Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.

Published byMagdalen Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016."— Presentation transcript:

1 Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016

2 Agenda ➢ Data Protection ➢ Data Classification ➢ Good Practices for IT Security

3 Data Protection ➢ Data is one of the most valuable assets of the University ➢ Data could be any factual information that is stored in computer, USB drive, Cloud storage and paper. ➢ Risks to the data: 1. Theft 2. Loss 3. Leakage 4. Tamper

4 Data Classification

5 The importance of data classification Allow us to identify the data Manage the data better Employ appropriate level of security to the data

6 Three-level Data Classification In order to handle data properly, data should be classified into sensitivity levels. Public Sensitive Restricted

7 Three-level Classification Public Data is generally open to the public. No existing local, national or international legal restrictions on access. Examples: 1.events and activities information 2.communication notices 3.publications

8 Three-level Classification Sensitive Data is “for Official Use Only” Protected from unauthorized access due to proprietary, ethical or privacy considerations Examples: 1.Student data; 2.University partner or sponsor information where no confidentiality agreement exists

9 Three-level Classification Restricted Data is protected by regulations, University policies or contractual agreement Unauthorized access may result in significant financial risk or negative impacts on the reputation of the University Examples: 1.Personal Information 2.Payment Records 3.Medical Records

10 Data Handling ➢ Different level of precautions and security controls are applied based on the data classification. ➢ Data with higher sensitivity level requires higher level of protection. Public Sensitive Restricted

11 Data Handling Security ControlPublic LevelSensitive LevelRestricted Level Access ControlNo restrictionAAA (Authentication, authorization, accounting) AAA, Confidentiality agreement Copying/PrintingNo restrictionLimitedLimited with label “Confidential” Network SecurityNo protectionFirewall, IPS, Allow remote Access Firewall, IPS, No remote Access System SecurityBest practicesHardeningHardening with specific security Physical SecurityLockedLocked, CCTVData Centre Data StorageMonthly BackupDaily Backup Encryption Data loss prevention AuditingNo LoggingLoginsLogins, access and changes

12 Good practices for IT Security

13 Workstation ➢ Use complex password, at least 10 characters with combinations of alphanumeric and special characters ➢ Enable login password and screen saver password ➢ Screen lock or logout your computer when unattended ➢ Do not install Peer-to-Peer(P2P) software on computer that handles confidential data ➢ Physically secure the notebook PC, tablet PC ➢ Avoid using public computer to access confidential files ➢ Using VPN or other secure channel for remotely access from the outside of the university

14 Storage Data could be stored on personal PC, file server, mobile phone, Network Attached Storage(NAS), Cloud storage, … etc. ➢ Apply access control Require user ID and password Read, write, deny access Logging ➢ Use encryption ➢ Backup regularly

15 Removable Storage ➢ Use encryption with password protected ➢ Erase the data after use ➢ Don’t leave USB drive unattended ➢ Keep it safe ➢ Don’t use USB drive from unknown source. ➢ Only store sensitive data on portable devices or media when absolutely necessary ➢ Report to supervisor if lost USB drive that contains sensitive data http://www.its.hku.hk/about/policies/ Guidelines on storing and accessing personal data on portable storage devices and personally owned computersGuidelines on storing and accessing personal data on portable storage devices and personally owned computers (Newly updated on Mar 2015)

16 Cloud storage Before uploading data to Cloud storage, you should consider: ➢ Privacy and confidentiality ➢ Data Encryption ▪ being uploaded to, or downloaded from, and stored in the cloud ➢ Exposure of data ▪ to operator, local and foreign government or agency

17 Social Networks Online Social networking sites are useful to stay connected with others, but you should be wary about how much personal information you post. “Stay Smart. Mind Your Digital Footprint” – by PCPD “Stay Smart. Mind Your Digital Footprint” Privacy and security settings Once posted, always posted Keep personal information personal

18 Mobile Security “New Technology, old Privacy and Security issue” ➢ Lost or stolen mobile devices ▪Enable screen lock ▪Encrypt the data, such as email and documents ▪Use Remote Wipe and Anti-Virus ▪Be aware the automatically login of company email and file server ➢ Malware and virus ▪Steal bank details, Company Data, Personal identities and Email addresses ➢ Be aware apps sources and rights ▪Install from trusted sources only ▪Be aware the requested application permissions

19 Phishing is the act of attempting to acquire information such as usernames and password by pretending from a trusted entity, e.g. ITS or other department of the University ➢ Signs of a phishing email: Unofficial “From” address Urgent actions required Generic greeting Link to a fake website, sometimes with legitimate links ➢ What to do if you received phishing email Delete these suspicious emails Don’t reply or click any link on them Refer to HKU Spam report web site http://www.its.hku.hk/spam-report Phishing Email

20 Phishing email Hyperlink Http://evil.com/cheatu/login.htm Sample of phishing email

21 Ransomware is malicious software which encrypts files until a ransom is paid, and in some cases, normal use of the infected computers cannot be resumed even a ransom is paid. Ransomware

22 Ransomware typically propagates in the form of a Trojan horse which enters a computer through a downloaded file emails with malicious attachments malicious website network vulnerability Ransomware Your PC is locked and files are encrypted To get the key to unlock your PC and decrypt files, you have to pay HK$10,000.

23 1.Regularly backup your PC data and keep a recent backup copy off- line 2.For suspicious emails, attachments/files and unsolicited Web sites, please do not open them. 3.Do not enable macros in document attachments received via email. 4.Ensure anti-virus software is installed on your PCs and keep it up-to- date with the latest virus signature. 5.Keep the operating systems of your PCs up-to-date. 6.Limit the privilege and access right of shared network drives Refer to HKU ITS web site http://www.its.hku.hk/faq/infosec/awareness/ransomware Security Measures for Protecting PC

24 Thank You

Download ppt "Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.

Similar presentations

Ads by Google