Information Security Training for Users with Elevated Privileges to University Systems
description
Transcript of Information Security Training for Users with Elevated Privileges to University Systems
![Page 1: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/1.jpg)
INFORMATION SECURITY TRAINING
FOR USERS WITH ELEVATED PRIVILEGES
TO UNIVERSITY SYSTEMS
Brought to you by:University Information Security Office
![Page 2: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/2.jpg)
THE NEED FOR TRAINING…….
Statistics show many breaches are caused by insiders: Intentional
Disgruntled Inquisitive
Unintentional Action
Sharing your NetID password Inaction
Not locking your workstation when away
2
![Page 3: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/3.jpg)
IS IT EVER OKAY TO SHARE YOUR NETID PASSWORD?
New employee with no access yet? Student worker to help you with data
entry during crunch period? With your supervisor? With a co-worker that needs to access
something you normally do, but you’re out on medical leave?
![Page 4: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/4.jpg)
WATCH THE FOLLOWING VIDEO. . . . http://security.arizona.edu/sites/default/
files/UA_Password_Video_Final_1.flv
![Page 5: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/5.jpg)
IT’S NEVER OKAY TO SHARE YOUR NETID PASSWORD
Passwords authenticate a person’s identity
Your roles and permissions can now be accessed by someone else Anyone authenticating as you = access to
anything your access allows (including your personal information)
YOU are responsible for activity (legitimate or illegitimate) occurring while logged into your account!
![Page 6: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/6.jpg)
A SHARED PASSWORD CAN BE MISUSED!
Can be misused by students workers, co-workers, consultants, vendors, or ANYONE
How well do you REALLY know them? Curiosity + Opportunity can lead to
misuse and compromise“What can I access?”“This could solve all my problems!”
![Page 7: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/7.jpg)
MORE ON THE WHY. . . .
NetID Password sharing
Curiosity
Opportunity
Motive or circumstances
Unintended consequences
Stress?
Right and wrong?
Justifying
actions?
personal. .
. . financia
l. .
. .
![Page 8: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/8.jpg)
THE OPPORTUNITY TO COMPROMISE. . . .
Integrity - Add, Update or Delete Records Change grades Admit or deny admittance for someone Enter a degree exception requirement Change Enrollment Deposit Status Update Lawful Presence Status
Confidentiality and Integrity – View or update Social Security Numbers Direct deposit information Tax information Benefits information
![Page 9: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/9.jpg)
ADDITIONAL NETID PASSWORD SECURITY DO NOT
Use your NetID password for any other account
Store online (unless encrypted) Password Manager Programs
KeePass and Password Safe (Windows) Password Gorilla (Macs)http://www.security.arizona.edu/topten3
If you must write it down Store securely - Locked file cabinet
Not filed under “P” for passwords
![Page 10: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/10.jpg)
LOCK COMPUTER WHEN AWAY FROM DESKInaction = Not locking your computerHow long might you be gone? Did you leave access to:
An application with sensitive data? Could someone install a keylogger?
Windows: Windows + L Or Ctrl-Alt-Delete and select “lock this computer”
Macs: Shift ( ) + Command ( ) + Q⇧ ⌘
![Page 11: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/11.jpg)
CONSEQUENCES
Financial and/or reputational loss Employee may be held responsible for
any action or inaction that led to the incident Disciplinary action up to and including
termination Arizona’s Breach Notification Statute (44-
7501) = if the compromise involves SSNsCould have significant financial and
reputational impact
![Page 12: Information Security Training for Users with Elevated Privileges to University Systems](https://reader035.fdocuments.in/reader035/viewer/2022070421/568160c0550346895dcfe82a/html5/thumbnails/12.jpg)
END OF AWARENESS MODULE
https://request.uaccess.arizona.edu/privilegeduseragreement/
Please follow the link below to sign the privileged user agreement.