1 / 47

Information Security Office & Home IT Forum October 29, 2009

Information Security Office & Home IT Forum October 29, 2009. Presenters: Diane Jachimowicz – Senior Technology Services Analyst Anthony Maszeroski – Information Security Manager Danielle Morse – Associate Director, Desktop Services. House Keeping. Sign In Sheet Prizes Speakers

mikhail
Download Presentation

Information Security Office & Home IT Forum October 29, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information SecurityOffice & Home IT ForumOctober 29, 2009 Presenters: Diane Jachimowicz – Senior Technology Services Analyst Anthony Maszeroski – Information Security Manager Danielle Morse – Associate Director, Desktop Services

  2. House Keeping • Sign In Sheet • Prizes • Speakers • Top 10 Office Security Tips • Agenda

  3. Agenda • Personally Identifiable Information (PII) • Safer Web Browsing • Office Security • Student Use of Office PC’s • Passwords • Royal Drive • Encryption of Files • USB Encryption • McAfee AntiVirus • Home Tools • Q & A • Announcements/Prizes Awarded

  4. Sensitive Information • Any information which, if disclosed in an unauthorized manner, would cause damage or embarrassment to individuals or the University, or any information classified as internal/confidential or restricted.

  5. Sensitive Information • Loss Criteria • Loss in reputation and public (donor) confidence • Loss of competitive advantages • Increase in operational expenses • Violations of contract agreements • Violations of legal and regulatory requirements • Delayed income costs • Loss in revenue • Loss in productivity

  6. Sensitive Information - Student • Academic Records • Credit / Debit Card Number • Credit / Payment History • Criminal Records • Disciplinary Action • Driver’s License Number / License Plate • Employee Data / Resume (Career Services) • Financial Aid Status • Income or Spending Habits • Insurance Information (e.g., policy #)

  7. Sensitive Information - Student • Public Safety Incident Data • Parent Biographical Data • Scholarship Information • Social Security Number (SSN) • Student Activities • Student Banking Information • Student Biographical Data • Student Counseling Records • Student Health Records

  8. Sensitive Information – Employee • Academic Records • Benefits Coverage • Credit / Debit Card Number • Credit / Payment History • Criminal Records • Disciplinary Action • Driver’s License Number / License Plate • Employee Banking Information

  9. Sensitive Information – Employee • Employee Biographical Data (e.g., spouse/children) • Income or Spending Habits • Payroll • Performance Reviews • Scholarship Information • Social Security Number (SSN) • Tax Information

  10. Sensitive Information - Donor • Academic Information • Credit / Debit Card Number • Credit / Payment History • Donor Banking Information • Donor Biographical Data • Driver’s License Number / License Plate • Event / Ticketing / Travel

  11. Sensitive Information - Donor • Gift Data • Giving Society Memberships • Income or Spending Habits • Insurance Information • Prospect Data • Real Estate / Securities • Social Security Number (SSN)

  12. Sensitive Information – Financial • Accounts Payable Records • Contract Data • Copies / Images of Cleared Checks • Copies / Images of Deposited Checks • Credit Card Data • Expense Reports • Financial Reports

  13. Sensitive Information - Financial • Procurement Data • Tax Data • University Banking Data • University Budgets • University Investment Data • Wire / ACH Instructions

  14. Safer Web Browsing Using Firefox • Intranet (*.scranton.edu) • Internet Explorer 7 • Internet (anything other than *.scranton.edu) • Firefox 3.5.x • Plugin Checker http://www.mozilla.com/en-US/plugincheck/

  15. Office Security • Keep your office locked even if you just step out for a minute • Don’t leave valuables in plain view • Consider taking your laptop home with you • Report suspicious activity immediately • If the building is locked, don’t let someone you don’t know into the building • Don’t become so absorbed in what you are doing that you don’t notice the activity around you • Confidential documents should be put away and not left visible and unattended on work desks

  16. Office Computer Security • Computer screens should be angled so visitors can’t see sensitive information • Shutdown every night • Unplug over holidays • Use Laptop Locks • Backup Storage

  17. Logoff when you leave To Lock Down Windows XP Click Ctrl+Alt+Delete Select "Lock Workstation" This will bring up your login screen and lock your computer down Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down. To Lock Down Windows Vista at home Go to the Start menuAt the bottom right you'll see an icon of a padlockClick it to lock the computer

  18. Student Use of Office Computers • Designated Student Computers • Secure storage space • Check Student PC Periodically • Confidentially Agreements

  19. Why You Need a Secure Password • Authenticate or prove your identity • Malicious e-mail sent in your name • Your password can be used to commit fraud, post child pornography, send spam, make threats, break into other systems, and much more.

  20. Protect Your Password • Select a unique password • Avoid any password with personal information: • Birth date, name, home town, or mother's maiden name • Children’s name, pet's name, or your best friend • Driver's License, phone, address, license plate, social security number, or PIN numbers • Don’t write down your password • Don’t tell anyone your password

  21. Common Password Mistakes changeme password start computer internet ihavenopass mypassword openup scranton Letmein 123456

  22. Creating a Secure Password • Use 9 or more characters • DO NOT use plain dictionary words • Include at least 3 of the following criteria: • lowercase letters • UPPERCASE letters • Numbers • Punctuation • 4S&7yaofb4th

  23. Passwords are like Underwear… • Change Yours Often! • Don't Share Them with Friends! • Be Mysterious! • The Longer the Better! • Don’t Leave Yours Lying Around!

  24. Consider these findings... • More than 40% of all individually-chosen passwords are readily guessed by someone who knows you • 3,000 out of 13,000 passwords cracked • Gaining access to one password often provides access to other systems and accounts

  25. How Passwords are Cracked • Dictionary programs • Changing the default password • Guessable passwords • Commonly-chosen passwords • Short passwords

  26. Tips for strong passwords... • DON'T use your login name in any form • DON'T use a password made up of all digits, or of all the same letter • DON'T use words in the dictionary • DON'T use consecutive or adjacent keys • DON'T use "remember my password features"

  27. Tips for strong passwords... • DO include a mix of upper and lower case, numbers, and punctuation such as HY?j4iP or 3rt!dlP • DO use a password that you can type quickly without having to look at the keyboard • DO change your password regularly

  28. Royal Drive • What is it? • Who should use it?  • How do you get to it? • Why should you use it? • Royal Drive is used in over 120 colleges and universities throughout the country including Georgetown, Boston College, Harvard, Princeton and Yale.

  29. Royal Drive Benefits • Secure Storage • Document Sharing/Collaboration • Intellitach

  30. Encryption • Encryption is the process of encoding data to ensure that unauthorized parties cannot view it. • To accomplish encryption, a key or code provided by you is used to encrypt the data, making encryption difficult to crack. • A few encryption options are readily available to you.

  31. Encryption of Files

  32. USB Encryption

  33. TrueCrypt • Software application used for real-time on-the-fly encryption • Free, open-source software available for Windows 7/Vista/XP, Mac OS X, and Linux • Encrypts an entire partition or storage device such as a USB Flash Device (UFD) or hard drive • Creates a virtual encrypted disk within a file and mounts it as a real disk

  34. TrueCrypt UFD Encryption Service • The TSC does not provide UFDs. You will need to purchase and take a UFD with you. • The encryption process will destroy any existing data on the UFD. • During the encryption process, you will be prompted to enter a password for your device. TSC staff will encourage you to select a password that is 20 characters or more in length. Determining the password you intend to use before you visit the TSC is recommended. • When complete your original UFD will contain an encrypted TrueCrypt volume and TrueCrypt Traveler Disk Software.

  35. McAfee virusScanEnterprise 8.7i

  36. McAfee VirusScan Enterprise

  37. McAfee VirusScan Enterprise

  38. McAfee VirusScan Enterprise

  39. McAfee VirusScan Enterprise

  40. McAfee VirusScan Enterprise

  41. McAfee VirusScan Enterprise

  42. McAfee VirusScan Enterprise

  43. McAfee VirusScan Enterprise

  44. Home Tools • Microsoft Security Essentials • http://www.microsoft.com/Security_Essentials/ • MalwareBytes • http://www.malwarebytes.org/ • SUPERAntiSpyware • http://www.superantispyware.com/ • Secunia PSI • http://secunia.com/vulnerability_scanning/ • CCleaner • http://www.ccleaner.com/

  45. Q &A ???

  46. Next IT Forum Topic: Windows 7 Date: November 24, 2009 Time: 11:30am – 1:00pm Location: BRN 509 RSVP: ITServices@scranton.edu Lunch will be provided

  47. And the Winners are…….

More Related