Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Thank you to IT Training at Indiana University Computer Malware.

POSSIBLE THREATS TO DATA

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

7 Effective Habits when using the Internet Philip O’Kane 1.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Mr C Johnston ICT Teacher

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

IT Security Essentials Ian Lazerwitz, Information Security Officer.

Viruses & Destructive Programs

New Data Regulation Law 201 CMR TJX Video.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Internet safety By Lydia Snowden.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Computer Crime & Security Hackers & Crackers & Worms! Oh my!!

Safe computing and Malware Presentation done by Tylor Hardwick, Alex Gilsdorf, Code Forrester, Xander Winans.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

1.1 System Performance Security Module 1 Version 5.

Staying Safe Online Keep your Information Secure.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Security and Ethics Safeguards and Codes of Conduct.

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Any criminal action perpetrated primarily through the use of a computer.

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.

CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.

Computer Security Sample security policy Dr Alexei Vernitski.

Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Computer Security Keeping you and your computer safe in the digital world.

Chapter 40 Internet Security.

An Introduction to Phishing and Viruses

Computer Security INSM 180- Belasco Bryant and Stratton Fall 2011

Instructor Materials Chapter 7 Network Security

Business Risks of Insecure Networks

Risk of the Internet At Home

Presentation transcript:

Security Training Lunch ‘n Learn

Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement

Threat Analysis  Information security is the responsibility of everyone who works with it  Security is a process not a product  Threats can be both internal and external  Vendor contracts need privacy clauses

Threat Analysis Packet sniffing –Collects sensitive data including passwords –Even encrypted passwords can be cracked Code exploits –Buffer overflows –Remote executable Malware –Collection of sensitive data –Distributed Denial of Service attack

Threat Analysis Social Engineering –Phishing websites, s, IMs –Hacker may pose as someone else to gain password Intellectual Property Theft –Research data needs to be secured Identity Theft –Social security numbers and financial information must be secured

Malicious Software Virus –Self replicating code that infects a host file –Requires file sharing to spread across network Worm –Stand alone, does not require host –Self propagating through or IM

Malicious Software Trojan horse –Installed along with other software –Opens backdoor or sends sensitive data back to source Spyware –Collects personal information and browsing habits Adware –Creates popups

Malicious Software ActiveX/Java applets Bundled with freeware as part of Terms of Agreement Only download from trustworthy sources Peer to Peer filesharing –Can unknowingly share sensitive information –Can accidentally download copyrighted material

Legislation Family Educational Rights and Privacy Act (FERPA) –Protects a student academic record –Defines when academic record or directory information can be released without consent Gramm-Leach Bliley Act (GLBA) –Protects the financial information of a person –Consumer must be provided privacy note on yearly basis

Legislation Sarbanes-Oxley Act (SOX) –Deals with the accuracy and reliability of a companies financial information Health Insurance Portability and Accountability Act (HIPAA) –Privacy of medical records

Legislation New York’s Education Law (Article 1 S-2b) –Restricted use of SSN New York’s Information Security Breach and Notification Act –Individual must be notified if sensitive personal information is compromised

Legislation Why are these important? –External auditors have told us to adhere to as many regulations as possible –Many financial regulations are in the process of being applied to higher ed –Our Board of Trustees have insisted on it Information Security Policy Information Security Procedures/Standards

Threat Mitigation Access control –Physical security –Authentication, authorization, and accounting –Access control lists –Firewalls –Network Access Control Patch management –Network devices –Servers

Threat Mitigation Encryption –SSH, SSL, file level encryption VPN –Creates secure tunnel between external address and internal network –Secures all wireless traffic Barracuda Spam Filter Proper disposal of information –Shredders, DoD level hard disk formatting

Desktop Security Separate machine for work and home –Child/spouse may compromise data Strong passwords –Combination of lower case, caps, numbers, and symbols –Do no share password with anyone –Change passwords frequently Always lock machine when not using it –Automated screen saver password

Desktop Security Antivirus –Up to date definitions –Real time monitoring Spyware removal tools –Up to date definitions –Frequent scans Personal firewall –Only open ports to necessary services

Desktop Security Use Firefox over Internet Explorer if at all possible –Popup blockers Only install software from trusted sources –This includes any ActiveX/Java applets Keep up to date with the latest security patches Ensure screen is not visible to outsiders

Mobile Security Try not to store sensitive data locally on mobile machines –Data can be compromised by loss or theft –Encrypt sensitive data that needs to be stored locally Users should cable lock laptops when not in presence –Even in cars, hotel rooms, etc…

Mobile Security Never leave a PDA unattended Remote wipe software Encrypt data on portable media

Policy Enforcement Our goal is not to punish you for misdeeds but to keep the network clean and the information secure Punitive actions can promote cover ups, denials, and prolongs detection Please contact us immediately if anything appears suspicious Feel free to come to me with any questions

Conclusion Questions? Comments? Compliments? Complaints?