Information Security Information Technology and Computing Services Information Technology and Computing Services
Security Fallacies We have antivirus software, so we are secure We have a firewall, so we are secure The most serious threats come from the outside I don’t care about security because I backup my data daily Responsibility for security rests with IT Security Staff We have antivirus software, so we are secure We have a firewall, so we are secure The most serious threats come from the outside I don’t care about security because I backup my data daily Responsibility for security rests with IT Security Staff
IT Security Components Firewalls Intrusion Detection Software Antivirus Software Updated OS and Applications Continual education for staff and users User cooperation and compliance Most critical component Most difficult to achieve Firewalls Intrusion Detection Software Antivirus Software Updated OS and Applications Continual education for staff and users User cooperation and compliance Most critical component Most difficult to achieve
Security Threats Malware-viruses, worms, trojans, spyware Security patches not applied Hacking and network scanning Social engineering Chat and Instant Messaging software Weak Passwords Unawareness, carelessness Malware-viruses, worms, trojans, spyware Security patches not applied Hacking and network scanning Social engineering Chat and Instant Messaging software Weak Passwords Unawareness, carelessness
What can you do? Report Incidents (helpdesk) Passwords Backups use and Security Internet Security Mobile Devices Physical Security Report Incidents (helpdesk) Passwords Backups use and Security Internet Security Mobile Devices Physical Security
Use/Update antivirus software Patch OS and Applications Don’t use P2P file sharing software Use software firewalls Use your locks-door and computer Don’t reveal your password to anybody Don’t reveal confidential information Use/Update antivirus software Patch OS and Applications Don’t use P2P file sharing software Use software firewalls Use your locks-door and computer Don’t reveal your password to anybody Don’t reveal confidential information
Safe Computing Add-ons to Internet browsers Add-ons to clients Aftermarket screensavers Instant Messenger software If you have been hacked change all your passwords Safe Computing Add-ons to Internet browsers Add-ons to clients Aftermarket screensavers Instant Messenger software If you have been hacked change all your passwords
Antivirus Policy All networked machines must run Symantec AV software Site license for Symantec AV Free copy for every Windows and Macintosh computer Free copy to load on home computers Infected computers will be removed from the network until cleaned All networked machines must run Symantec AV software Site license for Symantec AV Free copy for every Windows and Macintosh computer Free copy to load on home computers Infected computers will be removed from the network until cleaned
Mobile Security Password protection Encryption Physical security WiFi (wireless technologies) All devices must be registered and authenticated using pirateID Telecommuting (remote access) Password protection Encryption Physical security WiFi (wireless technologies) All devices must be registered and authenticated using pirateID Telecommuting (remote access)
Data Security Data and You (protection of sensitive data) Continuity of Operations / Disaster Recovery (ensure you have a plan) Identity Theft / Phishing (don’t be a victim) Physical Security Data and You (protection of sensitive data) Continuity of Operations / Disaster Recovery (ensure you have a plan) Identity Theft / Phishing (don’t be a victim) Physical Security
HIPAA Privacy & Security All workforce members must be trained on HIPAA security issues if they access computers that contain EPHI. This training will help to assist you in protecting the confidentiality, security and integrity of EPHI. We all have certain responsibilities in implementing safeguards and actions to protect EPHI. itcs/itsecurity/HIPAA-Privacy- Security.cfm All workforce members must be trained on HIPAA security issues if they access computers that contain EPHI. This training will help to assist you in protecting the confidentiality, security and integrity of EPHI. We all have certain responsibilities in implementing safeguards and actions to protect EPHI. itcs/itsecurity/HIPAA-Privacy- Security.cfm
FERPA Avoid copying or downloading sensitive data from university systems If there are no other alternatives then proper security measures must be taken Avoid using SSN #’s in databases or applications as identifiers Avoid sending sensitive data un-encrypted Protect sensitive data Avoid social engineers that try to get you to share information Secure your workstations ECU.cfm Avoid copying or downloading sensitive data from university systems If there are no other alternatives then proper security measures must be taken Avoid using SSN #’s in databases or applications as identifiers Avoid sending sensitive data un-encrypted Protect sensitive data Avoid social engineers that try to get you to share information Secure your workstations ECU.cfm
Ways to Protect HOME WiFi Security Symantec Antivirus Backup! Passwords Bank and Credit Card Information Firewall OS Patches Instant Messaging Encryption WiFi Security Symantec Antivirus Backup! Passwords Bank and Credit Card Information Firewall OS Patches Instant Messaging Encryption
Problems or Questions Don’t call individual ITCS employees Call IT Support Single point contact All calls forwarded to appropriate consultant Open a Service Request itcs/safetySecurity.cfm Don’t call individual ITCS employees Call IT Support Single point contact All calls forwarded to appropriate consultant Open a Service Request itcs/safetySecurity.cfm