Download DO NOT - Middlebury College

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Information security wikipedia , lookup

Data remanence wikipedia , lookup

Mobile security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Medical privacy wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Do Not Track legislation wikipedia , lookup

Phishing wikipedia , lookup

Information privacy law wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Social engineering (security) wikipedia , lookup

Transcript 
Information Security
2013 Roadshow
Roadshow Outline
 Why We Care About Information Security
 Safe Computing
•
•
•
•
Recognize a Secure Web Site (HTTPS)
How to Spot a Spoofed Web Site
Recognize a Phishing Attempt
What is Social Engineering
 Privacy and Compliance
•
•
•
PCI/HIPAA/FERPA
Policy
Privacy and Best Practice
Why We Care About Information Security
Personal Reasons:
Identity Theft
Loss of Data
Financial Loss
Poor Computer Performance
Institutional Reasons:
Protect Middlebury College
Compliance with Laws and Standards
Prevent Reputational Damage
Reduce Legal Liability for the College
As Well As the Personal Reasons Listed Above
How do I Know a Web Site is Secure?
• HTTPS in the Address bar
is an indicator of a secure
web site.
• A web site encrypted with
SSL should display a near the
address bar.
• Not all devices or
browsers
display the
same.
What is a Spoofed Web Site
• Just because the site
looks like Middlebury
does not mean it is
•
Check the address or URL
•
Never enter login information unless the site is secure and you have checked the URL
How to Spot Phishing
•
•
•
Do NOT click on links or open attachments in suspicious emails!
Forward all suspected Phishing messages to [email protected] before deleting the
message.
If you fall victim to a phishing attack RESET your password immediately and then call the
Helpdesk!
What Phishing Can Do
•
Infect a system with malware
•
Mislead a user into giving up
credentials
•
Compromise email with
rules and scripts
•
Stet the stage for a larger
attack
•
•
•
Do NOT click on links or open attachments in suspicious emails!
Forward all suspected Phishing messages to [email protected] before deleting the
message.
If you fall victim to a phishing attack RESET your password immediately and then call the
Helpdesk!
What is FakeAV
•
Tries to look like regular AV
•
Clicking on the warning will download a virus
•
Often the best bet is a hard shutdown of the
system
•
Know what your AV warnings look like
•
Sophos anti-virus does offer some web
protections which help to prevent the download
activity of FakeAV.
Social Engineering
• Social engineering, in the context of
security, is understood to mean the art of manipulating people
into performing actions or divulging confidential information. While it is similar to a confidence trick or
simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or
computer system access; in most cases the attacker never comes face-to-face with the victims.
(From Wikipedia)
Examples:
•
You are in a hotel and receive a call from the front desk to confirm your credit card details.
•
You receive a call at work from support services asking for your password to fix a problem on your
computer.
•
You are at home and get a call from the help desk asking for your login information to reset your email
account.
What Laws Protect Information Here at Middlebury
•
Family Education Rights and Privacy Act (FERPA) = Student Data
•
Health Information Portability and Accountability Act (HIPAA) = Health Data
•
Sarbanes – Oxley Act (SOX) = Financial Data for Businesses
•
Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions
•
VT Act 162 = Data Breach Notification & SSN Handling
•
Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data
What Policies Protect Information Here at Middlebury
•
Privacy Policy = Confidentiality of Data
http://go.middlebury.edu/privacy
•
Network Monitoring Policy = Protection of College Technology Resources
http://go.middlebury.edu/netmon
•
Technical Incident Response Policy = Response to Information Security Events
http://go.middlebury.edu/tirp
•
Data Classification Policy = Defines Data Types
Not in handbook as of yet
•
Red Flags Policy = Identity Theft Protection
Not presently in hand book
•
PCI Policy = Payment Card Data Handling
http://go.middlebury.edu/policy?pci
Other Policies Live Here: http://go.middlebury.edu/handbook
What are Some Best Practices
Do
•
Look for HTTPS and other key address
indicators when you are going to different web
sites.
•
Use a strong challenge question in Banner SSB
•
Redaction – remove or mask (block out)
personally identifiable information when sharing
data
•
Be suspicious of unsolicited email or phone calls.
Do
•Lock your computer or secure information when
you leave your work space.
•Use Anti-Virus on both your work and home
systems
•Use secure passwords which you change often.
This also applies to mobile devices.
What are Some Best Practices
Do Not
•
DO NOT write down or share your passwords
- tools such as eWallet or 1Password work
well as secure password storage alternatives.
•
DO NOT store confidential data on unencrypted
thumb drives or other unsecured media
-if you need to transfer the data encrypt the
file or password protect the file and keep a
master copy on the server.
Do Not
•
DO NOT place confidential data in email
-email a link to where the file is
stored. This may add complexity
but increases security. Windows
Explorer can show you the path to
the location of the file.
•
DO NOT record sensitive data on the College
web site, blog or Wiki
Discussion and Links
Please share your thoughts!
Information Security Resources:
http://go.middlebury.edu/infosec
http://go.miis.edu/infosec
Report Information Security Events To: [email protected]
Related documents
Document
Document
popcap games matsumoto design hornall anderson aas, graphic
popcap games matsumoto design hornall anderson aas, graphic
Statement of Domestic Partnership
Statement of Domestic Partnership
Creating Content for Your Web Page
Creating Content for Your Web Page
History of France
History of France
Abstract - Compassion Software Solutions
Abstract - Compassion Software Solutions
Delivery Partner Guide - Homes and Communities Agency
Delivery Partner Guide - Homes and Communities Agency
Document
Document
Your computer
Your computer
The Role of Security in an Introductory Course
The Role of Security in an Introductory Course
document 8663971
document 8663971