Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.

Similar presentations


Presentation on theme: "Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle."— Presentation transcript:

1 Information Security Steven Hall 21 st Jan 2009

2 Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle University Policies Techniques to prevent ‘Data Loss’ Q & A

3 Why do this now! High Profile Cases from 2007:- Nationwide Building Society fined £1m following the theft of a laptop containing details of 11 million customer. Halifax apologises after 13,000 mortgage details went missing along with a stolen briefcase. Parliament revealed that the personal details of 25 million Britons sent by standard delivery on un-encrypted discs had been "lost in the post". Newcastle University: “No reported loss of confidential data”. YET

4 Information Policy A major loss of confidential information will be very damaging to the University. Management wish to avoid this happening. New Information Policy approved by Executive Board. Formal presentation of an ‘Information Policy’ to be announced shortly.

5 What is Information Electronic Data on computers, disks and tapes Paper based records, notes, exam papers and memos E-mails, passwords, bank details, exam details Types: Confidential and Non-Confidential

6 Confidential Information Any record which contains personal information about a living individual : Questionnaire or other data collected under an understanding of confidentiality. Correspondence or other documents that reveal the contact details or any financial details of a named living individual. Correspondence or other documents which reveal personal details or pass comments on a named living person. Staff personnel records Staff or student discipline or appeal records Student records Grant applications Job applications Interview notes Admissions records Redundancy records Sick pay records Maternity pay records Income tax and National Insurance returns Wages and salary records Accident books and records

7 Non-Confidential Information Mission statements Regulations Published directories Internet websites Published minutes Published reports Press releases Prospectuses Timetables Presentation materials Course guides and outlines Publicity material Blank examination papers (post exam) Theses (accepted) Data which has been wholly anonymised Published surveys Published circulars Generally any record or copy of a record that is already in the public domain e.g.

8 The Effect to You! Possible Financial Implications Embarrassment Repeated work for you Repeated work for others (ME!) Legal Problems Employment Problems SPAM HASSLE

9 The Effect on the University Legal Requirements (Data Protection Act 1998) Reputation “Bad Headlines” (An organisation like Newcastle University would make a national story)

10 How is Information Lost? McAfee Survey Results 2007 Only 23% malicious (65% of this, an inside job!) Only 8% of total loss due to Hacking, Phishing etc 77% an ‘accident’ or ‘only doing my job?’

11 Worst Culprits? Malicious Act Accidents ‘Doing my Job’ Not informed of regulations Sharing passwords Publishing personal e- mails

12 Staff Guidance Communication at start of employment. Communication at end of employment. Think before you disclose personal details. Ask if you are not sure.

13 Passwords! Treat you passwords like a pair of knickers: Have different ones for different purposes. Make them a BIG as possible Change them often Never lend them to your friends

14 E-Mail Phishing the easiest way to get information. You haven’t won a laptop! You won’t get a share in $32 Billion! You haven’t won the Dutch Lottery! You didn’t place that order! Your username and password will never be asked for in an e-mail, no matter who it says it is from!

15 Worst Culprits? Lost Infected Easily Used as ‘Backup’ Lent to others Data Corruptions more common

16 Worst Culprits? Stolen Left at airports, on trains etc Hard disk corruption common Connected to many networks

17 What can we do about it? Laptops and Memory sticks should never have a unique copy of important information. All confidential information should be encrypted. Staff informed of good working practises. Make Sure Laptops are ‘Patched’ (windows update)

18 Hot from the Press!!!!

19 Demonstration of TruCrypt

20 Security Policy Full Policy to be announced soon Information at: http://www.staff.ncl.ac.uk/steven.hall/users.php

21 Q&A Thank You. Steven Hall (xt 6881)


Download ppt "Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle."

Similar presentations


Ads by Google