Presentation is loading. Please wait.

Presentation is loading. Please wait.

OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Committee Meeting April 15, 2016 Information Security Office

Published byCornelia Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Committee Meeting April 15, 2016 Information Security Office"— Presentation transcript:

1 OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Committee Meeting April 15, 2016 Information Security Office infosecurity@utdallas.edu 1

2 OFFICE OF BUDGET AND FINANCE Information Security Office New Offering Presented by Stephenie Edwards 2

3 OFFICE OF BUDGET AND FINANCE Information Security Office Drive Destruction Services 3 Free and secure way to dispose of university data that has been stored on a personal device. Materials will be recycled. Personal devices that can be shredded include: Hard drives Phones Small tablets Media USB Drives Drives can be dropped off at the Information Security Office in the ROC or you can schedule to have them picked up. Drives should be removed from computers before scheduling drop-off or pick-up.

4 OFFICE OF BUDGET AND FINANCE Information Security Office Standard for Clean Desk and Secure Office Suites Presented by Mike Mogg 4

5 OFFICE OF BUDGET AND FINANCE Information Security Office Clean Desk and Secure Office Objectives 5 Data must be protected from accidental disclosure. Offices which handle Confidential Data might benefit from additional security precautions. Security Objectives include: Clean Desk Initiatives Perimeter Security Guests to offices Printer and Copier Security Shredders and recycle bins

6 OFFICE OF BUDGET AND FINANCE Information Security Office Clean Desk Initiative 6 Laptops and Portable Media should be locked away when not in use. Confidential paper files should be locked away when not in use. Sensitive documents should be turned over when guest are present. Lock computer with password-protected screen saver when not in use. Monitors should be facing away from open doors and windows and privacy filters should be used when necessary. Users should not display written passwords in their workspace.

7 OFFICE OF BUDGET AND FINANCE Information Security Office University Guests 7 Guests should not be granted access to systems without proper authorization. Guests who require Internet access and have not been provided proper credentials should use personal equipment and log into the “UTDGuest” wireless network. Departments may provide loaner laptops for this purpose as long as they are routinely scrubbed. Guests may be required to sign access logs at reception stations, be offered temporary badges, and may need to be escorted in cases where particularly high- risk information is handled.

8 OFFICE OF BUDGET AND FINANCE Information Security Office Perimeter Security 8 Typically, offices should have a secure perimeter and single point of entry with a staffed reception desk. Doors should be kept locked when the suite is not staffed. Card readers should be used to restrict access to areas that are intended for use by authorized personnel only. Video cameras may also be used to provide accountability and deter criminal activity.

9 OFFICE OF BUDGET AND FINANCE Information Security Office Printers and Copiers 9 Printers should be located in areas which aren’t accessible to the general public. If personal health information or other high risk data is printed, the machine may be located in room with access restricted to authorized personnel. Departments may require employees to enter a passcode at a printer before a job is complete.

10 OFFICE OF BUDGET AND FINANCE Information Security Office Shredders and Recycle Bins 10 Remember that everything you throw away could end being the victim of dumpster diving. When in doubt always make sure to shred documents.

11 OFFICE OF BUDGET AND FINANCE Information Security Office Confidential Paper Disposal 11 Departments who handle paper copies of confidential documents should have either a shredder or a locked recycling bin in their office. Disposal of these documents should be in accordance with the Data Storage and Disposal Standard. When using a shredder, it should be a cross-cut shredder as opposed to a strip shredder.

12 OFFICE OF BUDGET AND FINANCE Information Security Office Office of Information Technology Summit Presented by Helen Roth 12

13 OFFICE OF BUDGET AND FINANCE Information Security Office 13

14 OFFICE OF BUDGET AND FINANCE Information Security Office 14

15 OFFICE OF BUDGET AND FINANCE Information Security Office Mark your calendar! May 18, 2016 15

16 OFFICE OF BUDGET AND FINANCE Information Security Office Ask how to get FREE registration 16

17 OFFICE OF BUDGET AND FINANCE Information Security Office Sign up via the OIT Web Page utdallas.edu/oit/ 17

18 OFFICE OF BUDGET AND FINANCE Information Security Office Compass Initiative, Mobile Passcodes, and Vendor Evaluation Updates Presented by Leigh Hausman 18

19 OFFICE OF BUDGET AND FINANCE Information Security Office Mobile Device Passcodes Do you use your phone or tablet to access UTDallas email? Do you have a passcode protecting your device? (You should!) ISO has been working with OIT and Callier to enforce passcode settings for mobile devices. Other departments that routinely handle Confidential Data will be added in the future. You can protect your phone and gain experience by enabling the passcode functionality now. 19

20 OFFICE OF BUDGET AND FINANCE Information Security Office Vendor Evaluations All software applications that store or process UT Dallas data are subject to ISO review, regardless of who manages it. The streamlined form has made the process easier! It is best to involve ISO early in the process. Download the form here: Vendor Review FormVendor Review Form 20

21 OFFICE OF BUDGET AND FINANCE Information Security Office Compass Initiative Helps system owners navigate security requirements and risks. Replaces home-grown tools, such as Server Registry, and leverages existing data sources. Presents accurate reports customized for stakeholders. 21

22 OFFICE OF BUDGET AND FINANCE Information Security Office Maintaining Patches and Updates Presented by Chaney Edwards 22

23 OFFICE OF BUDGET AND FINANCE Information Security Office How does UT Dallas patch? Windows updates Automatic checks Manual checks …or not at all (shame) 23

24 OFFICE OF BUDGET AND FINANCE Information Security Office Windows Updates Typical Windows Update Scenario: – Every night at 11:00pm check-in – After check, schedule an install – If nobody is logged in, install now – If someone is logged in, prompt the user Departmental technicians can change this. If uncertain what your schedule is, ask your technicians. 24

25 OFFICE OF BUDGET AND FINANCE Information Security Office Automatic Checks Software can be set to check in automatically. Typically these settings are set at time of install. In most cases, it is easy to change. Unless you require a specific version of software, this is the best solution to keeping your machine safe. 25

26 OFFICE OF BUDGET AND FINANCE Information Security Office Manual Checks There is always the manual method. This is time consuming and easy to postpone. Machines we find with out-of-date 3 rd party software typically have software set to manual checks… that never happen. 26

27 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! UT Dallas uses two Virus Scan Products: – Microsoft System Center Endpoint Protection (New Option) – McAfee Anti-Virus (Going Away) 27

28 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! 28

29 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! 29

30 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! 30

31 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! 31

32 OFFICE OF BUDGET AND FINANCE Information Security Office Beware of Fakes! 32

33 OFFICE OF BUDGET AND FINANCE Information Security Office Best Practices Check with your departmental technicians and ensure the following: – For Windows, you are downloading AND installing updates as they come available. – For 3 rd party applications, your area is enabled for Secunia CSI updating. – For all other cases and department-specific software, ensure manual updates are occurring. 33

34 OFFICE OF BUDGET AND FINANCE Information Security Office IRS Investigation Update Presented by Brian McElroy 34

35 OFFICE OF BUDGET AND FINANCE Information Security Office IRS Identity Theft Identity theft accounted for $5.8 billion in fraudulent refunds for the 2013 tax year. Millions of taxpayers are affected each year. The ISO has received reports from 49 affected individuals since January. 35

36 OFFICE OF BUDGET AND FINANCE Information Security Office Top 3 Tax Scams for 2016 Fraudulent Filing IRS Phishing Emails IRS Phone Scams 36

37 OFFICE OF BUDGET AND FINANCE Information Security Office Tips to Protect Yourself File your return as early as possible. Know the IRS won’t contact you by email, text or social media. Shred paper copies of your tax returns and financial documents when no longer needed. Contact the IRS Identity Protection Unit if you suspect fraud or to verify an IRS letter. Take advantage of free credit monitoring when offered. 37

38 OFFICE OF BUDGET AND FINANCE Information Security Office Available Resources IRS Identity Protection Website – https://www.irs.gov/Individuals/Identity-Protection https://www.irs.gov/Individuals/Identity-Protection File a complaint with the FTC – http://identitytheft.gov http://identitytheft.gov Obtain a free annual credit report – https://www.annualcreditreport.com https://www.annualcreditreport.com 38

39 OFFICE OF BUDGET AND FINANCE Information Security Office Questions? 39

Download ppt "OFFICE OF BUDGET AND FINANCE Information Security Office Information Security Committee Meeting April 15, 2016 Information Security Office"

Similar presentations

Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Identity Theft Solutions. ©SHRM 20082 Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.

Identity Theft Solutions. ©SHRM Introduction Identification theft became the number one criminal activity issue in 2004 and has remained at the.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Similar presentations

Ads by Google