Presentation is loading. Please wait.

Presentation is loading. Please wait.

Good Computer Security Practices Basic Security Awareness September 10, 2007 School of Nursing Office of Academic and Administrative Information Systems.

Published byDomenic Welch Modified over 10 years ago

Similar presentations

Presentation on theme: "Good Computer Security Practices Basic Security Awareness September 10, 2007 School of Nursing Office of Academic and Administrative Information Systems."— Presentation transcript:

1 Good Computer Security Practices Basic Security Awareness September 10, 2007 School of Nursing Office of Academic and Administrative Information Systems (OAAIS) EIS Security Awareness Training and Education (SATE) Program

2 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Overview What is Information and Computer Security? “Top 10 List” of Good Computer Security Practices Protecting Restricted Data Reporting Security Incidents Additional Resources

3 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 What is Information and Computer Security?

4 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 … the protection of computing systems and the data that they store or access. Desktop computersConfidential data Laptop computersRestricted data ServersPersonal information BlackberriesArchives Flash drivesDatabases

5 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Isn’t this just an IT Problem? Why do I need to learn about computer security? Everyone who uses a computer needs to understand how to keep his or her computer and data secure.

6 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 10% of security safeguards are technical 90% of security safeguards rely on us – the user - to adhere to good computing practices Good security practices follow the “90/10” rule

7 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Embarrassment to yourself and/or the University Having to recreate lost data Identity theft Data corruption or destruction Loss of patient, employee, and public trust Costly reporting requirements and penalties Disciplinary action (up to expulsion or termination) Unavailability of vital data What are the consequences of security violations?

8 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 “Top Ten List” Good Computer Security Practices

9 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 1.Don’t keep restricted data on portable devices. 2. Back-up your data. Make backups a regular task, ideally at least once a day. Backup data to removable media such as portable hard drives, CDs, DVDs, or a USB memory stick. Store backup media safely and separately from the equipment. Remember, your data is valuable… don’t keep your backups in the same physical location as your computer!

10 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Data Backups How effective would you be if your email, word processing documents, excel spreadsheets and contact database were wiped out? How many hours would it take to rebuild that information from scratch?

11 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 3. Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them!

12 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 4. Make sure your computer has anti- virus, anti-spyware and firewall protection as well as all necessary security patches. 5. Don’t install unknown or unsolicited programs on your computer. “ I ’ ll just keep finding new ways to break in! ”

13 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 6. Practice safe e-mailing ~ Don’t open, forward, or reply to suspicious e- mails Don’t open e-mail attachments or click on website addresses Delete spam Use UCSF’s secure e-mail system to send confidential information ~ Subject: Secure:_ (http://its.ucsf.edu/information/applications/exchange/secure_email.jsp)http://its.ucsf.edu/information/applications/exchange/secure_email.jsp

14 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do? a) Follow the instructions b) Open the e-mail attachment c) Reply and say “take me off this list” d) Delete the message e) Contact OAAIS Customer Support

15 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do? a) Follow the instructions b) Open the e-mail attachment c) Reply and say “take me off this list” d) Delete the message e) Contact OAAIS Customer Support d) Delete the e-mail message! e) Contact OAAIS Customer Support for further instructions – but do not open, reply to, or forward any suspicious e-mails!

16 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Your sister sends you an e-mail at school with a screen saver attachment. What should you do? a) Download it b) Forward the message c) Call a tech-savvy friend to help install it d) Delete the message

17 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Your sister sends you an e-mail at school with a screen saver attachment. What should you do? a) Download it b) Forward the message to a friend c) Call a tech-savvy friend to help install it d) Delete the message d) Delete it! Never put unknown or unsolicited programs or software on your computer. Screen savers may contain viruses.

18 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 7. Practice safe Internet use ~ Accessing any site on the internet could be tracked back to your name and location. Accessing sites with questionable content often results in spam or release of viruses. And it bears repeating… Don’t download unknown or unsolicited programs!

19 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 8. & 9. Physically secure your area and data when unattended ~ Secure your files and portable equipment - including memory sticks. Secure laptop computers with a lockdown cable. Never share your ID badge, access codes, cards, or key devices (e.g. Axiom card)

20 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 10. Lock your screen For a PC ~ OR For a Mac ~ Configure screensaver with your password Create a shortcut to activate screensaver Use a password to start up or wake-up your computer.

21 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Which workstation security safeguards are YOU responsible for following and/or protecting? a) User ID b) Password c) Log-off programs d) Lock up office or work area (doors, windows) e) All of the above

22 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Which workstation security safeguards are YOU responsible for following and/or protecting? a) User ID b) Password c) Log-off programs d) Lock-up office or work area (doors, windows) e) All of the above ALL OF THE ABOVE!

23 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do? a) Show a faculty member or other students b) Unplug network cable c) Unplug your mouse d) Report the incident to whomever supports your computer and isecurity@ucsf.edu if it happens while you’re on campusisecurity@ucsf.edu e) Turn your computer off f) Run anti-virus software g) All of the above

24 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 The mouse on your computer screen starts to move around on its own and click on things on Your desktop. What do you do? This is a security incident! Immediately report the problem to whomever supports your computer, and to isecurity@ucsf.edu if the incident occurs while you are on the UCSF campus or on a UCSF system. isecurity@ucsf.edu Since it is possible that someone is controlling the computer remotely, it is best if you can unplug the network cable until you can get help.

25 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 What can an attacker do to your computer? a) Hide programs that launch attacks b) Generate large volumes of unwanted traffic, slowing down the entire system c) Distribute illegal software from your computer d) Access restricted information (e.g. identity theft) e) Record all of your keystrokes and get your passwords

26 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 What can an attacker do to your computer? a) Hide programs that launch attacks b) Generate large volumes of unwanted traffic, slowing down the entire system c) Distribute illegal software from your computer d) Access restricted information (e.g. identity theft) e) Record all of your keystrokes and get your passwords ALL OF THE ABOVE! A compromised computer can be used for all kinds of surprising things.

27 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Protecting Restricted Data

28 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Restricted data includes, but is not limited to: Name or first initial and last name Health or medical information Social security numbers Ethnicity or gender Date of birth Financial information (credit card number, bank account number) Proprietary data and copyrighted information Student records protected by FERPA Information subject to a non-disclosure agreement

29 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Managing Restricted Data Know where this data is stored. Destroy restricted data which is no longer needed ~ shred or otherwise destroy restricted data before throwing it away erase/degauss information before disposing of or re-using drives Protect restricted data that you keep ~ back-up your data regularly

30 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Reporting Security Incidents

31 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 Immediately report anything unusual, suspected security incidents, or breaches to whomever supports your computer, or OAAIS if it involves a UCSF system. If you need to contact OAAIS Customer Support: Dial 1-415-514-4100 (Option 1 for Medical Center, Option 2 for Campus) web: http://help.ucsf.edu/email: itscs@its.ucsf.eduhttp://help.ucsf.edu/itscs@its.ucsf.edu Loss or theft of any computing device at UCSF MUST be reported immediately to the UCSF Police Department. Dial 1-415-476-1414. Report lost or stolen laptops, blackberries, PDAs, cell phones, flash drives, etc.

32 OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program http://isecurity.ucsf.edu or 415.514-3333 ADDITIONAL RESOURCES OAAIS Enterprise Information Security Security Awareness, Training, and Education Security Policies and Guidelines 415-514-3333 http://isecurity.ucsf.edu/ isecurity@its.ucsf.edu To schedule a training session contact Tiki Maxwell, SATE Manager 415-514-1363 or 415-502-3982 tmaxwell@its.ucsf.edu Customer Support for general questions and information 415-514-4100 (Option 1 for Medical Center, Option 2 for Campus) web: http://help.ucsf.edu/email:itsscs@its.ucsf.eduhttp://help.ucsf.edu/itsscs@its.ucsf.edu

Download ppt "Good Computer Security Practices Basic Security Awareness September 10, 2007 School of Nursing Office of Academic and Administrative Information Systems."

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
Basic Privacy and Security HIPAA Training

Basic Privacy and Security HIPAA Training
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
BE CYBER SAFE Office of Information Technology Information Security Department 2011-2012 1 Security Awareness Top Security Issues.

BE CYBER SAFE Office of Information Technology Information Security Department Security Awareness Top Security Issues.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
For further information computersecurity.wlu.ca

For further information computersecurity.wlu.ca
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Information Security Awareness:

Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

Similar presentations

Ads by Google