Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information."— Presentation transcript:

1 Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information

2 Leaders’ Forum – March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information Today’s Speakers: Arni Stinnissen, Detective Staff Sergeant, Electronic Crimes Section OPP Debbie Jones, Director of Information Technology, Western

3 The Internet: Friend or Foe? Arni Stinnissen

4 e-Crime Mandate  provide technology investigative expertise in the areas of conducting forensic computer searches  conduct traditional investigations in which computers are being used as a tool  investigate computer crime as defined in the Criminal Code  and act as consultants in investigations where technology is being used to further a crime.

5 New Challenges to Courts  Speed of the Internet/no borders  Mass storage  Understanding digital technology  Non-Internet Specific laws

6 The Computer as the Suspect, Victim and Witness  Where computer has documents, records, or pictures that are evidence of an offence  Murder/Suicide journals, letters, e-mails kept on a computer  Drug Trafficking debt lists, customer lists, suppliers  Child Pornography pictures stored on computer

7 Privacy on the Internet

8 E-Commerce  E-Banking based on 128 bit encryption via Internet  Vulnerable when dormant  Trojan horse intrusion

9 ON-LINE Identity theft  What do you need for identity?  Dumpster diving/Recycling bins  The Web Birth Certificates SIN#’s

10 Identity theft  Anti-Phishing.org December reportDecember report  Real Site Real Site  Phished Site Phished Site  Sample

11 Virtual Communities  Myspace.com

12 Safety and Security  Firewalls  Viruses  Software Patches

13 Questions? D/S/Sgt. A.K. Stinnissen (705) 329-6441

14 IT Security @ Western is a shared responsibility Debbie Jones Director, Information Technology Services

15 Photos courtesy Flickr.com

16 Western’s Layered Security

17 Gateway Routers Provides routing and denial of routing by IP or port Block certain Denial of Service attacks Block port based scans –Blocks attacks against specific ports such as email, some microsoft ports and sql database ports

18 Gateway Intrusion Protection Can block or log traffic by IP, port, pattern or protocol First line of defense against new viruses Identifies certain traffic patterns and automatically blocks Detects and automatically blocks on-campus and off-campus scanning or network problems

19 Firewall Registered Services –Restrict what machines on campus receive special traffic (email, ftp, http, database requests..) Ensure protocol integrity Allows for fine grained rules for accepting or rejecting specific types of traffic Customizable for different networks on campus

20 Trend Antivirus Email Scanner Rejects certain types of attachments that are high risk of carrying malicious code Detects viruses in incoming emails and strips the virus attachment off

21 Anti Spam Technology Spam can be a nuisance (like junk mail), or a threat laced with viruses, malware, phishing or links to unsavoury web sites Western’s spam control –Of the 8.3 million email connections per week, 68% were rejected and a further 5% were tagged as SPAM

22 Spam Tagging

23 Ramp Provides locking and unlocking of infected systems on campus Provides the setting of service specific protection Provides systems administrators with a quarantined network for new or infected machines Provides systems administrators access to security scans

24 Trend Antivirus Anti-Spyware Campus wide license Protects PC’s from known viruses and malware ITS Server automatically updates 4,800 PCs at Western 8 servers in other areas update another 3,000 PCs PC-cillin is on 7,000 home computers and 5,000 residence computers

25 Operating System Patches Operating Systems are vulnerable and hackers continually find new ways of ‘sneaking in’ Patches close the vulnerabilities to prevent them from being exploited by hackers and worms ITS server automatically sends patches to over 5,000 desktops on campus

26 Protecting Western ITS Network Security office nso@uwo.ca –Responsible for maintaining a secure and stable network and data infrastructure for campus. –Implements and supports the ‘many layers’ of protection –Monitors network activity for anomalies and deals with problems –Responds to security incidents or calls for help –Makes new tools available to campus ITS Computer Wellness Clinics –Laptops and computers may be brought to the clinic to be cleaned of viruses and malware (by appointment, weekdays 8:30-4:30) –Book an appointment by emailing computer.wellness@uwo.ca System Administrators all around campus –All of the heros across campus that maintain and protect computers with appropriate anti-virus software and security patches.

27 Working Group on Information Security (WGIS) Members provide broad expertise and input into IT Security Issues Graduate studentsCampus system administrators Faculty members Information Technology Services USCPeopleSoft Resource Group Office of the RegistrarsHousing Internal AuditCampus Police General Counsel Research Services Human Resources Communications and Public Affairs Terms of reference include: –Responsibility for drafting and recommending IT security policies –Responsibility for IT security awareness on campus started “ Computer Wellness Campaign” last September

28 Western Policies Provides structure Establishes campus wide practices and understanding Clarifies roles Assigns responsibility Empowers Information Technology Services, Unit Heads and Systems Administrators to protect the network integrity and security

29 Excerpts - Computing Resources Policy Information Technology Services shall be responsible for establishing, maintaining, implementing, administering, and interpreting organization-wide information systems security standards, guidelines, and procedures. Unit Heads, including Directors, are responsible for ensuring that security policy is implemented within the unit. System Administrators will work closely with ITS and ensure that systems they administer are operated in accordance with all applicable Information Security Standards and Policies Any person, group, or custodian accessing University information must recognize the responsibility to preserve the security and confidentiality of this information.

30 Computer Wellness Campaign 1.Website http://wellness.uwo.ca 2.Posters in Middlesex College, USC, Office of the Registrar, Libraries, Genlabs, all Food Services Areas & Residences 3.Poster set as background in the Genlabs & the Sun Rays in the Western Libraries. 4.Film Western airing the poster at the beginning of each film. 5.CHRW Audiozine and advertisements 6.Mass Mailer sent to all Western Students, Staff & Faculty 7.Articles in the Western News and Gazette 8.Links off http://www.uwo.ca

31

32

33

34

35

36

37

38

39 Western’s Layered Security

40 How can you protect Western?

41 Understand the policies and best practices Read the Security related policies and best practices at http://www.uwo.ca/univsec/mapp/ –MAPP 1.13 Code of Behaviour for use of Computing Resources –MAPP 1.20 Computing Resources Security –MAPP 1.21 Wireless Networking Policy Visit the Computer Wellness Site at http://wellness.uwo.ca for more information

42 How can you protect Western? Ensure your system is protected Your system should always be protected with the latest anti- virus software and security patches. Think of it as a seatbelt and…. Buckle up! Know who is responsible and can help you if the system is not protected or has been compromised (or locked off the network)

43 How can you protect Western? Don’t download freeware at work It may not be as ‘free’ as you think. Spyware, malware, trojans & keystroke loggers are often hidden within ‘freeware’. Remember Don’t take gifts from strangers! If you need additional software installed, contact your Systems Administrator for assistance

44 How can you protect Western? Don’t surf suspicious websites Limit your web surfing to known University or commercial websites. Always X out, don’t click ‘OK’ or ‘NO’ or ‘unsubscribe’ Practice safe and responsible surfing

45 How can you protect Western? Use strong passwords Keep your passwords in a secure place Avoid common words: hackers can crack dictionary passwords Passwords are like underwear –They protect privacy –They should never be shared –The longer, the better

46 How can you protect Western? Protect the data you use Think before storing, publishing or sharing data –Is the data sensitive? –Does it need to be portable? –Who should see it? –How have you protected it so that only those that should see it have access? Mobile data on laptops and USB keys is at risk - Leave it, Lose it.

47 How can you protect YOUR information? Recognize phishing and don’t fall for it Phishing can come through emails or web sites Phishers are getting better, scams are getting trickier to detect Be suspicious when personal or private information is involved and Don’t Get Phished When in doubt, ask

48 And let’s not forget your Home Computer!

49 What’s next? It’s the Internet - Expect the unexpected

50 Thank you! Arni Stinnissen - Arni.Stinnissen@jus.gov.on.ca Debbie Jones - debbie@uwo.ca Questions? computer.wellness@uwo.ca http://wellness.uwo.ca

51 Leaders’ Forum – March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information Table Dialogue: Take 15 minutes to 1.Discuss what stood out for you 2.Formulate a question to pose to Arni or Debbie

52 Leaders’ Forum – March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information Paul Davenport (President and ViceChancellor) - Reflections…

53 Leaders’ Forum – March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information Leaders’ Role: Inform staff Establish safeguards Approve data access Deal with security violations Communicate to HR, ITS, etc. any staff changes that affect access Create a contact list of people responsible for all computers in your area Identify to ITS your technical contact (System Administrator) and a supervisory contact

54 Leaders’ Forum – March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information …Next Steps To Support Your Leadership Role: See your “Meeting in a Bag” kit -- some resources for ensuring your unit teams know about the risks, ways to minimize them, and their accountabilities. Thank you for your leadership in keeping Western’s data, Western’s work, and Western’s people safe!

55 Leaders’ Forum – March 16, 2006 Thank You… Computer Wellness Committee Elgin Austen Jim Dunkin Wendy Kennedy Scott May Geoff Pimlatt Peggy Roffey Ellen Smout

56 Leaders’ Forum – March 16, 2006 Thank you… Forum Facilitators: Carol AbrahamStephanie Hayne Jennifer AshendenBrian Jeffs Krys ChelchowskiRuta Lawrence Chris CostelloScott May Debra DawsonGraham Newbigging Frank DeGursePeggy Roffey Andrew FullerMalcolm Ruddock Paul GreenwoodNancy Stewart Lori GribbonGlen Tigert Nancy GriffithsPeggy Wakabayashi

57 Leaders’ Forum – March 16, 2006 Next Leaders’ Forum April 27, 2006, 12:00-2:00 p.m Great Hall

Download ppt "Leaders’ Forum, March 16, 2006 The Invisible Risk: Leaders’ Role in Protecting Western’s Electronic Information."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google