Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author.

Published byLogan Todd Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author."— Presentation transcript:

1 Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Identity Finder and Carnegie Mellon Mary Ann Blair Director of Information Security Information Security Office (ISO) www.cmu.edu/iso

3 Information Security Office www.cmu.edu/iso 3 Overview 1.Background 2.What We Did 3.How We Did It 4.What We Learned 5.What Next…

4 Information Security Office www.cmu.edu/iso 4 Background

5 Information Security Office www.cmu.edu/iso 5 What We Did SSN Remediation Project: local scanning fast tracked after laptop theft Learned from peers! Vendor partnership as a critical selection criterion Enterprise license including home use

6 Information Security Office www.cmu.edu/iso 6 What We Did Voluntary for all faculty, staff, and students Appealed to stewardship Relied on the shock factor Big bang

7 Information Security Office www.cmu.edu/iso 7 How We Did It Customized MSI –Embedded license key –Disabled recycle option –Disabled auto-update Customized user documentation Pre-announced to partners followed by mass mail Surveyed faculty & staff

8 Information Security Office www.cmu.edu/iso 8 Mass Mail: Do your part to prevent Identity Theft Protect Yourself, Others and the University from Identity Theft with Identity Finder! Did You Know? - Your computer might be storing personally identifiable information (PII) such as your Social Security Number, bank account numbers, credit card numbers and passwords without your knowledge - If your computer or external media is lost, stolen or broken into over the Internet, someone might use it to steal your identity and the identities of anyone who shares your computer or whose personal information you might handle - If you store sensitive PII for Carnegie Mellon work and your computer or external media is lost or compromised, the University is obligated under PA state law to notify everyone affected by the breach and could potentially be legally liable - Over eight million Americans have their identities stolen annually and on average victims spend 600 hours clearing their good name -- Federal Trade Commission & Identity Theft Resource Center Do Your Part! Clean Up Sensitive PII on Your Computer with Identity Finder! NOTE: If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making ANY system changes.

9 Information Security Office www.cmu.edu/iso 9 How We Did It http://www.cmu.edu/computing/doc/security/identity/index.html

10 Information Security Office www.cmu.edu/iso 10 How We Did It

11 Information Security Office www.cmu.edu/iso 11Information Security Office www.cmu.edu/iso 11 What we told folks 1/3 1.Know what data is stored on your personal computer. 2.Delete or redact what you don’t absolutely need.

12 Information Security Office www.cmu.edu/iso 12Information Security Office www.cmu.edu/iso 12 What we told folks 2/3 3.Don’t store it on your personal computer especially not on your laptop or home computer. If you must store sensitive data, check with your departmental computing administrator about options to store it on a secured file server, one with robust access control mechanisms and encrypted transfer services.

13 Information Security Office www.cmu.edu/iso 13Information Security Office www.cmu.edu/iso 13 What we told folks 3/3 4.If you must store it on your personal computer: A.Follow the “Securing your Computer guidelines” B.Password protect the file if possible C.Encrypt the file (Identity Finder’s Secure Zip, PGP Desktop or TrueCrypt) D.Only transmit via encrypted protocols E.Secure delete it as soon as feasible F.Reformat and/or destroy your hard drive before disposal or giving your computer to someone else G.Secure your backups and media H.Tell us why so that we can brainstorm alternatives

14 Information Security Office www.cmu.edu/iso 14 What we learned Three Month Adoption Rates * Only 4% of downloads resulted in a completed survey.

15 Information Security Office www.cmu.edu/iso 15 What we heard “Didn't realize info was stored liked it was.” “I would not use it again until a MAC version is available, operating at a more acceptable search rate.” “I think this is an incredible, very valuable tool. THANKS for making it available.” “This was an eye-opener for me. This is a good addition to our set of security tools.” “No, the data on my computer was an oversight on my part. Some of the data existed from a previous employee.” “Some 70 of my 90 passwords were from browsers -- that was a learning experience, but it was not worth the 3 hours for this.”

16 Information Security Office www.cmu.edu/iso 16 What we learned Workloads don’t support volunteerism There is a lot to secure and it’s hard and time-consuming deciding how to do it There are local as well as central retention requirements User requirements must be easy Users expect communication via local channels We have an expert’s blind spot

17 Information Security Office www.cmu.edu/iso 17 What Next… Getting better air cover (top-down) Partnering w/local IT and user groups Pushing installs via AD group policy Offering hands on classroom training Preparing for console functionality Developing Macintosh support Stopping release of SSNs into the wild Developing SSN Usage Policy

18 Information Security Office www.cmu.edu/iso 18 Q&A Please e-mail for additional information. macarr@cmu.edu iso@andrew.cmu.edu

Download ppt "Information Security Office www.cmu.edu/iso 1 Copyright Statement Copyright Mary Ann Blair 2008. This work is the intellectual property of the author."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.

COMPLYING WITH PRIVACY AND SECURITY REGULATIONS Overview MHC Privacy and Security Committee Revised 1/17/11.
CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman 2004. This.

Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.

Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
1 If You Are Me, Then Who Am I? Tips on Identity Theft Prevention California Office of Privacy Protection.

1 If You Are Me, Then Who Am I? Tips on Identity Theft Prevention California Office of Privacy Protection.
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.

Allison Dolan Program Director, Protecting PII Handling Sensitive Data - WISP and PIRN.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.

Similar presentations

Ads by Google