Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Published byZoe Colton Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement."— Presentation transcript:

1 Security Training Lunch ‘n Learn

2 Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement

3 Threat Analysis  Information security is the responsibility of everyone who works with it  Security is a process not a product  Threats can be both internal and external  Vendor contracts need privacy clauses

4 Threat Analysis Packet sniffing –Collects sensitive data including passwords –Even encrypted passwords can be cracked Code exploits –Buffer overflows –Remote executable Malware –Collection of sensitive data –Distributed Denial of Service attack

5 Threat Analysis Social Engineering –Phishing websites, emails, IMs –Hacker may pose as someone else to gain password Intellectual Property Theft –Research data needs to be secured Identity Theft –Social security numbers and financial information must be secured

6 Malicious Software Virus –Self replicating code that infects a host file –Requires file sharing to spread across network Worm –Stand alone, does not require host –Self propagating through email or IM

7 Malicious Software Trojan horse –Installed along with other software –Opens backdoor or sends sensitive data back to source Spyware –Collects personal information and browsing habits Adware –Creates popups

8 Malicious Software ActiveX/Java applets Bundled with freeware as part of Terms of Agreement Only download from trustworthy sources Peer to Peer filesharing –Can unknowingly share sensitive information –Can accidentally download copyrighted material

9 Legislation Family Educational Rights and Privacy Act (FERPA) –Protects a student academic record –Defines when academic record or directory information can be released without consent Gramm-Leach Bliley Act (GLBA) –Protects the financial information of a person –Consumer must be provided privacy note on yearly basis

10 Legislation Sarbanes-Oxley Act (SOX) –Deals with the accuracy and reliability of a companies financial information Health Insurance Portability and Accountability Act (HIPAA) –Privacy of medical records

11 Legislation New York’s Education Law (Article 1 S-2b) –Restricted use of SSN New York’s Information Security Breach and Notification Act –Individual must be notified if sensitive personal information is compromised

12 Legislation Why are these important? –External auditors have told us to adhere to as many regulations as possible –Many financial regulations are in the process of being applied to higher ed –Our Board of Trustees have insisted on it Information Security Policy Information Security Procedures/Standards

13 Threat Mitigation Access control –Physical security –Authentication, authorization, and accounting –Access control lists –Firewalls –Network Access Control Patch management –Network devices –Servers

14 Threat Mitigation Encryption –SSH, SSL, file level encryption VPN –Creates secure tunnel between external address and internal network –Secures all wireless traffic Barracuda Spam Filter Proper disposal of information –Shredders, DoD level hard disk formatting

15 Desktop Security Separate machine for work and home –Child/spouse may compromise data Strong passwords –Combination of lower case, caps, numbers, and symbols –Do no share password with anyone –Change passwords frequently Always lock machine when not using it –Automated screen saver password

16 Desktop Security Antivirus –Up to date definitions –Real time monitoring Spyware removal tools –Up to date definitions –Frequent scans Personal firewall –Only open ports to necessary services

17 Desktop Security Use Firefox over Internet Explorer if at all possible –Popup blockers Only install software from trusted sources –This includes any ActiveX/Java applets Keep up to date with the latest security patches Ensure screen is not visible to outsiders

18 Mobile Security Try not to store sensitive data locally on mobile machines –Data can be compromised by loss or theft –Encrypt sensitive data that needs to be stored locally Users should cable lock laptops when not in presence –Even in cars, hotel rooms, etc…

19 Mobile Security Never leave a PDA unattended Remote wipe software Encrypt data on portable media

20 Policy Enforcement Our goal is not to punish you for misdeeds but to keep the network clean and the information secure Punitive actions can promote cover ups, denials, and prolongs detection Please contact us immediately if anything appears suspicious Feel free to come to me with any questions

21 Conclusion Questions? Comments? Compliments? Complaints? http://infosecurity.marist.edu/ Justin.Bassignani@marist.edu

Download ppt "Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
Viruses & Destructive Programs

Viruses & Destructive Programs

Similar presentations

Ads by Google