Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
Work together as a team to ensure protection of computer systems and data University-wide (using technology, policies and procedures). 2 Director of Information Security reports to Information Systems CIO and General Counsel in Legal Department.
At least 6 characters. At least 1 number. Do not reuse old passwords. Change password every 6 months. 3
The fraudulent practice of sending s purporting to be from legitimate companies in order to induce individuals to reveal personal information. NEVER SEND YOUR PASSWORD OR ANY PERSONAL INFORMATION THROUGH TO ANYONE. Wake Forest University will never ask you to provide personal information, such as your social security number or passwords, via message. 4
5
Forwarded message From: Wake Forest University Date: Tue, Apr 17, 2012 at 8:09 AM Subject: New Secure Message Regarding Your Wake Forest University New Important Security Message Alert! Log In in order to resolve the problem. Click to log in. 6
Do not use peer-to-peer sharing applications, such as BitTorrent. If you have questions about use of video or music, please contact ZSR Library for guidance. 7
WinZip can be used to encrypt attachments to s. Confirm recipient's address is correct. encryption password in separate . If unsure of confidentiality of data, be conservative and encrypt attachment files. 8
WFU IS department will encrypt staff laptops. Smart phones that receive WFU must be passcode protected. USB flash drives can be encrypted. Consult the following web site for examples of USB flash drives that support encryption. Consult IT support person in your area or any member of security team for questions. 9
Use the Virtual Private Network (VPN) software to connect to the WFU network. Consult the following web site for information: Ensure that your home computer is up to date regarding operating system patches, and antivirus patches. Ensure that data is secure appropriately on USB drive as the data is being transported home. 10
Physical Controls – Use lock down cable connected to laptop or desktop. Do not leave laptop visible in car. Do not leave unattended laptop in meeting rooms, library tables or classrooms. Logical Controls – Enable password protected screen savers. Do not post passwords on desk, on wall, or anywhere visible to others. Do not share passwords with others. 11
Social Security Number Credit Card Information Bank Information Student Records Drivers License Information 12
Any employee that works with NPI could potentially be aware of a breach. More importantly, employees aware of a breach must contact IS Security. Security breaches can affect many people. For example, Norte Dame had a breach of credit card data in 2006 as well as an employee record data breach in The affects were as follows: 24,000 employees affected by 2009 breach, personal information exposed on the Internet, and Notre Dame worked to minimize future threats. Notre Dame’s overall cost to mitigate 2006 PCI breach was a one time $4.6M fee and $630K recurring. WFU’s reputation would be majorly affected as well as having to pay financial penalties. 13
Bridge at ZSR Library Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeffrey Teague, Security Analyst, Senior 14
15