1 / 13

Financial Services Workshop Margaret Umphrey ECU Information Security Officer itsecurity@ecu.edu March 12, 2014

Financial Services Workshop Margaret Umphrey ECU Information Security Officer itsecurity@ecu.edu March 12, 2014. Information Security.

london
Download Presentation

Financial Services Workshop Margaret Umphrey ECU Information Security Officer itsecurity@ecu.edu March 12, 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Financial Services Workshop Margaret Umphrey ECU Information Security Officer itsecurity@ecu.edu March 12, 2014 IT Security, East Carolina University

  2. Information Security Enabling your information systems to provide the services required to meet your instructional and research goals, while protecting the critical information entrusted to you IT Security, East Carolina University

  3. Test Your Awareness Skills • It is ok to share my login and password with my supervisor in order access my data when I’m out of the office . • It is ok to access my ECU email on my smartphone even though I don’t have a password. • Should I inform the Helpdesk if I lose my personal smartphone? • I love my IPAD to access ECU email! Since my ECU email has a password, it’s not important to have a pw on my IPAD. • If others school use a PCI compliant solution, I don’t need to get approval to use the same solution. IT Security, East Carolina University

  4. Information Security Tips • Use strong passwords and do not share them with ANYONE • Lock your computer (Ctrl-Alt-Del) when not in use • Lock office doors, drawers, and cabinets where sensitive information is stored • Never leave your laptop unattended in public • Encrypt all portable devices IT Security, East Carolina University

  5. Information Security Tips • Consider consequences of downloading data from the ECU administrative systems (Banner, Blackboard, Electronic Health Record (EHR), etc. • Do not download ECU sensitive data (e.g. financial, student, patient, legal, HR) to unencrypted local devices (desktop computer, laptop, flash drive, smartphone, web pages, CLOUD, etc.) IT Security, East Carolina University

  6. Information Security Tips • Password protect your smartphone • Be cognizant that emails on a lost smartphone can be accessible to anyone who finds it • Report to the helpdesk lost or stolen smartphone containing ECU data (inclusive of email) IT Security, East Carolina University

  7. Information Security Tips • Use Pirate Drive, or ITCS supported servers if you must download or store sensitive data • Ensure you are aware of the compliance requirements for protecting your data (e.g. PCI, UNC- FIT, GLBA, FERPA, HIPAA, Legal, etc.) IT Security, East Carolina University

  8. Information Security Tips • Encrypt sensitive data (e.g. student, patient, legal, HR) in storage and transmission (via email, file transfer to other agencies, portable devices, etc.) • Physically secure both electronic and paper files • Do not store backup copies of sensitive information on unencrypted storage devices (e. g. flash drives, CDs, home PC, etc.) IT Security, East Carolina University

  9. Information Security Tips • Limit the services or tasks performed on your computer that are used to enter or processed sensitive data (e.g. web surfing, downloading “free apps”, Facetime) • If working from home, store your data on Pirate Drive and access through the virtual private network (VPN)- (data in one secure location and backed up daily) • If you have a laptop or ECU issued computer to work from home, use it rather than the family computer IT Security, East Carolina University

  10. Information Security Tips • Ensure all data are appropriately destroyed when no longer needed • Address non-compliance of others in your department • Encourage Awareness Training for all IT Security, East Carolina University

  11. Information Security - ITCS • Updating Information Security Policies, Standards and Best Practices • Server Administrators’ Security Best Practices • Best Practices for Other Areas • Educational and Awareness Training Program • Exploring Information Security Subject Matter Experts (SME) • IT Staffing Plan to Address IT Purchase Review IT Security, East Carolina University

  12. Information Security - ITCS • Requiring Pin for Smartphone Outlook Access • Flagging Sensitive Data Transmitted External to ECU • Sensitive Data Scanner to find sensitive data • Mobile Device Management for Smartphone • Network Access Control for enhanced security • Log Management for audit logs • Internal Dropbox solution IT Security, East Carolina University

  13. Resources • ITCS www.ecu.edu/ITCS • IT Security www.ecu.edu/itsecurity • Pirate Drive www.ecu.edu/piratedrive • ITCS Helpdesk @ 252-328-9866 • Assistance and Consultation IT Security, East Carolina University

More Related