Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

Slides:



Advertisements
Similar presentations
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Woodland Hills School District Computer Network Acceptable Use Policy.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Information Security Awareness:
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Security Controls – What Works
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Information Security Steven Hall 21 st Jan Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.
1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.
Website Hardening HUIT IT Security | Sep
Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.
Information Security Technological Security Implementation and Privacy Protection.
General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT Security for Users By Matthew Moody.
1.1 System Performance Security Module 1 Version 5.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
Security considerations for mobile devices in GoRTT
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
End User Cyber Security Awareness Training. Who should complete this training This training is required for all individuals that owns a computer, mobile.
ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
On the Computer Technology website, you’ll find the information you need to be successful in your courses. Check back frequently for course offerings,
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
Information Systems Services How to Protect Yourself On-Line (Keeping Safe At Work) Kevin Darley, IT Security Co-ordinator 7 th March 2013.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Training of Information Security for Common Users Dr. Francisco Eduardo Rivera FAA SALT Conference, February 18, 2004.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Security Awareness – Essential Part of Security Management Ilze Murane.
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Policy and Security Report to Faculty Council Jeanne Smythe ATN Director for Computing Policy March 26,2004.
Woodland Hills School District Computer Network Acceptable Use Policy.
Cybersecurity Test Review Introduction to Digital Technology.
Safe Computing Practices. What is behind a cyber attack? 1.
Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Computer Security Keeping you and your computer safe in the digital world.
Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.
Privacy and Security Challenge "Private" Benjamin For the Record Top Secret Green Eggs and Spam Hi ho, hi ho it's of to FOIP I go
Welcome to the ICT Department Unit 3_5 Security Policies.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
The Basics of Protecting Electronic Personal Health Information Greg Nance - CISSP, CRISC, CISA, ITIL Information Security Governance, Risk and Compliance.
I have many checklists: how do I get started with cyber security?
Privacy Breach Response and Reporting
Information Security and Travel-related Security
Digital $$ Quiz Test your knowledge.
Prepared By : Binay Tiwari
Information Security Awareness
Faculty of Science IT Department By Raz Dara MA.
Security Hardening through Awareness August 2018
General Data Protection Regulation Q & A Session
Introduction to the PACS Security
Woodland Hills School District
“Workplace Behaviour: Activating your greatest security asset”
School of Medicine Orientation Information Security Training
Presentation transcript:

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager

Information Systems Security Why? Information Systems Security has become a significant concern for the reputation of our institution due to increasing threats. We must therefore make special efforts to:  protect Queen’s administrative, teaching, research, and personal and confidential systems and information;  enable Queen’s staff, faculty, students and researchers to perform their computing activities securely in support of the mission of the University; and  adhere to increasing regulatory and compliance requirements (privacy legislation such as FIPPA, PHIPA, etc).

Today’s Growing & Changing Threat Model Increased number and changing nature of attacks: Source: Gartner Dataquest

Why Do I Need To Know About Information Security ? Consider these real world scenarios: Scenario #1: A faculty member/researcher calls IT support to say they lost their research data due to a hack.

Why Do I Need To Know About Information Security ? Scenario #2: A faculty member/clinician wants to know how to remove a virus/Trojan from his/her system or lab computers.

Why Do I Need To Know About Information Security ? Scenario #3: A faculty member is doing research using data related to human subjects. The dataset contains personal and confidential information. The faculty member/researcher wants to know how to protect the system or application he/she is building to avoid issues with data integrity, confidentiality, and legal liability under PHIPA.

Why Do I Need To Know About Information Security ? Scenario #4: A faculty member/researcher/physician wants to know how to protect sensitive patient data on their laptop while they travel. Privacy requirements as per Queen’s policy, Office of the Privacy Commissioner and FIPPA is to encrypt personal data.

Why Do I Need To Know About Information Security ? Scenario #5: A faculty member used their dog’s name, “Poodle”, as the password for their Queen’s NetID. Weak passwords can be cracked very easily nowadays.

Why Do I Need To Know About Information Security ? Scenario #6: A faculty member responds to a hoax or phishing by providing their user ID and password, making them vulnerable to identity theft.

Why Do I Need To Know About Information Security ? Scenario #7: ITServices gets notified by an external party (e.g. bank or government agency) that a Queen’s computer system has been compromised and is being used for malicious purposes (SPAM and other forms of computer attacks such as phishing). A review reveals that the computer system belongs to a faculty member and that the system has been compromised without his/her knowledge.

Visit the Information Security website for information on:  Queen’s IT Security policies, standards and guidelines  Education and awareness offerings - Safe Computing Course  Security information such as the Golden Rules of Safe Computing, secure disposal of data, and securing network printers  Links to available security software (e.g. free antivirus software)  Security services such as systems security assessments, hard drive destruction and disposal, and SSL certificates …and much more Queen’s ITServices can help Information Security Website

Queen’s University New Faculty Orientation Day Thank You George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager or ext Q & A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.