1 / 26

Information Security: Everyone is Responsible

Information Security: New Employee Orientation. Information Security: Everyone is Responsible. Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences Center. Information Security: Outcome Statement.

ina
Download Presentation

Information Security: Everyone is Responsible

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security: New Employee Orientation Information Security:Everyone is Responsible Presented by: Information Technology - Information Security ServicesUniversity of Oklahoma Health Sciences Center

  2. Information Security: Outcome Statement At the conclusion of this presentation you should be able to: Define Information Security Identify threats State safe practices Know where to report an incident

  3. Information Security: What is it? Why? • Information Security is: • Protection of information from threats • Goals of Information Security: • Ensure Business Continuity • Minimize Risk • Maximize Return on Investment

  4. Information Security: Three Tenants • Confidentiality Information is disclosed only to those authorized • Availability Information is accessible when required • Integrity Information is accurate, authentic, complete and reliable. The right data to the right people at the right time

  5. Information Security: What does it Protect… • Patient Information • Personal Identifiable Information • Our Identity • Our reputation

  6. Information Security: Threats • Malware • Viruses • Worms • Spyware • Trojans • Social Engineering • Phishing • Spear Phishing • Spam

  7. Information Security: E-mail Threat • 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM • 27,735,000 malicious e-mails blocked from delivery to OUHSC in a month

  8. Information Security: Safe Practices for E-mail • Do not open unsolicited email or attachments • Do not reply to SPAM • Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business • Place a confidentiality notice in your signature block

  9. Information Security: Malicious Software threat • Malicious software downloads from the web • Spyware • Trojan Horse • Key Loggers • 1 in 10 web sites attempt to download software without permission

  10. Information Security: Safe Practices for the Internet • Set higher security settings in your browser • Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.) • Avoid Game Sites and sites that require you to fill out online forms • Install a spyware removal tool • Always remember that your computer is a business tool

  11. Information Security: Employee Responsibilities • Use resources appropriately • Protect your user-id and system • Only access information that pertains to your job function • Policies, Procedures, local, state and federal laws • Be responsible

  12. Information Security: Password Management • Protect It! Memorize It! • Use Strong Passwords • At least 8 characters • No personal information • No dictionary words • Use 3 of 4 character types • Upper case letters • Lower case letters • Numbers • Special Characters (!@#$%^&*)

  13. Information Security: Password Management • Create “Passphrases” • Make it memorable • Use a secret code • Examples: • “il2pBB@6:30”: I like to play basketball at 6:30 • “LMissMs04t”: Little Miss Muffet sat on a tuffet • “RedPensTalk2WhiteG@tors”: made up phrase

  14. Information Security: Regulatory Compliance • HIPAA – Healthcare Insurance Portability and Accountability Act • Protected Health Information “PHI” • PCI DSS – Payment Card Industry Data Security Standards • Protects cardholder data • GLBA – Gramm-Leach-Bliley Act • Protects consumers’ personal financial information

  15. Information Security: Safe Practice- Follow Policies • Follow policies to help protect your data • It’s the LAW • See http://it.ouhsc.edu/policies/

  16. Information Security: Incident Response • Types of Incidents • Suspicious email (spam or phishing attacks) • Viruses (usually via email) • Sharing of authentication (passwords or privileges) • Attempts to gain unauthorized access • Unauthorized modifications of files and records • Attaching unapproved devices to the network • Abuse of authority or privilege • Theft

  17. Information Security: Incident Response • How to report an Incident • Information Security Services should be notified immediately of an information security incident. • Information Security Incidents can be reported in the following methods: • Contact the Service Desk at 405.271.2203 • Email: servicedesk@ouhsc.edu • Contact the Information Security Services office at 405.271.2476 • Email: itsecurity@ouhsc.edu • Website: http://it.ouhsc.edu/services/infosecurity/

  18. Information Security: Safe practices summary • Antivirus updates (daily) • Security patches (monthly) • Data backups (daily) • Browser security settings • Avoid unknown software from the Internet • Personal Firewall protection installed • Email caution • Report suspicious activity

  19. Information Security: Stay Safe Online • Information Security • http://www.sans.org • http://www.sans.org/tip_of_the_day.php • http://www.microsoft.com/protect/yourself/password/checker.mspx • Free Anti-Virus and Anti-Spyware Tools • http://free.grisoft.com • http://www.comodo.com • http://www.safer-networking.org/en/index.html • Online Safety • http://www.staysafeonline.org • Identity Theft • http://www.privacyrights.org • http://www.usdoj.gov/criminal/fraud/websites/idtheft.html

  20. Information Security: Quiz Quiz Time… 1. What is Information Security? The protection of information from threats

  21. Information Security: Quiz Quiz Time… • 2. I have a responsibility to protect what two aspects of information security at OUHSC? • Confidentiality and Integrity • Confidentiality and Availability • Integrity and Availability • I am not responsible for information security at OUHSC

  22. Information Security: Quiz Quiz Time… • 3. When I receive an email with an attachment from someone I do not know, I should… • Open it immediately to find out what it says • Forward it to my friends and family • Just delete it • Unsubscribe

  23. Information Security: Quiz Quiz Time… • 4. How do I report an incident? • Contact the Service Desk • Contact Information Security • Go to Website: http://it.ouhsc.edu/services/infosecurity/ • All of the above

  24. Information Security: Quiz Quiz Time… • 5. What is the best way to remember your password? • Write it down and hide it under the keyboard • Share it with a coworker so he/she can help when you forget it • Memorize it • Create a simple password, like abc123

  25. Information Security: Quiz Quiz Time… Bonus What are the characteristics of a complex password?

  26. Information Security: Thank You

More Related