mandatory online training n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
mandatory online training PowerPoint Presentation
Download Presentation
mandatory online training

Loading in 2 Seconds...

play fullscreen
1 / 33

mandatory online training - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

mandatory online training. intro. why we are doing this why you should care what we hope you get out of this. How does info sec affect me?. need to understand the info sec policy need to follow safe data handling practices, including disposal need to practice safe computing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'mandatory online training' - burian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
intro
intro
  • why we are doing this
  • why you should care
  • what we hope you get out of this
how does info sec affect me
How does info sec affect me?
  • need to understand the info sec policy
  • need to follow safe data handling practices, including disposal
  • need to practice safe computing
university information security policy
University Information Security policy
  • Summarize policy
    • what covered
    • who covered
    • define principles
university information
University Information
  • University Data - Data created or maintained by the University related to carrying out the University's mission. It’s a University resources, owned by the University.
  • Exclusions – Research data, class notes, lesson plans, personal papers, materials covered in the University’s Intellectual Property Policy
defined roles in policy
defined roles in policy
  • cio
  • data oversight
  • data steward
  • university community (faculty, staff, students)
  • info sec department
  • Univ archives
  • audit and advistory
  • procurement
data steward
Data Steward
  • An individual who is responsible for ensuring the confidentiality, integrity, and availability of University information. A Data Steward defines access to and restrictions on use of the information for which he or she is responsible.
  • A data steward also:
    • Ensures the confidentiality, integrity and availability of University data
    • Classifies all University information as Public, Internal, Sensitive, or Highly Sensitive, according to Data Classification Guidelines
univ community
Univ community
  • Protect the privacy and security of University information, applications, computer systems, and networks under their control
  • Adhere to all relevant data handling standards
  • Report suspected violations of this policy to the Director of Information Security or to the appropriate Data Steward
categorization of university data
Categorization of University data
  • Determined by the degree of expected impact on the University or individuals if University information is mishandled.
categories of university data
Categories of University Data
  • Public
  • Internal
  • Sensitive
  • Highly sensitive
data category public
Data category: Public
  • Information intended for public use that, when used as intended and not altered, would have no adverse impact on University operations, University assets, or individuals.
data category internal
Data category: Internal
  • Information not intended for parties outside the University community that, if disclosed, would have minimal or no adverse impact on University operations, University assets or individuals.
data category sensitive
Data category: Sensitive
  • Information that, if mishandled, could be expected to have a serious adverse effect on University operations, University assets or individuals.
data category highly sensitive
Data category: Highly sensitive
  • Information that, if mishandled, could be expected to have a severe or catastrophic adverse effect on University operations, University assets or individuals.
interaction
interaction
  • sorting data by types?
enforcement of info sec policy
Enforcement of info sec policy
  • The University will investigate suspected violations, and may recommend disciplinary action in accordance with University codes of conduct, policies, or applicable laws. Sanctions may include one or more of the following:
    • Suspension or termination of access
    • Disciplinary action up to and including termination of employment
    • Student discipline in accordance with applicable University policy
    • Civil or criminal penalties
transition
Transition?
  • how do we move from Info sec policy to rest of topics?
data handling standards
Data Handling Standards
  • Get permission from data steward for access
  • Use and share info with others only according to standards
safe data handling could be interactive choose correct answers
Safe data handling (could be interactive—choose correct answers)
  • Secure handling procedures:
  • Lock screen when leaving computer
  • Turn monitor from door
  • Keep hard copies locked in desk when not in use
  • Lock your office door when leaving room
  • Never leave hard copies in printer/copier
  • Store electronic files in Netfile
disposal methods
Disposal methods
  • Data/information
    • Shred paper copies
    • Use spy-bot to electronically shred files
  • Technology
    • clean hard drives before disposal
safe computing
Safe computing
  • Includes using tools such as
    • TakeCharge
    • virus protection
    • anti-spyware
    • Use SENF to find files containing sensitive data
    • laptop encryption
  • Safe Web surfing
    • all your precautions can be undone by visiting the wrong site
myths about security
Myths about security
  • No one wants my stuff
  • A little surfing hurts no one
  • The University/OIT is protecting me
points to remember
Points to remember
  • Information Security is an ever evolving responsibility
  • policies are being developed and implemented over time
want more info
Want more info?
  • secure.nd.edu
  • reporting violations
my points
my points
  • Missing:
    • secure work space
presentation issues
presentation issues
  • travel theme
    • road signs (caution signs, stop signs, billboards, street signs, etc.)
    • could use roadmap (sorry!) to mark progression through course
  • interactions
    • click to advance to next slide?
    • questions interspersed with text?
      • how often?
    • does wrong answer send them back or just get right answer told to them?
    • Matching? Multiple choice?
    • do we keep score?
more issues
More issues
  • length
    • this covers topics chosen but seems way too long
    • any ideas on what to cut, if anything?
      • adverse effects maybe?
    • ideas on focus of subsequent training?