Download presentation
Presentation is loading. Please wait.
Published byAmbrose Shelton Modified over 9 years ago
2
INFORMATION SECURITY
3
WHAT IS IT?
4
Information Security The protection of Information Systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. Reference- NSTISSI 4009
5
In other words… The Protection of of university information Availability Confidentiality Integrity
6
The Need for Security Education Many users believe they have nothing of importance on their computer This belief is false! Even if your machine doesn’t contain important information, your machine may still be used by intruders or unauthorized persons to access other machines on the network that do contain important information.
7
Many believe technology can solve security problems The Need for Security Education Again false! Technology is ever changing; therefore, it is only as good as the people that use it
8
The Need for Security Education Internal Threat vs. External Threat Most are aware of external threats but internal threats are even more of a security problem because most wrong- doers already have access and are not easily detected
9
Top Security Mistakes Opening email attachments from unknown sources Unsecured work space Leaving computers on and unattended Poor password management Lack of anti-virus protection Out of date patches/updates Unsecured laptops; PDAs Lax physical security Throwing sensitive data in the trash Using default system configurations
10
USC War Stories
11
Employee steals emails from department server then posts derogatory messages about other employees Employee leaves computer on overnight causing 6 computers containing sensitive data in the building to become compromised Employee disciplined for telephone misuse gains access to monthly telephone bills and alters them to cover-up long distance calls Employee uses procurement card to purchase personal items in excess of $1800 Employee and temporary worker involved in check fraud Ex-Spouse gains access to employee workplace vandalizing and stealing personal property
12
So, do you think information security doesn’t apply to you?
13
THINK AGAIN!
14
What Information Needs Protection? Do you use any of these forms of information to perform your job functions? Budget information Financial data/transactions Student records Faculty/Staff personal information SSNs Loan documents Intellectual property
15
If so, then just ask yourself… What if this information is lost or stolen?
16
If so, then just ask yourself… What if someone sees this information who should not have access to it?
17
If so, then just ask yourself… Would either of these scenarios be a problem for you or your supervisor?
18
When you leave home you… Secure your house Right?
19
When you leave your car you… Lock the doors Right?
20
Well, What About Work? Protect the university Protect yourself =
21
Or… Protect university information just as you would your personal information
22
What can you do to protect university information? Lock doors and cabinets Don’t leave sensitive information in open view
23
Lock Your Computer You never know who may enter your office while you step away from your desk Protects the confidentiality of your data from: unauthorized viewing unauthorized use What can you do to protect university information? Tips: Use password protected screen savers Press ctrl + alt + delete then enter (PC)
24
Don’t leave sensitive data in your car! An employee working in the financial department trying to meet a deadline decided to take her work home. Before going home, she stopped off at the grocery store. To her dismay, she came out of the store to find her car had been stolen! What can you do to protect university information? Properly secure information taken outside of the office!
25
Protect Your Password NEVER SHARE! Don’t post-it! Don’t use default passwords At least 8 characters in length (letters, numbers and caps) Meaningful but not easily guessed What can you do to protect university information?
26
REMEMBER, EMAIL IS NOT A SECURE MEANS OF COMMUNICATION! Do not forward emails: With suspicious or virus attachments From unknown sources Containing personal information Containing sensitive/confidential data
27
What else can you do to protect university information? Maintain an inventory of technology-related assets Refrain from speaking in public places about sensitive/confidential information Use your anti-virus software Patch and update your system regularly Follow document retention procedures Secure laptops and PDAs Secure your workspace Report security violations
28
Each of us has a responsibility to treat information responsibly!
29
InfoSec Policies The Office of Information Security in conjunction with the Information Security Working Group and Information Security Liaison Committee are currently writing information security policies addressing many of these areas. These policies are being developed to assist you in making sure you and your environment are secure.
30
Do you need additional assistance? Pleasecall the USC Office of Information Security at: Do you need additional assistance? Please call the USC Office of Information Security at: 213.743-4900 or e-mail us at infosec@usc.edu
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.