/
1 Security Awareness Top Security Issues 1 Security Awareness Top Security Issues

1 Security Awareness Top Security Issues - PowerPoint Presentation

tatyana-admore
tatyana-admore . @tatyana-admore
Follow
374 views
Uploaded On 2018-12-17

1 Security Awareness Top Security Issues - PPT Presentation

INTERNAL USE 2 Top Security Items for 20112012 Passwords Social Networking Phishing Malware Spyware amp Antivirus Confidential Data What is Confidential Data Protection of Mobile Confidential Data ID: 742907

information data security confidential data information confidential security passwords amp cyber mobile malware secure safe computer software number password date flash hard

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "1 Security Awareness Top Security Issues" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

1

Security Awareness

Top Security IssuesSlide2

INTERNAL USE

2

Top Security Items for 2011-2012

Passwords

Social Networking

Phishing

Malware, Spyware, & Anti-virus

Confidential Data

What is Confidential Data?

Protection of Mobile Confidential Data

Computer Disposal & Information Destruction

Regulatory Compliance (FERPA, HIPAA, PCI)

PC Desktop Security

Reporting a Security IncidentSlide3

3

Passwords

First line of security

Password Paradox: use a strong password and remember it.

Password

Strength

depends on Length & Complexity

At least 8 characters long

At least one alphabetic character

A mix of upper and lower case characters

At least one numeric character

At least one special character

Weak

passwords:

rolltide

, crimson4ever,

querty

,

CharlieBrown

, default

Strong

passwords: M00dR!ng32, Cti$atw13!, Zufzy101*

Passwords should be mobile. Change them often, and do not use the same password for all of your accounts.Slide4

4

Social Networking

Online communities like Facebook, Google+, MySpace, and Twitter, that allow people to interact with family, friends, and others who may have similar interests. Some

cautions

include:

Phishing & Identity Theft

Loss of Privacy

Viruses and Malware

Cyberbullying

Other Predators

How to be Cyber Safe

Keep private information private!

Use privacy settings

Only approve friend requests from those you know

Only post info you are comfortable with others seeing

Always make sure you are at the REAL site when entering your credentials

Be skeptical!Slide5

5

Phishing

Phishing is a

type of fraud, usually carried out electronically using eMail, Instant Messaging, or Text Messaging. It seeks to steal private information (such as passwords or bank account/credit card numbers) by posing as a trustworthy party or organization.

How to be Cyber Safe

Never reply to an unsolicited email that asks for personal information

Never click on any links within an unsolicited

eMail

Always visit a commerce or financial institution’s website directly

Never share account information/passwords. It is against UA policy

Regularly check your accounts for unusual activity

Always use common sense and good judgmentSlide6

6

Malware, Spyware, & Antivirus

Malware is malicious code that is designed to secretly access a computer system without the owner’s informed consent. Includes:

viruses

,

worms

,

trojan

horses

,

spyware

,

adware

,

scareware

,

crimeware

,

rootkits

, etc. According to the major antivirus vendors, there were more than 20 million new strains of malware identified in 2010 alone. In 2011, 73,000 new strains of malware created daily according to

Panda Labs.

How to be Cyber Safe

Do not download shareware or freeware from suspicious sites

Do not click on web pop-ups claiming to be anti-virus protection

Keep antivirus and antispyware software up to date

Ensure antivirus software is configured to update automatically

Scan documents for malware when you access files from external devices or import attachments

At UA we use McAfee & manage over 8600 computers via

ePO

.Slide7

7

What is Confidential Data?

Generally,

confidential data

is any information that contains the following elements in conjunction with an individual’s name, birth date, or other identifier:

Social Security number

Credit card number

Driver’s license number

Bank account number

Patient treatment information

How to be Cyber Safe

Scrub old class rosters/student lists of any SSNs used as ID numbers

Ensure research/IRB data is secured with appropriate controls

For students: Protect your personal confidential data

UA houses confidential data in secure systems in a secure data center with appropriate controls

Encrypted at rest and in transitSlide8

8

Mobile Confidential Data

Confidential data

can also be transmitted/stored in mobile devices such as laptops and smart or mobile phones.

How to be Cyber Safe

Be aware of confidential data in files, emails, and attachments

Treat your mobile device like a wallet or purse. It may contain as much personal identity information

Check over your shoulder when in public

Specifically for Laptops

Enable Passwords

UA offers Hard Drive encryption via Checkpoint

USB flash drive encryption via Endpoint

Specifically for Smart/Mobile Phones

Enable screen password

Flash storage cards and SIM cards can hold sensitive data

Remote wipe is available for select phonesSlide9

9

Computer Disposal & Information Destruction

Prior to disposal, computer systems should be sanitized and secured.

Confidential data

can remain “hidden” on old hard drives and may not be cleaned off by the system’s new owner.

How to be Cyber Secure

Prior to disposal, wipe hard drives to ensure confidential data is destroyed. Use Active @

KillDisk

Be aware of any confidential data that you store on external storage like USB Flash Drives, DVDs, CDs, and external hard drives

Destroy unwanted media to ensure they are securedSlide10

10

Confidential Data & Regulatory Compliance

UA is required to comply with federal regulations regarding the handling of particular types of confidential information:

HIPPA:

Use and disclosure of protected health information

FERPA

: Use and disclosure of protected student information

PCI DSS:

Merchant compliance with payment card industry data security services

How to be Cyber Secure

Attend basic security training annually (in process)

If you use patient treatment data or have access to a facility that contains patient treatment information: HIPAA annual training and acknowledgement

If you use student records of current students: FERPA training

If you process credit cards for customers: PCI Slide11

11

PC Desktop Security

Most security incidents are caused by flaws in software called

vulnerabilities

. According to Symantec statistics, the number of new vulnerabilities reported has increased to 6,253 in 2010 from over 1,914 vendors. This included 14 zero day vulnerabilities in products such as Internet Explorer, Adobe Reader and Adobe Flash.

How to be Cyber Secure

Keep your Operating System and other software up to date on security patches

Keep your anti-virus software up to date

Turn on your local Windows Firewall

Backup your system and files periodically

Be mindful of the web sites you visit

Lock your PC whenever you are away from your desk

Set a secure screen saver that auto-locks after 15 idle minutes

Use

strong

passwords for all your accountsSlide12

12

Reporting a Security Incident

Please contact the

OIT Service Desk

(348-5555) or send an email to

security@ua.edu

to report any of the following:

 

Suspected compromise of a UA information technology system

Suspected unauthorized disclosure of Confidential data or internal use only data

Suspected unauthorized use of your

bama

, e-mail, or network account

Misuse of information technology resources

Stolen or vandalized information technology owned by UA

General suspicious computer activity or concerns

For more information regarding safe on-line practices, go to

http://cybersafe.ua.edu

,

http://oit.ua.edu/security

or

http://onguardonline.gov

. Slide13

13

Questions/Comments

Security is everyone’s responsibility….