1 / 12

Information Security Training for Users with Elevated Privileges to University Systems

Information Security Training for Users with Elevated Privileges to University Systems . Brought to you by: University Information Security Office. The Need For Training……. Statistics show many breaches are caused by insiders: Intentional Disgruntled Inquisitive Unintentional

berit
Download Presentation

Information Security Training for Users with Elevated Privileges to University Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Security Training for Users with Elevated Privileges to University Systems Brought to you by: University Information Security Office

  2. The Need ForTraining……. • Statistics show many breaches are caused by insiders: • Intentional • Disgruntled • Inquisitive • Unintentional • Action • Sharing your NetID password • Inaction • Not locking your workstation when away

  3. Is It Ever Okay To Share Your NetID Password? • New employee with no access yet? • Student worker to help you with data entry during crunch period? • With your supervisor? • With a co-worker that needs to access something you normally do, but you’re out on medical leave?

  4. Watch the following video. . . . • http://security.arizona.edu/sites/default/files/UA_Password_Video_Final_1.flv

  5. It’s NEVER okay to share your NetID password • Passwords authenticate a person’s identity • Your roles and permissions can now be accessed by someone else • Anyone authenticating as you = access to anything your access allows (including your personal information) • YOU are responsible for activity (legitimate or illegitimate) occurring while logged into your account!

  6. A shared password CAN be misused! • Can be misused by students workers, co-workers, consultants, vendors, or ANYONE • How well do you REALLY know them? • Curiosity + Opportunity can lead to misuse and compromise • “What can I access?” • “This could solve all my problems!”

  7. More on the why. . . . Justifying actions? Right and wrong? Unintended consequences Motive or circumstances Opportunity Stress? Curiosity personal. . . . financial. . . . • NetID Password sharing

  8. The Opportunity to Compromise. . . . • Integrity - Add, Update or Delete Records • Change grades • Admit or deny admittance for someone • Enter a degree exception requirement • Change Enrollment Deposit Status • Update Lawful Presence Status • Confidentiality and Integrity – View or update • Social Security Numbers • Direct deposit information • Tax information • Benefits information

  9. Additional NetID Password Security • DO NOT • Use your NetID password for any other account • Store online (unless encrypted) • Password Manager Programs • KeePass and Password Safe (Windows) • Password Gorilla (Macs) http://www.security.arizona.edu/topten3 • If you must write it down • Store securely - Locked file cabinet • Not filed under “P” for passwords 

  10. Lock Computer When Away From Desk • Inaction = Not locking your computer • How long might you be gone? • Did you leave access to: • An application with sensitive data? • Could someone install a keylogger? Windows: Windows + L Or Ctrl-Alt-Delete and select “lock this computer” Macs: Shift (⇧) + Command (⌘) + Q

  11. Consequences • Financial and/or reputational loss • Employee may be held responsible for any action or inaction that led to the incident • Disciplinary action up to and including termination • Arizona’s Breach Notification Statute (44-7501) = if the compromise involves SSNs • Could have significant financial and reputational impact

  12. End of Awareness Module • Please follow the link below to sign the privileged user agreement. https://request.uaccess.arizona.edu/privilegeduseragreement/

More Related