Upload
gertrude-horn
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
1
New Employee Orientation-
Information Security
Joel Garmon, Director, Information Security
Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior
[email protected]://infosec.wfu.edu/
2
Who We Are - IT Security
Work together as a team to ensure protection of computer systems and data University-wide (using technology, policies and procedures).
[email protected]://infosec.wfu.edu/
Director of Information Security reports to Information Systems CIO and General Counsel in Legal Department.
3
Password Guidelines At least 6 characters.
At least 1 number.
Do not reuse old passwords.
Change password every 6 months.
[email protected]://infosec.wfu.edu/
4
Phishing
The fraudulent practice of sending emails purporting to be from legitimate companies in order to induce individuals to reveal personal information.
NEVER SEND YOUR PASSWORD OR ANY PERSONAL INFORMATION THROUGH EMAIL TO ANYONE.
Wake Forest University will never ask you to provide personal information, such as your social security number or passwords, via email message.
[email protected]://infosec.wfu.edu/
5
Phishing Example
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
[email protected]://infosec.wfu.edu/
6
Legitimate Email?--------- Forwarded message ----------From: Wake Forest University <[email protected]>Date: Tue, Apr 17, 2012 at 8:09 AMSubject: New Secure Message Regarding Your Wake Forest UniversityTo:
New Important Security Message Alert!
Log In in order to resolve the problem . Click to log in.
[email protected]://infosec.wfu.edu/
7
Copyright Violations Do not use peer-to-peer sharing
applications, such as BitTorrent.
If you have questions about use of video or music, please contact ZSR Library for guidance.
[email protected]://infosec.wfu.edu/
8
Encryption of Emails WinZip can be used to encrypt
attachments to emails.
Confirm recipient's email address is correct.
Email encryption password in separate email.
If unsure of confidentiality of data, be conservative and encrypt attachment files.
[email protected]://infosec.wfu.edu/
9
EncryptionWFU IS department will encrypt staff laptops.
Smart phones that receive WFU email must be passcode protected.
USB flash drives can be encrypted. Consult the following web site for examples of USB flash drives that support encryption.
http://infosec.wfu.edu/Consult IT support person in your area or any member of security team for questions.
[email protected]://infosec.wfu.edu/
10
Connection from Home Use the Virtual Private Network (VPN) software to
connect to the WFU network. Consult the following web site for information:
http://help.wfu.edu/techguide/vpn
Ensure that your home computer is up to date regarding operating system patches, and antivirus patches.
Ensure that data is secure appropriately on USB drive as the data is being transported home.
[email protected]://infosec.wfu.edu/
11
Workstation SecurityPhysical Controls –
Use lock down cable connected to laptop or desktop. Do not leave laptop visible in car. Do not leave unattended laptop in meeting rooms,
library tables or classrooms.
Logical Controls – Enable password protected screen savers. Do not post passwords on desk, on wall, or anywhere
visible to others. Do not share passwords with others.
[email protected]://infosec.wfu.edu/
12
Data ClassificationNon-Public Information (NPI)
Social Security Number
Credit Card Information
Bank Information
Student Records
Drivers License Information
[email protected]://infosec.wfu.edu/
13
Impact of Security Breach
Any employee that works with NPI could potentially be aware of a breach.
More importantly, employees aware of a breach must contact IS Security.
Security breaches can affect many people.
For example, Norte Dame had a breach of credit card data in 2006 as well as an employee record data breach in 2009. The affects were as follows: 24,000 employees affected by 2009 breach, personal information exposed on the Internet, and Notre Dame worked to minimize future threats. Notre Dame’s overall cost to mitigate 2006 PCI breach was a one time $4.6M fee and $630K recurring.
http://www.ndsmcobserver.com/ WFU’s reputation would be majorly affected as well as having to pay financial
penalties.
[email protected]://infosec.wfu.edu/
14
Who to Contact for Security Concerns
Bridge at ZSR Library http://help.wfu.edu758-4357
[email protected] Garmon, Director, Information SecurityMike Rollins, Security ArchitectJeffrey Teague, Security Analyst, Senior
[email protected]://infosec.wfu.edu/
15
[email protected]://infosec.wfu.edu/