Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

Published byRosalind Kelly Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information."— Presentation transcript:

1 Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager

2 Information Systems Security Why? Information Systems Security has become a significant concern for the reputation of our institution due to increasing threats. We must therefore make special efforts to:  protect Queen’s administrative, teaching, research, and personal and confidential systems and information;  enable Queen’s staff, faculty, students and researchers to perform their computing activities securely in support of the mission of the University; and  adhere to increasing regulatory and compliance requirements (privacy legislation such as FIPPA, PHIPA, etc).

3 Today’s Growing & Changing Threat Model Increased number and changing nature of attacks: Source: Gartner Dataquest

4 Why Do I Need To Know About Information Security ? Consider these real world scenarios: Scenario #1: A faculty member/researcher calls IT support to say they lost their research data due to a hack.

5 Why Do I Need To Know About Information Security ? Scenario #2: A faculty member/clinician wants to know how to remove a virus/Trojan from his/her system or lab computers.

6 Why Do I Need To Know About Information Security ? Scenario #3: A faculty member is doing research using data related to human subjects. The dataset contains personal and confidential information. The faculty member/researcher wants to know how to protect the system or application he/she is building to avoid issues with data integrity, confidentiality, and legal liability under PHIPA.

7 Why Do I Need To Know About Information Security ? Scenario #4: A faculty member/researcher/physician wants to know how to protect sensitive patient data on their laptop while they travel. Privacy requirements as per Queen’s policy, Office of the Privacy Commissioner and FIPPA is to encrypt personal data.

8 Why Do I Need To Know About Information Security ? Scenario #5: A faculty member used their dog’s name, “Poodle”, as the password for their Queen’s NetID. Weak passwords can be cracked very easily nowadays.

9 Why Do I Need To Know About Information Security ? Scenario #6: A faculty member responds to a hoax or phishing email by providing their user ID and password, making them vulnerable to identity theft.

10 Why Do I Need To Know About Information Security ? Scenario #7: ITServices gets notified by an external party (e.g. bank or government agency) that a Queen’s computer system has been compromised and is being used for malicious purposes (SPAM and other forms of computer attacks such as phishing). A review reveals that the computer system belongs to a faculty member and that the system has been compromised without his/her knowledge.

11 Visit the Information Security website for information on:  Queen’s IT Security policies, standards and guidelines  Education and awareness offerings - Safe Computing Course  Security information such as the Golden Rules of Safe Computing, secure disposal of data, and securing network printers  Links to available security software (e.g. free antivirus software)  Security services such as systems security assessments, hard drive destruction and disposal, and SSL certificates …and much more www.queensu.ca/its/security Queen’s ITServices can help Information Security Website

12

13 Queen’s University New Faculty Orientation Day Thank You George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager 613 533 2638 or ext. 32638 george.farah@queensu.ca Q & A

Download ppt "Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information."

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Woodland Hills School District Computer Network Acceptable Use Policy.

Woodland Hills School District Computer Network Acceptable Use Policy.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Information Security Awareness:

Information Security Awareness:
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Security Controls – What Works

Security Controls – What Works
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.

Information Security Steven Hall 21 st Jan Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.
1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google