Information Security Awareness Briefing 5 November 2013.

Slides:

Advertisements

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

Advertisements

My AmeriCorps Release 3 State Commissions and Programs User Roles and Management – Implementing Presentation developed for the Corporation for National.

Alabama Primary Health Care Association

Advanced Piloting Cruise Plot.

Chapter 1 The Study of Body Function Image PowerPoint

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

Erasmus Mundus Information Day 20 January Erasmus Mundus Information Day 20 January ERASMUS MUNDUS PREPARING YOUR APPLICATION.

Erasmus Work Placement Workshop: the risk & insurance implications Rachel Phillips Marsh UK HE Practice Leader Mary Murtagh – Marsh Risk.

Overview An overview of Apprenticeships and the Apprenticeship Vacancy Matching Service Your presenter is Anne Rodriguez Issue 1.0 Apprenticeship Vacancy.

Task Group Chairman and Technical Contact Responsibilities ASTM International Officers Training Workshop September 2012 Scott Orthey and Steve Mawn 1.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

Aviation Security Training Module 4 Design and Conduct Exercise II 1.

HERMES TUTORIAL version 1.0 Published 24th July 2007 This tutorial version is based on the actual deployed version of Hermes, as of the date of publication.

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Title Subtitle.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

1 Focusing on users: Gathering users requirements Sarah Agarwal Consultant Web development Project Manager and Usability Engineer Internet Development.

SEARCHING THROUGH EBSCO MEDLINE AND CINAHL WITH FULL TEXT prepared by Literature Searching Team Library, Faculty of Medicine, UGM 2012.

Internet Governance Community Use Slide Deck Courtesy of ARIN May 2014.

Law School 1 Using Blackboard Assignment tool for e-submission, e-marking, e-feedback Jane Daly 21 st March 2013.

Effectively applying ISO9001:2000 clauses 6 and 7.

Introduction for University Staff

Page 1 of 30 To the Create Assignment Request Online Training Course An assignment request is created by an assignor to initiate the electronic assignment.

ABC Technology Project

Introduction for University Staff CiCS welcomes you to the University of Sheffield 12/06/2014Allan Wright © The University of Sheffield 1.

1 ITSS This overview deck contains two sections. Please use the links below to navigate –How to Register for ITSS Application AccessHow to Register for.

Mechelen - 06/02/2014 Telenet Security Day CYBER scrapings putting our 2 cents in.. Christian Van Heurck CERT.be coordinator CERT.be team.

Dominion Virginia Power Near Miss Library ________________________________ A Briefing for National Electrical Workers Near Miss System Jake J. Mazulewicz,

BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013  Question goes here!

Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)

Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.

Senior Manager – Research Finance & Programmes

CMPT 275 Software Engineering

© 2012 National Heart Foundation of Australia. Slide 2.

Online learning projects Some critical factors Prepared by: Paul Trahair 29 August 2003.

2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.

April 2003 ONLINE SERVICE DELIVERY Presentation. 2 What is Online Service Delivery? Vision The current vision of the Online Service Delivery program is.

Understanding Generalist Practice, 5e, Kirst-Ashman/Hull

GEtServices Services Training For Suppliers Requests/Proposals.

GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.

Note to the teacher: Was 28. A. to B. you C. said D. on Note to the teacher: Make this slide correct answer be C and sound to be “said”. to said you on.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

25 seconds left…...

Powered by Powered by Connecting Organizations, Building Community Michigan Cyber Range.

Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.

H to shape fully developed personality to shape fully developed personality for successful application in life for successful.

Januar MDMDFSSMDMDFSSS

20&27 May Agenda 1.Highlight the difference between system flow of e- Invoice and paper invoice – 15 minutes 2.Demonstrate the operation procedure.

Sedex: Registration and Account Set Up Instructions

We will resume in: 25 Minutes.

©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.

SECURITY AND INFORMATION SYSTEMS THE EVOLUTION OF SECURITY SYSTEMS Created By: Jamere Hill Instructor: Kyhia Bostic Section University of Houston.

PSSA Preparation.

Immunobiology: The Immune System in Health & Disease Sixth Edition

Weekly Attendance by Class w/e 6 th September 2013.

February 14, th Annual Management Information Systems [MIS] Conference An Introduction to NH Networks NH Department of Education Irene Koffink Michael.

Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.

1 Office of New Teacher Induction Introducing NTIMS New Teacher Induction Mentoring System A Tool for Documenting School Based Mentoring Mentors’ Guide.

The tool that could change everything 1 The Tool that could for Employees Change Everything.

Student Interface for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Student Interface for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Presentation transcript:

Information Security Awareness Briefing 5 November 2013

Why are you here today? Slide 2  University’s Information Security Policy and new UAS Information Security Policy  Your Head of Department is responsible for information security within your department or section  Part of this is to ensure all your staff are made aware of their individual responsibilities for information security  The new online Information Security Awareness module - mandatory for UAS staff - will help you with this

Agenda (14: :30) Slide 3  Risk Management - University and national perspective  Information Security - Departmental obligations  Information Security Awareness Programme  Online awareness module for staff  Questions

Slide 4 Information Security Toolkit Lunchtime courses Q&As (about Online Awareness Module) Online Awareness Module Contact InfoSec team Information Security website

Slide 5 Risk Management University and national perspective

University Strategic Risk Register (Nov12 - Health Warning) Slide 6 Risk: Failure to ensure security of people, property, and information Consequences: Damage to operations, financial loss Measures: Strategic assessment of threat. Appropriate security arrangements Action: Review of …oversight arrangements

Risk threat (IT Services Strategic Risk Register) Slide 7 If IT Services does not ensure that its information assets are managed correctly and securely - then - there is a possibility of information loss and corruption - resulting in a risk of - damage to reputation and the possibility of criminal or civil proceedings

UUK Cyber Security Policy Briefing, Jul 12 Slide 8 “Given the importance of universities to the UK economy and to economic prosperity in general, it is essential to increase the level of awareness of, and resilience to, cyber threat in the sector.” “Cyber security can all too often be thought of as an IT issue, rather than a strategic risk management issue.” The cyber threats facing universities today will not be solved through investment in technology alone, but through concerted risk assessment which results in: universities identifying which critical information assets need to be prioritised for protection; and the establishment of a cyber risk oversight structure at senior level.”

Real life stories (1) Slide 9  A laptop stolen from office  A research project was (temporarily) closed down because laptop wasn’t encrypted having severe operational and financial implications CPNI

Real life stories (2) Slide 10  Encrypted laptops stolen from lab HEISC on Facebook

Real life stories (3) Slide 11  Social media hacked!  Over-sharing on social media

Real life stories (4) Slide 12  Phishing attacks  Users who weren’t aware of their responsibilities for maintaining access to data were adversely affected when the University temporarily blocked Google Docs. HEISC on Facebook

Real life stories (5) Slide 13  Phishing attacks  Cryptolocker ransomware, malware that effectively destroys documents by encrypting them and demanding a ransom to unencrypt them. CPNI

Real life stories (6) Slide 14  Shared computing room  Keystroke- logging incident Images: JISC and

Slide 15 Information Security Your obligations

Incident Register

Your obligations Slide 17 Policies:  University’s Information Security Policy  UAS Information Security Policy Departmental obligations include:  an Information Security policy owned by head of section  train staff Help is available from the Information Security team!

Slide 18 Information Security (IS) Awareness Programme

Slide 19 ‘ The cyber threats facing universities today will not be solved through investment in technology alone’ (Universities UK)  Creating right culture and providing training is most important activity  The Information Security Team is therefore working on an Awareness Programme

Information Security (IS) Awareness Programme Slide 20 YOU ARE THE TARGET! 7 Nov, 11 Dec and next term

Slide 21 Online Information Security Awareness Module

Online Information Awareness Module Slide 22  Mandatory for each member of UAS to take part in by 15 March 2014  Designed in collaboration with five Universities and customised by InfoSec team (including testing)  Highlights important considerations and information security risk  Offers a mixture of information, supporting resources and case studies  Takes approximately 45 minutes to complete and can be done in several ‘sittings’  Login via Single-Sign-On required

Online Information Awareness Module Slide 23

Online Information Awareness Module Slide 24 Sections, and how long it will take to complete

Online Information Awareness Module Slide 25

How UAS staff will be informed Slide 26  On each member of UAS will receive an invitation to take the online information security awareness module  Awareness posters will be spread across your offices  reminders will be circulated Most importantly: we need your help to ensure that each member of your department completes the online awareness module!

Your questions answered Slide 27 All UAS staff MUST take the IS Awareness Module  What if anyone refuses?  All temporary staff MUST do this?  All consulting / intern staff MUST do this?  All new staff MUST do this?  Will this module be registered against their contract of employment? UAS staff SHOULD attend IS courses in IT Services  UAS staff SHOULD attend the course "You Are The Target!"  Will IT Services repeat this course if it is oversubscribed? Information Security is an issue for the whole University  Why is the University raising awareness about Information Security?  Who cares who has completed the module?  How can IT Services check that someone has completed this?  Who is going to follow up this activity, next academic year?  Who will keep the module up-to-date?  What about the module outside of UAS?

Slide 28 Information Security Toolkit Lunchtime courses Q&As (about Online Awareness Module) Online Awareness Module Contact InfoSec team Information Security website