Good computer security practices basic security awareness l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

Good Computer Security Practices Basic Security Awareness PowerPoint PPT Presentation

Good Computer Security Practices Basic Security Awareness September 10, 2007 School of Nursing Office of Academic and Administrative Information Systems (OAAIS) EIS Security Awareness Training and Education (SATE) Program Overview What is Information and Computer Security?

Related searches for Good Computer Security Practices Basic Security Awareness

Download Presentation

Good Computer Security Practices Basic Security Awareness

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Good computer security practices basic security awareness l.jpg

Good Computer Security PracticesBasic Security Awareness

September 10, 2007

School of Nursing

Office of Academic and Administrative Information Systems (OAAIS)

EIS Security Awareness Training and Education (SATE) Program


Overview l.jpg

Overview

What is Information and Computer Security?

“Top 10 List” of Good Computer Security Practices

Protecting Restricted Data

Reporting Security Incidents

Additional Resources

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide3 l.jpg

What is Information and

Computer Security?

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide4 l.jpg

… the protection of computing systems and the data that they store or access.

Desktop computersConfidential data

Laptop computersRestricted data

ServersPersonal information

BlackberriesArchives

Flash drivesDatabases

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide5 l.jpg

Why do I need to learn about computer security?

Isn’t this just an IT Problem?

Everyone who uses a computer needs

to understand how to keep his or her computer and data secure.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Good security practices follow the 90 10 rule l.jpg

Good security practices follow the “90/10” rule

  • 10% of security safeguards are technical

  • 90% of security safeguards rely on us – the user - to adhere to good computing practices

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide7 l.jpg

Embarrassment to yourself and/or the University

Having to recreate lost data

Identity theft

Data corruption or destruction

Loss of patient, employee, and public trust

Costly reporting requirements and penalties

Disciplinary action (up to expulsion or termination)

Unavailability of vital data

What are the consequences of security violations?

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide8 l.jpg

“Top Ten List”

Good Computer Security Practices

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide9 l.jpg

  • Don’t keep restricted dataon portable devices.

    2.Back-up your data.

    • Make backups a regular task, ideally at least once a day.

    • Backup data to removable media such as portable hard drives, CDs, DVDs, or a USB memory stick.

    • Store backup media safely and separately from the equipment. Remember, your data is valuable… don’t keep your backups in the same physical location as your computer!

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Data backups l.jpg

Data Backups

  • How effective would you be if your email, word processing documents, excel spreadsheets and contact database were wiped out?

  • How many hours would it take to rebuild that information from scratch?

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide11 l.jpg

  • 3. Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them!

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide12 l.jpg

“I’lljustkeep finding new ways to break in!”

4. Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches.

5. Don’t install unknown or unsolicited programs on your computer.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide13 l.jpg

  • 6. Practice safe e-mailing ~

  • Don’t open, forward, or reply to suspicious e-mails

  • Don’t open e-mail attachments or click on website addresses

  • Delete spam

  • Use UCSF’s secure e-mail system to send confidential information ~

    • Subject: Secure:_

    • (http://its.ucsf.edu/information/applications/exchange/secure_email.jsp)

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide14 l.jpg

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do?

a) Follow the instructions

b) Open the e-mail attachment

c) Reply and say “take me off this list”

d) Delete the message

e) Contact OAAIS Customer Support

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide15 l.jpg

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do?

a) Follow the instructions

b) Open the e-mail attachment

c) Reply and say “take me off this list”

d) Delete the message

e) Contact OAAIS Customer Support

d)Delete the e-mail message!

e) Contact OAAIS Customer Support for further instructions – but do not open, reply to, or forward any suspicious e-mails!

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide16 l.jpg

Your sister sends you an e-mail at school with a screen saver attachment.

What should you do?

a) Download it

b) Forward the message

c) Call a tech-savvy friend to help install it

d) Delete the message

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide17 l.jpg

Your sister sends you an e-mail at school with a screen saver attachment.

What should you do?

a) Download it

b) Forward the message to a friend

c) Call a tech-savvy friend to help install it

d) Delete the message

d) Delete it! Never put unknown or unsolicited programs or software on your computer. Screen savers may contain viruses.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide18 l.jpg

7. Practice safe Internet use ~

  • Accessing any site on the internet could be tracked back to your name and location.

  • Accessing sites with questionable content often results in spam or release of viruses.

  • And it bears repeating…

    Don’t download unknown or unsolicited programs!

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide19 l.jpg

8. & 9. Physically secure your area and data when unattended ~

  • Secure your files and portable equipment - including memory sticks.

  • Secure laptop computers with a lockdown cable.

  • Never share your ID badge, access codes, cards, or key devices (e.g. Axiom card)

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide20 l.jpg

10. Lock your screen

  • For a PC ~

    <ctrl> <alt> <delete> <enter> OR

    <> <L>

  • For a Mac ~

    Configure screensaver with your passwordCreate a shortcut to activate screensaver

  • Use a password to start up or wake-up your computer.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide21 l.jpg

Which workstation security safeguards are YOUresponsible

for following and/or protecting?

a) User ID

b) Password

c) Log-off programs

d) Lock up office or work area (doors, windows)

e) All of the above

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide22 l.jpg

Which workstation security safeguards are YOU responsible

for following and/or protecting?

a) User ID

b) Password

c) Log-off programs

d) Lock-up office or work area (doors, windows)

e) All of the above

ALL OF THE ABOVE!

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide23 l.jpg

The mouse on your computer screen starts to move around on its own and click on things on your desktop.

What do you do?

a) Show a faculty member or other students

b) Unplug network cable

c) Unplug your mouse

d) Report the incident to whomever supports your computer and [email protected] if it happens while you’re on campus

e) Turn your computer off

f) Run anti-virus software

g) All of the above

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide24 l.jpg

The mouse on your computer screen starts to move around on its own and click on things on Your desktop. What do you do?

This is a security incident!

Immediately report the problem to whomever supports your computer, and to [email protected] if the incident occurs while you are on the UCSF campus or on a UCSF system.

Since it is possible that someone is controlling the computer remotely, it is best if you can unplug the network cable until you can get help.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide25 l.jpg

What can an attacker do to your

computer?

a) Hide programs that launch attacks

b) Generate large volumes of unwanted traffic, slowing down the entire system

c) Distribute illegal software from your computer

d) Access restricted information (e.g. identity theft)

e) Record all of your keystrokes and get your passwords

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide26 l.jpg

What can an attacker do to your computer?

a) Hide programs that launch attacks

b) Generate large volumes of unwanted traffic, slowing down the entire system

c) Distribute illegal software from your computer

d) Access restricted information (e.g. identity theft)

e) Record all of your keystrokes and get your passwords

ALL OF THE ABOVE!

A compromised computer can be used for all kinds of surprising things.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide27 l.jpg

ProtectingRestricted Data

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide28 l.jpg

Restricted data includes, but is not limited to:

  • Name or first initial and last name

  • Health or medical information

  • Social security numbers

  • Ethnicity or gender

  • Date of birth

  • Financial information (credit card number, bank account number)

  • Proprietary data and copyrighted information

  • Student records protected by FERPA

  • Information subject to a non-disclosure agreement

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide29 l.jpg

Managing Restricted Data

  • Know where this data is stored.

  • Destroy restricted data which is no longer needed ~

    shred or otherwise destroy restricted data before throwing it away

    erase/degauss information before disposing of or re-using drives

  • Protect restricted data that you keep ~

    back-up your data regularly

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide30 l.jpg

Reporting SecurityIncidents

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide31 l.jpg

Immediately report anything unusual, suspected security incidents, or breaches to whomever supports your computer, or OAAIS if it involves a UCSF system.

If you need to contact OAAIS Customer Support:

Dial 1-415-514-4100

(Option 1 for Medical Center, Option 2 for Campus)

web: http://help.ucsf.edu/email: [email protected]

Loss or theft of any computing device at UCSF MUST be reported immediately to the UCSF Police Department. Dial 1-415-476-1414. Report lost or stolen laptops, blackberries, PDAs, cell

phones, flash drives, etc.

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


Slide32 l.jpg

  • ADDITIONAL RESOURCES

  • OAAIS Enterprise Information Security

  • Security Awareness, Training, and Education

  • Security Policies and Guidelines

  • 415-514-3333

  • http://isecurity.ucsf.edu/

  • [email protected]

  • To schedule a training session contact

  • Tiki Maxwell, SATE Manager

  • 415-514-1363 or 415-502-3982

  • [email protected]

  • Customer Support

  • for general questions and information

  • 415-514-4100 (Option 1 for Medical Center, Option 2 for Campus) web: http://help.ucsf.edu/email:[email protected]

OAAIS Enterprise Information Security

Security Awareness, Training & Education (SATE) Program

http://isecurity.ucsf.edu or 415.514-3333


  • Login