View
222
Download
3
Embed Size (px)
Citation preview
IT Security EssentialsIan Lazerwitz, Information Security Officer
Fundamentals of Security
• Confidentiality
• Integrity
• Availability
Confidentiality
Integrity Availability
Why all the concern about security?
• Computer hacking has become a big business
• We store large amounts of personal data in our systems on students and employees
• We need that data to be accurate and available in order to do our jobs
• We must comply with state and federal regulations
What are we doing about it?
• Constantly monitoring our systems and threats to keep our servers and our network secure
• Implementing policies, procedures and practices to assure only authorized users have access to data
• Educating users
What can you do?
• Security is everyone’s responsibility
• Contact the IT Security Office with any questions or if you suspect there has been a security breach
• Follow some basic guidelines:
Be aware
• Make information security a regular practice
• Recognize poor security practices in your own habits and in your office
• Remain vigilant where information security is concerned
Passwords
• Never share a password– If more than one person needs access work with
DoIT to create a network share so each can use their own password
– Even the DoIT Helpdesk should never ask for your password
Passwords• Choose a strong password
– We recommend that you change your password regularly
– Use a phase that’s easy to remember but hard to guess– Your password must contain 3 of 4
• Uppercase letters
• Lowercase letters
• Numbers
• Special Characters
Password Examples
• Weak Passwords– Fluffy– Password3– Lazerwitz
• Strong Passwords– str0ngPa55– 3plus3=Six– myc@tisf!uffy
Passwords
• Never post your password– On your computer monitor– Under your keyboard– In a desk drawer– Anyplace that someone might look
Passwords
• Never save passwords in applications– E-mail, Web Authoring, Dialup, VPN– Anyone who site at your computer has access
to those applications
– Equally important at home
Personally Identifiable Information
(PII) is information that can be used to steal identities, disrupt University operations and damage Pace’s reputation includes: – Social Security Numbers (SSNs)
– Health Information – including immunization information, FMLA information and
– Credit Card information
– Non public directory information – including student grades
PII Date Handling Best Practices
• Assign a complex password and change it regularly;
• Don’t use Internet files sharing software such as Kazaa or BitTorrent.;
• It is important to treat other people’s information as if it was your own!!!!
PII Date Handling Best Practices
• Delete files from ALL locations (hard drive and network drive) when no longer valid.
• Do not hold on to old queries or reports that contain personal information. Empty your computer’s recycle bin and clear temporary file folders
PII Date Handling Best Practices
• Never share passwords;
• Avoid emailing sensitive files. If email is absolutely necessary, use password protection;
• Use a password protected screen saver;
• Shut down or turn off the computer when not in use;
PII Printing Best Practices
• Printed reports with PII data must contain the creator’s name, date and time, data source and a confidential notice.
• Limit display of personal information. Do not leave paper containing personal information on desks or in open view; avoid printing SSN unless required by law.
PII Printing Best Practices
• Always store paper reports containing PII in a secure location such as a locked filing cabinet and know who has access to the location. Avoid taking PII reports with you to unsecured locations such as your home or car.
PIIPrinting Best Practices
• Limit distribution of documents with PII and know who is receiving the documents and how it will be used.
Physical Security
• Always lock your computer when you leave it unattended (ctrl-alt-del)
• Never leave hard copies with sensitive date in plain view
• Always log out of web applications (Banner, e-mail, calendar) and close the browser
Laptops and Mobile Devices
• Theft
• Access on unsecure networks
• Strong passwords
• Encryption
Did you know? (Antivirus)
• Pace University has a site license to install Symantec Antivirus on all Pace computer
• We also provide Antivirus software for staff, faculty, and student home use
Did you know?
• It is a violation of University policy to share your password
• You should keep your computer operating system and applications patched to protect against unwanted intrusions
Did you know?
• You should make backups of critical files
• At home use a personal firewall
• Do not open unexpected emails
Information Security Office
• Ian Lazerwitz– Information Security Officer
• Http://www.pace.edu/safecomputing