security awareness 2009
TRANSCRIPT
-
7/31/2019 Security Awareness 2009
1/41
Security Awareness Presentation
Florida International University
Cheryl Lyn Granto, IT Security Officer
http://security.fiu.edu
-
7/31/2019 Security Awareness 2009
2/41
We will never ask youfor your Password or
personal information in
person, on the phone or in
email!
-
7/31/2019 Security Awareness 2009
3/41
IT SECURITY?
What is it?
-
7/31/2019 Security Awareness 2009
4/41
It is
Maintaining:
ConfidentialityAvailability
Integrity
-
7/31/2019 Security Awareness 2009
5/41
Confidentiality
Keeping your information:
Hidden Safe
Private
-
7/31/2019 Security Awareness 2009
6/41
Availability
Making sure IT resources are:
Present Ready for immediate use!
-
7/31/2019 Security Awareness 2009
7/41
Integrity
Knowing and using information
that is Sound and Unchangedby Anyone who is not
authorized
-
7/31/2019 Security Awareness 2009
8/41
So what does this
meanfor FIU?
-
7/31/2019 Security Awareness 2009
9/41
President Maidiques Objectives
FY 05-06
Execute a communications program that
increases knowledge regarding laws, rules
and regulations addressing student record
confidentiality and University security
requirements
-
7/31/2019 Security Awareness 2009
10/41
Mark Luker, VP Educause, said atSURA/Critical Infrastructure ProtectionProject Conference:
Higher Education must address their ITSecurity problems or they are going to findthemselves subject to Mandatory Federal
Security Requirements. We have to show weare moving in the right direction withregards to IT Security
Higher Education Implication
-
7/31/2019 Security Awareness 2009
11/41
A Legal Perspective for
Higher Education
FIU is subject to Local, State and Federal Laws.For more information refer to the Laws and Policypage at the end of the FIU General Policy
SECPA Electronic Communications Privacy Act
FERPA
Family Educational Rights and Privacy Act
HIPAA
Health Insurance Portability and Accountability Act CFAA
Computer Fraud and Abuse Act
USA Patriot Act
GLBA
GrammLeachBliley Act
-
7/31/2019 Security Awareness 2009
12/41
At FIU we have
Compliance Issues
& Safety Issues
The Problems are Real!
-
7/31/2019 Security Awareness 2009
13/41
Information Security Awareness
Defined
Security awareness is being cognizant of:
The variety of information security situations
that may take place
How to protect oneself from such situations
The necessary steps to take should a security
infringement situation arise
-
7/31/2019 Security Awareness 2009
14/41
Play your partBe aware!
Security Infrastructure, Policy and
Technology
WILL NOT WORK WITHOUT YOU!
-
7/31/2019 Security Awareness 2009
15/41
Ignorance is not bliss!
Nothing of great importance is stored on my computer.NOT TRUE-your access is very valuable
The network is protected and the techies can handle
security issues. NOT TRUE-we cannot watch everythingall of the time.
Who would want to steal my identity? Everyone
Are people really that malicious?
Unfortunately, YES!
-
7/31/2019 Security Awareness 2009
16/41
The numbers speak for
themselves
Over 300 million users with access to
Internet
Over 1000 new viruses created each month Every 80 seconds someones identity is
stolen
40% of laptop theft happens in offices andmeeting rooms
100s of FIU computers are compromised on
the FIU network each year
Y PC i d!
-
7/31/2019 Security Awareness 2009
17/41
Your PC is protected!
Your computer is now part of
the campus Active DirectoryWe take care of:
Your anti-virus
System Patches
Locking your screen
But you need to:
-
7/31/2019 Security Awareness 2009
18/41
Make regular back-ups of criticaldata
Turn your computers off when youleave for the day
Do not keep any critical
information (Social Securitynumbers, birthdates, credit cardnumbers, etc.) on your computer
or on network file shares (M, NDrive etc.). You should neversend such critical information viainstant messenger or other chattools
-
7/31/2019 Security Awareness 2009
19/41
E-mail Security
Never open e-mail attachments from strangers
Make sure that the message references the attachment
Be cautious even when opening attachments from your
peers Never hesitate to contact the sender to verify if he/she
actually sent an attachment
Never send personal information (name, account numbers,
address, phone numbers, passwords to strangers When in doubt, contact UTS 7-2284
Spread the word, not the virus!
Trust your instinctsit probably is a virus.
-
7/31/2019 Security Awareness 2009
20/41
Password Management
The longer the
better
Should be changed
every 3 months Should not be
found in any
dictionary in any
language
Never share them
with anyone
Never write them
down Be careful when
entering your
password on a
strange computer
-
7/31/2019 Security Awareness 2009
21/41
Making a Strong Password
Use at least 6 characters1 numeric
Misspell woords & add speshul
ch@ract3rs
Easy to remember phrases can equal
complicated passwords
I finally got my Masters degree at 28! ifgmmd@28!
I signed up for Drop in 1998! 1su4din1998!
http://images.google.com/imgres?imgurl=www.thelearningcurve.org/images/checkmark.gif&imgrefurl=http://www.thelearningcurve.org/mcla.htm&h=338&w=229&sz=11&tbnid=MC8ATtooGlgJ:&tbnh=113&tbnw=77&prev=/images%3Fq%3Dcheckmark%26start%3D60%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DNhttp://images.google.com/imgres?imgurl=www.thelearningcurve.org/images/checkmark.gif&imgrefurl=http://www.thelearningcurve.org/mcla.htm&h=338&w=229&sz=11&tbnid=MC8ATtooGlgJ:&tbnh=113&tbnw=77&prev=/images%3Fq%3Dcheckmark%26start%3D60%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DN -
7/31/2019 Security Awareness 2009
22/41
Keep confidential documents off your desk
Dont share your access
Take note of strangers in your area
Use laptop locking devices
Keep a record of make, model, serial number
Be careful of piggybacking and tailgatingThis is when someone follows you through a locked door
Be careful of bump and run! especially in
airports
Physical Security
-
7/31/2019 Security Awareness 2009
23/41
Social Engineering Defined
When one is deceived
or conned into
divulging information
that would not be
sharedunder normal
circumstances
Please ask questions,
never assume authority!
-
7/31/2019 Security Awareness 2009
24/41
Cyber Victims
Cyber Crime is as Serious as any other
crime!
Contact
FIU Victim Advocacy Center
305-348-1215
-
7/31/2019 Security Awareness 2009
25/41
DONT
Gossip or share with others sensitiveinformation you have access to.
Look up confidential information for co-workerswho do not have the access without supervisorapproval.
Store your confidential files on public orunsecured network file servers.
Throw confidential reports in the trash withoutshredding them first.
Handling Sensitive Information
-
7/31/2019 Security Awareness 2009
26/41
FERPA Violations
Its so Easy
-
7/31/2019 Security Awareness 2009
27/41
FERPA Violationhow does it
happen?
Here sits Jane at her desk:
Jane works for the Registrar
-
7/31/2019 Security Awareness 2009
28/41
Jane needs a break and walks over to
the Graham CenterLindsey, an OPS student walks by and
Sees that Jane has Left her computer logged
on and Lindsey knows Jane has access to
Look at any students records
And wants to see her boyfriendsInformation
-
7/31/2019 Security Awareness 2009
29/41
This must be reported and the
student must be notified that
his information was possibly compromised.
When Jane returns she sees
a record open that she knows
she did not access.
-
7/31/2019 Security Awareness 2009
30/41
An afternoon at FIU
Can you see the FERPA Violations?
-
7/31/2019 Security Awareness 2009
31/41
Lets look closer.
Instant Messaging SocialSecurity Numbers
TerminalsLeftLogged in
Weak Passwordsand
PasswordSharing
Files left outOn desk
-
7/31/2019 Security Awareness 2009
32/41
DO Use excerpts with appropriate attribution (fair
use).
Install and use the software licensed for
everyone at the University (site-licensed). Install and use software purchased by your
department for your use
Copyright, Fair Use and Piracy
-
7/31/2019 Security Awareness 2009
33/41
DONT
Use your co-workers computer disks to installsoftware programs unless you have a license.
Copy or share free music or video files that
you would reasonably expect to pay for (e.g.,
feature films, music CDs, e-books). Copy software to take home with you.
Copyright, Fair Use and
Piracy
-
7/31/2019 Security Awareness 2009
34/41
Most Common Security
Mistakes Poor password management
Leaving your computer on, unattended
Opening email attachments from strangers Not installing anti-virus software
Laptops on the loose
Sharing information (passwords and machines)
Not reporting security violations Always behind the times (software patches)
Keeping an eye out inside the organization
-
7/31/2019 Security Awareness 2009
35/41
Never give out your password, billing
information or other personalinformation to strangers online
Be mindful of who you're talking withbefore you give out personal information
Protect Yourself
-
7/31/2019 Security Awareness 2009
36/41
Don't click on hyperlinks or downloadattachments from people/web sites youdon't know
Be skeptical of any company thatdoesn't clearly state its name, physicaladdress and telephone number
Protect Yourself
-
7/31/2019 Security Awareness 2009
37/41
-
7/31/2019 Security Awareness 2009
38/41
Before releasing any information, it is
essential to at least establish:
the sensitivity of the information
your authority to exchange or release theinformation
the real identity of the third party (proper
authentication) the purpose of the exchange
You are responsible for theinformation you handle!
-
7/31/2019 Security Awareness 2009
39/41
Some parting words
Protect yourself; Protect FIU
Be aware and beware
Trust your instincts Take proactive steps
Ask questions and report incidents at
http://security.fiu.edu
http://security.fiu.edu/http://security.fiu.edu/ -
7/31/2019 Security Awareness 2009
40/41
Security.fiu.edu
-
7/31/2019 Security Awareness 2009
41/41
Visit us online at
http://security.fiu.edu
http://security.fiu.edu/http://security.fiu.edu/