Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle."— Presentation transcript:

1 Information Security Steven Hall 21 st Jan 2009

2 Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle University Policies Techniques to prevent ‘Data Loss’ Q & A

3 Why do this now! High Profile Cases from 2007:- Nationwide Building Society fined £1m following the theft of a laptop containing details of 11 million customer. Halifax apologises after 13,000 mortgage details went missing along with a stolen briefcase. Parliament revealed that the personal details of 25 million Britons sent by standard delivery on un-encrypted discs had been "lost in the post". Newcastle University: “No reported loss of confidential data”. YET

4 Information Policy A major loss of confidential information will be very damaging to the University. Management wish to avoid this happening. New Information Policy approved by Executive Board. Formal presentation of an ‘Information Policy’ to be announced shortly.

5 What is Information Electronic Data on computers, disks and tapes Paper based records, notes, exam papers and memos E-mails, passwords, bank details, exam details Types: Confidential and Non-Confidential

6 Confidential Information Any record which contains personal information about a living individual : Questionnaire or other data collected under an understanding of confidentiality. Correspondence or other documents that reveal the contact details or any financial details of a named living individual. Correspondence or other documents which reveal personal details or pass comments on a named living person. Staff personnel records Staff or student discipline or appeal records Student records Grant applications Job applications Interview notes Admissions records Redundancy records Sick pay records Maternity pay records Income tax and National Insurance returns Wages and salary records Accident books and records

7 Non-Confidential Information Mission statements Regulations Published directories Internet websites Published minutes Published reports Press releases Prospectuses Timetables Presentation materials Course guides and outlines Publicity material Blank examination papers (post exam) Theses (accepted) Data which has been wholly anonymised Published surveys Published circulars Generally any record or copy of a record that is already in the public domain e.g.

8 The Effect to You! Possible Financial Implications Embarrassment Repeated work for you Repeated work for others (ME!) Legal Problems Employment Problems SPAM HASSLE

9 The Effect on the University Legal Requirements (Data Protection Act 1998) Reputation “Bad Headlines” (An organisation like Newcastle University would make a national story)

10 How is Information Lost? McAfee Survey Results 2007 Only 23% malicious (65% of this, an inside job!) Only 8% of total loss due to Hacking, Phishing etc 77% an ‘accident’ or ‘only doing my job?’

11 Worst Culprits? Malicious Act Accidents ‘Doing my Job’ Not informed of regulations Sharing passwords Publishing personal e- mails

12 Staff Guidance Communication at start of employment. Communication at end of employment. Think before you disclose personal details. Ask if you are not sure.

13 Passwords! Treat you passwords like a pair of knickers: Have different ones for different purposes. Make them a BIG as possible Change them often Never lend them to your friends

14 E-Mail Phishing the easiest way to get information. You haven’t won a laptop! You won’t get a share in $32 Billion! You haven’t won the Dutch Lottery! You didn’t place that order! Your username and password will never be asked for in an e-mail, no matter who it says it is from!

15 Worst Culprits? Lost Infected Easily Used as ‘Backup’ Lent to others Data Corruptions more common

16 Worst Culprits? Stolen Left at airports, on trains etc Hard disk corruption common Connected to many networks

17 What can we do about it? Laptops and Memory sticks should never have a unique copy of important information. All confidential information should be encrypted. Staff informed of good working practises. Make Sure Laptops are ‘Patched’ (windows update)

18 Hot from the Press!!!!

19 Demonstration of TruCrypt

20 Security Policy Full Policy to be announced soon Information at: http://www.staff.ncl.ac.uk/steven.hall/users.php

21 Q&A Thank You. Steven Hall (xt 6881)

Download ppt "Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Communication is the way information is sent and received Business success depends on clear and effective communications within and between organisations.

Communication is the way information is sent and received Business success depends on clear and effective communications within and between organisations.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Are You Smarter Than a 5 th Grader? 1,000,000 E-MAIL Blog Online Search Kindle? Documents? Backup Virus click here! Downloading Music Expiration Date?

Are You Smarter Than a 5 th Grader? 1,000,000 Blog Online Search Kindle? Documents? Backup Virus click here! Downloading Music Expiration Date?
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Email Basics. 2 Class Outline Part 1 - Introduction –Explaining email –Parts of an email address –Types of email services –Acquiring an email account.

Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Communications. What Is Communication? Communication is the way information is sent and received Business success depends upon clear and effective communications.

Communications. What Is Communication? Communication is the way information is sent and received Business success depends upon clear and effective communications.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Similar presentations

Ads by Google