Social Security Disability Laywer Oklahoma City: What is Social Security, Exactly?
Information Security: Everyone is Responsible Presented by: Information Technology - Information...
-
Upload
riley-starman -
Category
Documents
-
view
221 -
download
4
Transcript of Information Security: Everyone is Responsible Presented by: Information Technology - Information...
Information Security:Everyone is Responsible
Information Security:Everyone is Responsible
Presented by:Information Technology - Information Security Services
University of Oklahoma Health Sciences Center
Presented by:Information Technology - Information Security Services
University of Oklahoma Health Sciences Center
Information Security: New Employee OrientationInformation Security: New Employee Orientation
Information Security: Outcome StatementInformation Security: Outcome Statement
At the conclusion of this presentation you should be able to:
1. Define Information Security
2. Identify threats
3. State safe practices
4. Know where to report an incident
1. Define Information Security
2. Identify threats
3. State safe practices
4. Know where to report an incident
Information Security: What is it? Why?Information Security: What is it? Why?
Information Security is:
• Protection of information from threats
Goals of Information Security:
• Ensure Business Continuity• Minimize Risk• Maximize Return on Investment
Information Security: Three TenantsInformation Security: Three Tenants
• ConfidentialityInformation is disclosed only to those
authorized• Availability
Information is accessible when required• Integrity
Information is accurate, authentic, complete and reliable.
The right data to the right people at the right time
Information Security: What does it Protect…Information Security: What does it Protect…
• Patient Information• Personal Identifiable Information• Our Identity• Our reputation
Information Security: ThreatsInformation Security: Threats
• Malware• Viruses• Worms• Spyware• Trojans
• Social Engineering• Phishing• Spear Phishing• Spam
Information Security: E-mail ThreatInformation Security: E-mail Threat
• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM
• 27,735,000 malicious e-mails blocked from delivery to OUHSC in a month
Information Security: Safe Practices for E-mailInformation Security: Safe Practices for E-mail
• Do not open unsolicited email or attachments
• Do not reply to SPAM
• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business
• Place a confidentiality notice in your signature block
Information Security: Malicious Software threatInformation Security: Malicious Software threat
• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers
• 1 in 10 web sites attempt to download software without permission
Information Security: Safe Practices for the InternetInformation Security: Safe Practices for the Internet
• Set higher security settings in your browser
• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)
• Avoid Game Sites and sites that require you to fill out online forms
• Install a spyware removal tool
• Always remember that your computer is a business tool
Information Security: Employee ResponsibilitiesInformation Security: Employee Responsibilities
• Use resources appropriately
• Protect your user-id and system
• Only access information that pertains to your job function
• Policies, Procedures, local, state and federal laws
• Be responsible
Information Security: Password ManagementInformation Security: Password Management
• Protect It! Memorize It!
• Use Strong Passwords• At least 8 characters• No personal information• No dictionary words• Use 3 of 4 character types
• Upper case letters• Lower case letters• Numbers• Special Characters (!@#$%^&*)
Information Security: Password ManagementInformation Security: Password Management
Create “Passphrases” Make it memorable Use a secret code
Examples:“il2pBB@6:30”: I like to play basketball at 6:30
“LMissMs04t”: Little Miss Muffet sat on a tuffet
“RedPensTalk2WhiteG@tors”: made up phrase
Information Security: Regulatory ComplianceInformation Security: Regulatory Compliance
• HIPAA – Healthcare Insurance Portability and Accountability Act
• Protected Health Information “PHI”
• PCI DSS – Payment Card Industry Data Security Standards• Protects cardholder data
• GLBA – Gramm-Leach-Bliley Act• Protects consumers’ personal financial
information
Information Security: Safe Practice- Follow PoliciesInformation Security: Safe Practice- Follow Policies
• Follow policies to help protect your data
• It’s the LAW
• See http://it.ouhsc.edu/policies/
Information Security: Incident ResponseInformation Security: Incident Response
• Types of Incidents• Suspicious email (spam or phishing attacks)• Viruses (usually via email)• Sharing of authentication (passwords or
privileges)• Attempts to gain unauthorized access• Unauthorized modifications of files and records• Attaching unapproved devices to the network• Abuse of authority or privilege• Theft
Information Security: Incident ResponseInformation Security: Incident Response
• How to report an Incident• Information Security Services should be notified
immediately of an information security incident.
• Information Security Incidents can be reported in the following methods:• Contact the Service Desk at 405.271.2203• Email: [email protected]• Contact the Information Security Services office at
405.271.2476• Email: [email protected]• Website: http://it.ouhsc.edu/services/infosecurity/
Information Security: Safe practices summaryInformation Security: Safe practices summary
– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings – Avoid unknown software from the Internet– Personal Firewall protection installed– Email caution– Report suspicious activity
Information Security: Stay Safe OnlineInformation Security: Stay Safe Online
• Information Security• http://www.sans.org• http://www.sans.org/tip_of_the_day.php• http://www.microsoft.com/protect/yourself/password/checker.mspx
• Free Anti-Virus and Anti-Spyware Tools• http://free.grisoft.com• http://www.comodo.com• http://www.safer-networking.org/en/index.html
• Online Safety• http://www.staysafeonline.org
• Identity Theft• http://www.privacyrights.org• http://www.usdoj.gov/criminal/fraud/websites/idtheft.html
Information Security: QuizInformation Security: Quiz
Quiz Time…
1. What is Information Security?The protection of information from threats
Information Security: QuizInformation Security: Quiz
Quiz Time…
2. I have a responsibility to protect what two aspects of information security at OUHSC?
a. Confidentiality and Integrityb. Confidentiality and Availabilityc. Integrity and Availabilityd. I am not responsible for information
security at OUHSC
Information Security: QuizInformation Security: Quiz
Quiz Time…
3. When I receive an email with an attachment from someone I do not know, I should…
a. Open it immediately to find out what it saysb. Forward it to my friends and familyc. Just delete itd. Unsubscribe
Information Security: QuizInformation Security: Quiz
Quiz Time…
4. How do I report an incident?
a. Contact the Service Deskb. Contact Information Securityc. Go to Website:
http://it.ouhsc.edu/services/infosecurity/d. All of the above
Information Security: QuizInformation Security: Quiz
Quiz Time…5. What is the best way to remember your
password?
a. Write it down and hide it under the keyboard
b. Share it with a coworker so he/she can help when you forget it
c. Memorize itd. Create a simple password, like abc123
Information Security: QuizInformation Security: Quiz
Quiz Time…Bonus
What are the characteristics of a complex password?
Information Security: Thank YouInformation Security: Thank You