Presentation is loading. Please wait.

Presentation is loading. Please wait.

Email is not secure Email is not secure..

Published byCamron Dawson Modified over 6 years ago

Similar presentations

Presentation on theme: "Email is not secure Email is not secure.."— Presentation transcript:

1 is not secure is not secure.

2 Gary Scott Senior Business Systems Developer
Administrative & Residential Information Technology I’m Gary Scott, a senior business systems developer in ARIT. I’ve been at UCSB for over 4 years, but my real claim to fame is 13 years at Santa Barbara Bank & Trust. There I worked in software development and information security. Banks have to be secure, by law. I’ve learned a thing or two during my time there.

3 The Cloud This is the cloud in all its awesome glory.

4 The Cloud But really it is a dark and gloomy place.

5 Full of lions and bears. Surprisingly... no tigers.

6 Here is the cloud again. I’m going to walk you thru how many web apps operate including several here at UCSB. The customer is up there on the left and our servers are down there on the right. A big dark cloud in between.

7 Customers want to communicate with us thru this dark scary cloud.

8 But we can use encryption to keep that conversation safe
But we can use encryption to keep that conversation safe! They send us private information and no one can see it. We protect their privacy.

9 The web app stores that private information but then creates an email with that same information.

10 Then sends it to the customer.

11 In the clear as plain text.

12 For any big-eyed dude in the cloud to see.

13 Those dudes could be gangstas
Those dudes could be gangstas. We don’t know what nefarious purpose these folks have for that data. Probably identity theft, maybe social engineering. Anyways, they should not have it! So all the data we protected by the secured web connection was just compromised by sending it back out in an unencrypted . Why did we even bother putting encryption on the site in the first place. Well at least we protected their password, so we have have that going for us.

14 University of California, Office of the President Office of Ethics, Compliance and Audit Services
has a page: Privacy principles & practices at UC at this url: with ... UCOP office of ethics, compliance, and audit services has a web page titled, “Privacy principles and practices at UC” which contains....

15 RULES OF CONDUCT FOR UNIVERSITY EMPLOYEES INVOLVED WITH INFORMATION REGARDING INDIVIDUALS
A. Employees responsible for the collection, maintenance, use, and dissemination of information about individuals which relates to their personal life, including their employment and medical history, financial transactions, marital status and dependents, shall comply with the provisions of the State of California Information Practices Act. B. Employees shall not require individuals to disclose personal or confidential information about themselves which is not necessary and relevant to the purposes of the University or to the particular function for which the employee is responsible. C. Employees shall make every reasonable effort to see that inquiries and requests by individuals for their personal or confidential records are responded to quickly, courteously, and without requiring the requester to repeat the inquiry to others unnecessarily. D. Employees shall assist individuals who seek information pertaining to themselves in making their inquiries sufficiently specific and descriptive so as to facilitate locating the records. E. Employees shall not disclose personal or confidential information relating to individuals to unauthorized persons or entities. The intentional disclosure of such information to such persons or agencies may be cause for disciplinary action. F. Employees shall not seek out or use personal or confidential information relating to others for their own interest or advantage. The intentional violation of this rule may be cause for disciplinary action. G. Employees responsible for the maintenance of personal and confidential records shall take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of records containing personal or confidential information. Rules of conduct for university employees involved with information regarding individuals. There are three sections I want to point out to you.

16 A. Employees responsible for the collection, maintenance, use, and dissemination of information about individuals which relates to their personal life, including their employment and medical history, financial transactions, marital status and dependents, shall comply with the provisions of the State of California Information Practices Act. Reference (State of California Information Practices Act): ode=CIV&division=3.&title=1.8.&part=4.&chapter=1. Section A. Lists out some types of data. There is the reference to the law, I looked it up.

17 E. Employees shall not disclose personal or confidential information relating to individuals to unauthorized persons or entities. The intentional disclosure of such information to such persons or agencies may be cause for disciplinary action. Section E. We know that is sent in the clear, or at least you know now. We don’t know who is intercepting that . I say sending an with personal information is intentional disclosure.

18 G. Employees responsible for the maintenance of personal and confidential records shall take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of records containing personal or confidential information. Section G speaks to me as an IT professional. I don’t want to take business requirements that say to send personal info in an .

19 What can you do? Review each system that sends email.
Identify the systems that send personal information. Craft generic confirmation s “Thank you for submitting XYZ”. Update those systems to send the new copy. Action items!

20 B. Employees shall not require individuals to disclose personal or confidential information about themselves which is not necessary and relevant to the purposes of the University or to the particular function for which the employee is responsible. I also want to point out section B. Think about the information you ask for. Don’t collect it if you don’t need. If we don't have it, we can't lose it.

21 Thank You There is no cloud. It’s just someone else’s computer. Thank you!

Download ppt "Email is not secure Email is not secure.."

Similar presentations

Overview of the Privacy Act

Overview of the Privacy Act
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.
Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.

Computer and Ethics. Ethical Problems Proliferation of computers and their networks have created new ethical problems The ACM has issued a Code of Ethics.
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
MAINTAINING PRIVACY & DATA SECURITY IN THE VIRTUAL PRACTICE OF LAW.

MAINTAINING PRIVACY & DATA SECURITY IN THE VIRTUAL PRACTICE OF LAW.
Introduction to Computer Security PA Turnpike Commission.

Introduction to Computer Security PA Turnpike Commission.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Similar presentations

Ads by Google