Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author.

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Hart District Acceptable Use Policy Acceptable Use Policy.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
1 If You Are Me, Then Who Am I? Tips on Identity Theft Prevention California Office of Privacy Protection.
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Deploying Tools for Cleaning Personal Information University of Pennsylvania School of Arts and Sciences Justin C. Klein Keane Sr. Information Security.
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Wireless LANs A Case Study of Baylor University’s Wireless Network Copyright Bob Hartland 2002 This work is the intellectual property of the author. Permission.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Youngstown State University PCI Training enter or left click on mouse to advance slides.
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.
West Virginia University Office of Information Technology Support Services One Stop Shopping For IT Support Services Sid Morrison Director, OIT Support.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
New Data Regulation Law 201 CMR TJX Video.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Protecting Sensitive Information PA Turnpike Commission.
General Awareness Training
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
What is the big idea behind the 12/3 Identity Finder scan? The system-wide scan on 12/3 is intended to permanently remove all PII and anything looking.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Dangerous Documents. Legal Compliances State and federal laws Contractual obligations Subject to an affirmative legal duty to establish and maintain certain.
Identity Theft Ashley Gowin Sabrina Prophet. What is Identity Theft? Identity theft is when someone uses your personal information such as your name,
Security Access Management at UCI – Slaying the Paper Forms Dragon Mark Askren, Assistant Vice Chancellor Valerie Jones, Project Lead Jennifer Lane, Help.
Preventing a Sensitive Data Loss: Laptops Marc Scarborough.
Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
Attacking Sensitive Data on Your Computer. Why? Who cares? Increasing data theft & data breaches = $$$$$ Where does the money go? Comply with laws Protect.
Prevention of Identity Theft. Why now, Why us? Federal Trade Commission (FTC) regulations for Identity Theft which may not apply, but it is good business.
Identity Theft One of America's fastest growing crimes.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Protecting Your Assets By Preventing Identity Theft 1.
IDENTITY FINDER TRAINING. What is Identity Finder?  Identity Finder is a program that is installed on your desktop, laptop, or server to locate personally.
What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.
Information Management and the Departing Employee.
Computer Security Sample security policy Dr Alexei Vernitski.
A properly constructed virus can disrupt productivity causing billions of dollars in damage A virus is a small piece of software that piggybacks on real.
Protecting Your Assets By Preventing Identity Theft
You’ve Been Hacked! What to do when your personal information has been compromised Paul T. Yoder, Information Systems Security Specialist.
Julian Hooker Assistant Managing Director Educause Southwest
The University of Arizona Personal Information Sweep
Protection of CONSUMER information
Filelocker: Simplifying Secure File Transfers
Home Computer Security
Red Flags Rule An Introduction County College of Morris
Project for OnLine Instructional Support (POLIS)
myIS.neu.edu – presentation screen shots accompany:
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Presentation transcript:

Information Security Office 1 Copyright Statement Copyright Mary Ann Blair This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Identity Finder and Carnegie Mellon Mary Ann Blair Director of Information Security Information Security Office (ISO)

Information Security Office 3 Overview 1.Background 2.What We Did 3.How We Did It 4.What We Learned 5.What Next…

Information Security Office 4 Background

Information Security Office 5 What We Did SSN Remediation Project: local scanning fast tracked after laptop theft Learned from peers! Vendor partnership as a critical selection criterion Enterprise license including home use

Information Security Office 6 What We Did Voluntary for all faculty, staff, and students Appealed to stewardship Relied on the shock factor Big bang

Information Security Office 7 How We Did It Customized MSI –Embedded license key –Disabled recycle option –Disabled auto-update Customized user documentation Pre-announced to partners followed by mass mail Surveyed faculty & staff

Information Security Office 8 Mass Mail: Do your part to prevent Identity Theft Protect Yourself, Others and the University from Identity Theft with Identity Finder! Did You Know? - Your computer might be storing personally identifiable information (PII) such as your Social Security Number, bank account numbers, credit card numbers and passwords without your knowledge - If your computer or external media is lost, stolen or broken into over the Internet, someone might use it to steal your identity and the identities of anyone who shares your computer or whose personal information you might handle - If you store sensitive PII for Carnegie Mellon work and your computer or external media is lost or compromised, the University is obligated under PA state law to notify everyone affected by the breach and could potentially be legally liable - Over eight million Americans have their identities stolen annually and on average victims spend 600 hours clearing their good name -- Federal Trade Commission & Identity Theft Resource Center Do Your Part! Clean Up Sensitive PII on Your Computer with Identity Finder! NOTE: If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making ANY system changes.

Information Security Office 9 How We Did It

Information Security Office 10 How We Did It

Information Security Office 11Information Security Office 11 What we told folks 1/3 1.Know what data is stored on your personal computer. 2.Delete or redact what you don’t absolutely need.

Information Security Office 12Information Security Office 12 What we told folks 2/3 3.Don’t store it on your personal computer especially not on your laptop or home computer. If you must store sensitive data, check with your departmental computing administrator about options to store it on a secured file server, one with robust access control mechanisms and encrypted transfer services.

Information Security Office 13Information Security Office 13 What we told folks 3/3 4.If you must store it on your personal computer: A.Follow the “Securing your Computer guidelines” B.Password protect the file if possible C.Encrypt the file (Identity Finder’s Secure Zip, PGP Desktop or TrueCrypt) D.Only transmit via encrypted protocols E.Secure delete it as soon as feasible F.Reformat and/or destroy your hard drive before disposal or giving your computer to someone else G.Secure your backups and media H.Tell us why so that we can brainstorm alternatives

Information Security Office 14 What we learned Three Month Adoption Rates * Only 4% of downloads resulted in a completed survey.

Information Security Office 15 What we heard “Didn't realize info was stored liked it was.” “I would not use it again until a MAC version is available, operating at a more acceptable search rate.” “I think this is an incredible, very valuable tool. THANKS for making it available.” “This was an eye-opener for me. This is a good addition to our set of security tools.” “No, the data on my computer was an oversight on my part. Some of the data existed from a previous employee.” “Some 70 of my 90 passwords were from browsers -- that was a learning experience, but it was not worth the 3 hours for this.”

Information Security Office 16 What we learned Workloads don’t support volunteerism There is a lot to secure and it’s hard and time-consuming deciding how to do it There are local as well as central retention requirements User requirements must be easy Users expect communication via local channels We have an expert’s blind spot

Information Security Office 17 What Next… Getting better air cover (top-down) Partnering w/local IT and user groups Pushing installs via AD group policy Offering hands on classroom training Preparing for console functionality Developing Macintosh support Stopping release of SSNs into the wild Developing SSN Usage Policy

Information Security Office 18 Q&A Please for additional information.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.