Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Awareness Training

Published byGerard Thompson Modified over 7 years ago

Similar presentations

Presentation on theme: "Information Security Awareness Training"— Presentation transcript:

1 Information Security Awareness Training

2 Information security Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction From Wikipedia, the free encyclopedia

3 Information Security Awareness Training Program
Purpose: To protect the confidentiality, integrity, and availability of Albright College data and information To safeguard and protect Albright’s investment in technology systems and equipment To understand College policies and procedures related to information security and data privacy

4 Information Security Awareness Training Program
This training program is divided into three sections: Policy Secure Computing Practices Incident Handling

5 Policies

6 Family Educational Rights and Privacy Act (FERPA)
FERPA is a Federal law that protects the privacy of student educational records. FERPA applies to all institutions that receive funds under an applicable program of the U.S. Department of Education. Albright must have written permission from a student in order to release information from his/her educational record to parents, or others -- with a few exceptions such as school officials with legitimate educational interest.

7 Family Educational Rights and Privacy Act (FERPA)
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must inform students about directory information and allow them a reasonable amount of time to request that the school not disclose directory information about them.

8 Albright Policies IT Services Acceptable Use Policy: Administrative Data Management & Access Policy:

9 ITS Acceptable Use Policy
This policy applies to all users of Albright’s information technology resources, whether affiliated with the college or not, and to all uses of those resources, whether on campus or from remote locations. Additional policies may apply to specific computers, computer systems, or networks provided or operated by specific departments of the college or to uses within specific departments. Consult the operators or managers of the specific computer, computer system, or network in which you are interested or the management of the unit for further information. Use of Albright College information technology resources constitutes an acknowledgement of this policy.

10 Administrative Data Management & Access Policy
The purpose of this policy is to define access, controls and protection of the College’s administrative data. Administrative data maintained by the institution is a vital information asset that will be available to all employees who have a legitimate need for it, consistent with the institution’s responsibility to preserve and protect the integrity of the data, and to ensure the privacy of sensitive data. The institution is the owner of all administrative data; individual units or departments have stewardship responsibilities for data domains, or portions of the data.

11 Administrative Data Management & Access Policy
Data Stewardship Framework Data Classification Standard (Public; Restricted; Highly Sensitive) Procedures for the electronic storage of highly sensitive data

12 Data Stewards Access to non-public administrative data is granted only via the appropriately designated Albright College Data Steward. By authorizing access to designated categories of administrative data, Data Stewards are acknowledging a legitimate user need for information. In addition to authorizing new data access requests, Data Stewards are responsible for an annual review of user security access to their respective data domains.

13 Data Stewards For a complete list of Data Stewards, by data domains, refer to the Administrative Data Management & Access Policy, Appendix A:

14 Highly Sensitive Data – Highly Sensitive Data are by definition restricted and include personal information that can lead to identity theft if exposed or disclosed in an unauthorized manner. Specifically, the college defines the following as Highly Sensitive Data: The first name or first initial and last name in combination with and linked to any one or more of the following data elements about the individual: • Social security number • Driver’s license number or state identification card number issued in lieu of a driver’s license number • Passport number; or • Financial/banking account number, credit card number, or debit card number.

15 Electronic Storage of Highly Sensitive Data Additional safeguards and protocols exist to ensure Albright constituent privacy and to protect Highly Sensitive Data from unauthorized exposure. Highly Sensitive Data must not be stored or kept on any non-network storage device or media. Prohibited storage media includes storage on desktop computers, laptop computers, PDAs, cell phones, USB drives, thumb drives, memory cards, CDs, DVDs, local external hard drives and other USB devices, unless specifically approved encryption methodologies have been utilized.

16 Electronic Storage of Highly Sensitive Data Highly Sensitive data cannot be distributed, including via or attachment, unless via approved encrypted means. Exceptions to the procedures for the electronic storage of Highly Sensitive Data must be approved by the appropriate division Vice President in consultation with the Chief Technology Officer. Approved exception requests will be documented to ensure the implementation of acceptable data encryption protocols.

17 Secure Computing Practices

18 Protect Your Password(s)
Never share your passwords with anyone and never allow others to access systems and data with your log-on credentials. Use ‘strong’ passwords (combinations of letters, numbers, mixed case, and special characters); Never use dictionary words or names. Don’t leave passwords written down where others can find them. Use different passwords for different websites and services. Do not use your Albright account credentials on other, non-Albright, systems and applications.  In this manner, a compromised password for one system or service does not put all of your personal data, information and access at risk.

19 Protect Your Password(s)
Change your passwords regularly. Do not save or store your passwords in your browser or within applications. Keep any written record of passwords in a safe, secure place. If you suspect that your password has been compromised, you should change it immediately, or call the IT Services Help Desk at Be aware that no reputable business will ever ask you to share your password.  You should never share or provide your password to anyone, including Albright IT Services personnel.

20 Password Reset From a Windows machine if
on campus, Ctrl-Alt-Delete and select the Change Password option From Webmail (Outlook web), choose options, then select the Change Password option Contact the IT Help Desk Coming soon: New Password Reset Tool (for anytime/anywhere access 24/7)

21 Shared Office Email Accounts
Use an Distribution List, if possible Change passwords regularly Change passwords upon every relevant personnel change IT Services records a ‘sponsoring’ employee as being responsible for the shared account and its activity

22 is an inherently insecure communications medium, which can only be secured through great effort.   messages are generally sent in clear text, can be intercepted and read by hackers, or easily forwarded to parties that were not your intended recipient.

23 should never be used to send “highly sensitive” data, either within the body of the message, or as a file attachment, unless via approved encrypted means. Please contact IT Services for assistance if you need to transmit highly sensitive data.

24 Help Prevent Identity Theft
Help prevent identity theft and/or the need to notify Albright constituents that their data has been comprised --- Contact IT Services if you would like a tool, or assistance, in scanning your computer or laptop for potentially highly sensitive data files. Today, it is against policy to have spreadsheet files or other documents containing SSNs, credit card numbers, or other personal financial banking account numbers stored on your computer. However, if you have such historical files on your machine, please contact us for assistance: OR

25 Avoid Phishing Scams Be cautious about opening s, links inside s, and attachments from unknown or suspicious sources. Use caution when forwarding a suspicious to avoid the spread of viruses and malicious software. Beware of phishing scams. Phishing s and websites are designed to steal your identity and/or money. This happens through the installation of malicious software on your computer For more info, see:

26 Lock Your Computer To help protect the information accessible from your computer, you should lock it when you are away from your desk. Manually locking your computer (Ctrl-Alt-Del on a Windows computer) or setting a password-protected screen saver, offers a layer of protection by preventing others from seeing your screen or using your computer when you are away from your desk.

27 Protect your Laptop and Removable Media Physically secure laptops and removable media when not in use. Lock them in an office, desk drawer, car trunk, or hotel safe.

28 Report Information Security Incidents

29 Incident Handling Incident Handling refers to the practices and technologies used to respond to suspected or known breaches of security. Once a suspected security breach has been identified, it must be contained as soon as possible, and then eradicated so that any damage or risk to the College, or to our constituents, can be minimized.

30 Security Incidents What constitutes an information security incident?
Examples include, but are not limited to, any event (whether accidental or malicious) that results in: Disclosure of College data to someone unauthorized to access it, Unauthorized alteration of College data, Loss of data that we are legally or contractually bound to protect – or, that support critical College functions, Disrupted information technology service levels, Loss or theft of computers or laptops

31 Report suspected IT security incidents immediately by ing , by completing the appropriate form on the IT website, or by contacting the Chief Technology Officer at or When reporting security incidents, you should provide as much detailed information as possible, including your contact information, the date of the incident and the approximate time of the incident. Please include your name, address and phone number. The Chief Technology Officer maintains a record of all IT security incidents for appropriate follow-up and action. Please note: For incidents involving threats to health or safety or the theft or vandalism of computers or computing devices contact Public Safety at ( ). However, stolen computers must also be immediately reported to IT Services per the procedures above.

32 Summary In today’s digital age, we are increasingly at risk of an information security breach. However, many potential information security incidents can be avoided via secure computing practices, appropriate data stewardship, and adherence to College policies and procedures. Information security and the protection of Albright data and systems is everyone’s responsibility!

Download ppt "Information Security Awareness Training"

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Welcome to the SPH Information Security Learning Module.

Welcome to the SPH Information Security Learning Module.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:

Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Protecting Sensitive Information PA Turnpike Commission.

Protecting Sensitive Information PA Turnpike Commission.

Similar presentations

Ads by Google