90 likes | 252 Views
Welcome to New Hire Orientation Information Security. Information Security Awareness Training. UMMS Information Security CWM Office of Compliance & Review. What is Information Security?. Info Sec is the protection of data in all forms. Electronic files Static files
E N D
Welcome to New Hire Orientation Information Security
Information Security Awareness Training UMMS Information Security CWM Office of Compliance & Review
What is Information Security? Info Sec is the protection of data in all forms • Electronic files • Static files • Database files • Paper documents • Printed materials • Hand written notes • Photographs • Recordings • Video recordings • Audio recordings • Conversations • Telephone • Cell phone • Face to face • Messages • Email • Fax • Video • Instant messages • Paper messages
Why is this Important? • A data breach could result in: • Requirement to report the loss • HIPAA, FERPA, MGL c.93H, PCI, SOX, others • Civil and criminal penalties • Damage to organizational reputation • Loss of revenue • Individual accountability
Isn’t this just a technical problem? • Technology defenses comprise roughly 15% of our controls • Technical controls often cannot compensate for user’s behavior • Cyber-criminals focus on users as a weak link in security • Having a security-aware workforce is a requirement in today’s threat landscape
What are the risks? Evolving “Threat Landscape” • Older attacks targeted infrastructure • Modern attacks target users Nature of threat landscape • Over 90% of Cyber thieves are affiliated with organized crime • Their sophistication rivals those of commercial software vendors Methods of infection • Cyber thieves attack high-volume web sites • Computers that visit the site become infected • Email-borne ‘malware’ • Infected machine “phones home” to say I’m infected • Use the infected computer to strengthen their hold on the organization Amateurs target systems, Professionals target users --Kevin Mitnick
What can I do? • Become aware of cyber threats • Understand that YOU are often the front line of defense against cyber threats • Understand data sensitivity and how to manage data appropriately • Safeguard information that is entrusted to you • Report suspected InfoSec incidents
Security Resources • On-line security awareness course: http://onlinetraining.umassmed.edu/infosecreg/event/event_info.html • UMMS IS Help Desk 508-856-8643 • CWM Office of Compliance and Review 508-856-6547