Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security.

Published byBlaise Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security."— Presentation transcript:

1 Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

2 Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

3 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20103 Overview Information Security We must meet strict confidentiality standards for certain information We must safeguard business/confidential information we deal with day-to-day Policy is intended to help us protect information we deal with, handle it responsibly and keep it confidential Policy is based on — Prudent and responsible business practices Contractual obligations Laws and regulations

4 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20104 Electronic ID and Passwords Confidential information must remain secure at all times Access to confidential information is granted on "need- to-know“ basis You have level of access needed to perform your job duties User ID/password is your electronic identity Protect your password at all times — even from your co-workers Lost/stolen password can compromise confidentiality and lead to identity theft

5 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20105 Pop Quiz! Roz hates to think of passwords and makes her latest password "u9gi'y/8o" by just letting her fingers glide over the keyboard randomly. Is this password strong or weak? A.Strong. B.Weak.

6 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20106 Avoiding Identity Theft To avoid identity theft — Memorize passwords — don't write them down Use password that is not immediately associated with you Make password hard to crack Never let anyone "borrow" your password People who use your password to access organization’s information are intruders who should be reported to your supervisor or IT Department

7 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20107 Avoiding Identity Theft (cont’d) To avoid identity theft — Memorize passwords — don't write them down Use password that is not immediately associated with you Make password hard to crack Never let anyone "borrow" your password People who use your password to access Company information are intruders who should be reported to your supervisor or IT Department

8 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20108 Information Classification Information is divided into four classes: Restricted — e.g., passwords Confidential — protected health information; personal, confidential and business-confidential information Internal — personal and business information for internal use only Public Restricted and confidential information must be encrypted. Confidential information must not be left unattended on fax machines, desktops or computer screens. Business confidential information must not be disclosed to anyone who has not signed a nondisclosure agreement

9 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/20109 Special Note…

10 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201010 Computer Viruses and Hoaxes Computer viruses, worms and Trojan horses can damage our information assets Contact IT Department immediately if you think your computer is infected Malicious code infects computer networks through — E-mail attachments CD-ROMs or other storage media Downloads from the Internet Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

11 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201011 Computer Viruses and Hoaxes (cont’d) Computer viruses, worms and Trojan horses can damage our information assets Contact IT Department immediately if you think your computer is infected Malicious code infects computer networks through — E-mail attachments CD-ROMs or other storage media Downloads from the Internet Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

12 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201012 Using Our E-Communication Systems Our e-communication systems are to be used primarily for conducting Company business You should have no expectation of privacy when using them Activities prohibited on our e-communication systems: Pornography, obscene material or offensive language Excessive personal use Inappropriate comments about characteristics protected by law Material that would reflect poorly on the Company Other content that violates any law or regulation

13 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201013 Extra E-mail Precautions Keep these e-mail precautions in mind: Spam — delete junk-mail received your work e-mail account Questionable attachments — be careful about opening attachments unless you know sender and contents of attachment

14 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201014 Workspace Security Workspace-security tips: Beware of "Tailgaters" in Secure Facilities Don't hold a door open for strangers Report incidents of unauthorized entry to security Protect Your Work Area Secure all media containing confidential information when not in use Shred confidential/sensitive information that you need to dispose of Use screensavers with passwords Lock your computer when you are away from it

15 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201015 In the news…

16 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201016 Social Engineering There are many low-tech ways — called social engineering — used to gain unauthorized access to confidential information: Impersonating an authorized person online, by phone or even in person Coaxing information out of employees by preying on their trust, charming them or flirting Rigging the system, offering to "fix it," then accessing passwords in the course of repairing it Entering work area and looking over people's shoulders to see passwords Sifting through unshredded documents in trash

17 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201017 Pop Quiz! Sean took some work home with him. He decided to clean out his briefcase and dispose of some old memos and an out dated employee phone list in the recycling bin behind his apartment building. Sean didn't bother shredding any of the old paperwork because he was sure it contained no confidential information. Were there any security concerns here? A.No, if he was sure that the documents contained no confidential information. B.Yes, because the information could be useful to hackers. C.Maybe, if the documents contained information that was not totally out of date.

18 Copyright© 2010 WeComply, Inc. All rights reserved. 8/11/201018 Business Continuity Plans Business Continuity Plans are designed to prevent or reduce downtime in event of catastrophe You are responsible for — Reviewing/understanding your department's BCP and making necessary preparations Backing up and storing information assets in authorized manner Knowing location of fire exits and escape routes Having alternate method of coming to work

19 Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Final Quiz

20 Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Questions?

21 Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Thank you for participating! This course and the related materials were developed by WeComply, Inc. and the Association of Corporate Counsel.

Download ppt "Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
System Security & Patient Confidentiality General Lesson 1.

System Security & Patient Confidentiality General Lesson 1.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
Online Course START Click to begin… Module 2 General Information Security.

Online Course START Click to begin… Module 2 General Information Security.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Copyright© 2011 WeComply, Inc. All rights reserved. 5/17/2015 FERC Standards of Conduct.

Copyright© 2011 WeComply, Inc. All rights reserved. 5/17/2015 FERC Standards of Conduct.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Information Security Awareness:

Information Security Awareness:
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Similar presentations

Ads by Google