View
18
Download
0
Category
Preview:
Citation preview
Introduction to Information Security
Office of the Vice President for Information TechnologyMr. Ron Brown, IT Security Analyst
Mr. Corbett Consolvo, Sr. IT Security AnalystMs. Lori McElroy, IT Security Officer
http://security.vpit.txstate.edu itsecurity@txstate.edu
Agenda
Security & Appropriate Use UPPSsConfidential InformationSecuring your…
– Workstation– Internet connection– Browser– Information
Best practices
http://security.vpit.txstate.edu itsecurity@txstate.edu
Security-Related UPPS
Security of Information Resources 04.01.01– Risk and asset management– Owner and custodian roles– Data classification– Sensitive information handling (including
encryption requirements)
Appropriate Use 04.01.07– Email usage– Personal use– Prohibited activities
http://security.vpit.txstate.edu itsecurity@txstate.eduhttp://security.vpit.txstate.edu itsecurity@txstate.edu
Data Classification
• e.g., job postings, service offerings, published research, directory information, degree programs.
Public information
• e.g., performance appraisals, dates of birth, and email addresses), donor information.
Sensitive information
• e.g., SSN, credit card info, personal health info.
Restricted information
http://security.vpit.txstate.edu/policies/data_classification
http://security.vpit.txstate.edu itsecurity@txstate.edu
Release ofConfidential Information
IMPORTANT NOTE: If you receive a request for information from any external party, and you aren’t certain that the information can be released, consult the Office of the University Attorney before releasing the information.
FACT 1Texas State is a
public institution
FACT 2Texas State is subject to the Texas Public
Information Act
FACT 3TPIA does not make all Texas
State information freely available to
the public
http://security.vpit.txstate.edu itsecurity@txstate.edu
Confidential InformationProtections
Technical– Perimeter and local firewall– Anti-virus– Automatic updates– Encryption solutions
What you can do– Treat data like it’s your personal information– Secure unattended workstations, monitors, and desks– Protect confidential conversations– Contact IT Security if you have a business need to
store Restricted data
http://security.vpit.txstate.edu itsecurity@txstate.edu
Disposing of Confidential Information
Computer disposal– www.tr.txstate.edu/itac/repair/hardware-disposal– Use Material Management Request Pickup of Surplus
Equipment www.materialsmgt.txstate.edu/Resources---Forms/surplus
Record disposal– Check the Records Retention schedule at
www.library.txstate.edu/about/departments/records/records-management
– Shredding hard copies and electronic copies– Identity Finder
http://security.vpit.txstate.edu itsecurity@txstate.edu
Securing Your Workstation
Updating your computer– the “Big Three” 1. Apply operating system patches2. Update the anti-virus/malware software3. Use an operating system firewall
NOTE: If you use a university-configured computer, these updates are enabled
http://security.vpit.txstate.edu itsecurity@txstate.edu
Anti-Virus Updates
Automatic or regularly scheduled updates
http://security.vpit.txstate.edu itsecurity@txstate.edu
Operating System Updates
Windows– www.updates.microsoft.com– Check to be sure you are on most recent patch level
Macintosh (Mac OS X v10.3 or later)
http://security.vpit.txstate.edu itsecurity@txstate.edu
Operating System Firewall
Windows– XP -
www.microsoft.com/windowsxp/using/networking/security/winfirewall
– Win 7 - http://windows.microsoft.com/en-US/windows7/Understanding-Windows-Firewall-settings
Macintosh (Mac OS X v10.2 or later)– www.macinstruct.com/node/165
http://security.vpit.txstate.edu itsecurity@txstate.edu
Malware
Malware–what is it and how do I protect myself from it?– Protections: Do not download or install untrusted
or unknown programs– Use anti-spyware software, such as Ad-Aware
(www.lavasoftusa.com) or Windows Defender www.microsoft.com/windows/products/winfamily/defender/default
http://security.vpit.txstate.edu itsecurity@txstate.edu
Malware Risks
EDUCAUSE Computer Security Awareness Video Contest 2006 honorable mention, Act Now -Know Your Sources by Stephen Hockman, Christina Manikus, John Sease, & Erin Shulsinger, James Madison University
http://www.educause.edu/SecurityVideoContest2006/7103
http://security.vpit.txstate.edu itsecurity@txstate.edu
Securing Mobile Devices
Mobile computing and portable media– Use Passwords, preferably “power on” passwords– Use an additional authentication factor if
possible, such as a fingerprint reader on a laptop– Remove or “shred” all data before disposing or
transferring– Always keep the device with you when you are
away from the office (e.g. do not leave it unattended in a hotel room, conference, or your vehicle
http://security.vpit.txstate.edu itsecurity@txstate.edu
Securing Your Internet Connection
Wireless network security– Texas State University's wireless networks
• Open network• Encrypted wireless network setup:
www.tr.txstate.edu/get-connected/computerservices– Wireless security at home
• Change the router’s default password• Use strongest available encryption• Use MAC address restrictions
– Use public wireless networks only for risk-free activities
http://security.vpit.txstate.edu itsecurity@txstate.edu
Setting up a Wireless Router
Video demonstration
http://security.vpit.txstate.edu itsecurity@txstate.edu
Securing Your BrowserFirefox (3.6.6)Tools -> Options -> Privacy
http://security.vpit.txstate.edu itsecurity@txstate.edu
Firefox (Version 3.6.6)Tools -> Options -> Security
http://security.vpit.txstate.edu itsecurity@txstate.edu
Internet Explorer (IE 8)Tools ->Internet Options -> Privacy
http://security.vpit.txstate.edu itsecurity@txstate.edu
Internet Explorer (IE 8)Tools ->Internet Options -> Content
http://security.vpit.txstate.edu itsecurity@txstate.edu
Protecting Your Information
Phishing –what is it and how do I protect myself from it?– IT Security website phishing information:
http://security.vpit.txstate.edu/awareness/phishing– Protections:
• Do not submit personal information in response to an email
• Verify the authenticity and security of web sites before entering your personal information (https, certificates)
http://security.vpit.txstate.edu itsecurity@txstate.edu
Data Backup
Regular or automatic backups Protect backup media Protect sensitive information stored on
backup media Critical data should be backed up
frequently Test your recovery
http://security.vpit.txstate.edu itsecurity@txstate.edu
Accounts and User IDs
Use separate user accounts– Administrator and normal user
Use separate IDs/passwords by function– Email– Banking– Online purchasing
http://security.vpit.txstate.edu itsecurity@txstate.edu
Passwords
Use strong passwords– Mix upper case, lower case, and numeric characters– The longer the better, but a minimum of 8
characters– Use passphrases– Avoid valid dictionary words and proper names
Password Checker Website– www.microsoft.com/protect/yourself/password/checker
http://security.vpit.txstate.edu itsecurity@txstate.edu
Social Networking
Use caution when posting personal information
Facebook settings - “friends and friends of friends”
Talk about social networking protections with your family and friends
Limit access to your personal site Remember that pages are cached http://security.vpit.txstate.edu/awareness/s
ocial_networking
http://security.vpit.txstate.edu itsecurity@txstate.edu
Applicable Policies and Laws
Texas State University Policies– Security of Texas State Information Resources (UPPS 04.01.01)
• http://www.txstate.edu/effective/upps/upps-04-01-01– Appropriate Use of Information Resources (UPPS 04.01.07)
• http://www.txstate.edu/effective/upps/upps-04-01-07– University Income Recognition and Associated Cash-Handling
Procedures (UPPS No. 03.01.05)• http://www.txstate.edu/effective/upps/upps-03-01-05
Other Federal and State Laws– Texas Administrative Code, Chapter 202 (TAC 202)– TPIA –Texas Public Information Act– FERPA -Federal Educational Rights & Privacy Act– HIPPA -Health Insurance Portability & Accountability Act– GLBA -Gramm-Leach-Bliley Act
http://security.vpit.txstate.edu itsecurity@txstate.edu
MoreQ & A
Recommended