface Inadequate access control

Property Dollar value Systems Criticality Data Sensitivity Extremely Critical CriticalNot Critical

Laws Regulations Contracts Policies

Violation of law Disclosure of personal information Violation of contracts, regulations, or policy Loss of revenue Misuse of resources Corruption of data Unavailable resources Loss of reputation Criminal or civil liability Loss of trust

1. Use and update firewalls and anti-virus 2. Properly setup and patch OS and applications 3. Use appropriate authentication – passwords 4. Lock unattended workstations 5. Backup data 6. Use the Internet with caution 7. Be careful with , social networking 8. Review security regularly 9. Respond to incidents appropriately 10. Recognize security is everyones responsibility

Layers of protection Internet access point traffic analysis Router firewall Desktop firewall Fence and secured gate Locked front door Locked office door

Variety of protection Firewall Anti-virus Authentication Security cameras Locked doors and file cabinets Scanners

Computer Emergency Readiness Team National Institute of Standards and Technology Identity Theft Arkansas Security