Click here to load reader

Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and Network Operations “Quinnipiac University Information

  • View
    213

  • Download
    1

Embed Size (px)

Text of Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and...

  • Slide 1
  • Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and Network Operations Quinnipiac University Information Security Tips You Can Take Home
  • Slide 2
  • SEC- -Y The key to Information Security is embedded in the word security People and Process are arguably more important to Information Security than technology. At home you are the Information Security department
  • Slide 3
  • Access to Personal Information Where are your wallets right now? Are your cars locked? Where are your computers right now? Are they locked?
  • Slide 4
  • Opportunities for Abuse To break into a safe, the thief needs to know something about safes. To break into your computer, the hacker only needs to know where to download a program written by someone else who knows something about computers. Identity Theft is the fastest growing crime in the U.S. and it accounts for more than 750,000 victims a year and losses exceeded 2 Billion dollars. Why hack when you can just ask? Please pass your car keys and wallets forward
  • Slide 5
  • In the News Alaska House Passes Personal Information Protection Act With a vote of 35-0, Alaska's House of Representatives has passed HB 65, the Personal Information Protection Act. The bill would require organizations to notify citizens when their personal data are compromised in a security breach. Other provisions in the bill include banning the sale and disclosure of Social Security numbers (SSNs), and allowing consumers to freeze their credit reports. The bill now goes to the Senate. If the legislation passes, Alaska will become the 31st state to have an identity theft law. http://www.forbes.com/feeds/ap/2008/02/28/ap4710415.html Google Health Privacy Concerns The emergence of personal health record management services has raised privacy concerns. Google is piloting one such product - Google Health with the Cleveland Clinic. While the online dossiers offer the convenience of being able to merge health data, they are controlled by consumers, not physicians, and are therefore not protected by the Health Insurance Portability and Accountability Act (HIPAA). Although Google and other entities developing similar products maintain they will offer even more stringent protections than HIPAA's, "the very existence of a detailed health dossier accessible in an instant can make control difficult. http://www.washingtonpost.com/wp-dyn/content/article/2008/02/26/AR2008022602993.htmlhttp://www.washingtonpost.com/wp-dyn/content/article/2008/02/26/AR2008022602993.html Salt Lake Community College has contacted more then 25,000 individuals after it discovered that a stolen laptop may contain usernames and passwords. According to officials, the laptop, stolen from the SLCC's Continuing Community Education office, could contain the login information on up to 1,000 students, faculty and staff members. The login information would allow and individual to access SLCC's "My Page" system which contains information such as Social Security numbers and financial information. Within a few hours of the theft, SLCC staff began contacting individuals, urging them to change their "My Page" passwords. http://www.sltrib.com/news/ci_8375979http://www.sltrib.com/news/ci_8375979
  • Slide 6
  • Principals Confidentiality Integrity Availability Vulnerabilities Weak passwords Missing patches Theft Exploits Phishing Viruses Automobiles What is Information Security?
  • Slide 7
  • What worries you? When you think of the vulnerabilities in the realm of information security, which areas do you think are the most important to you and to Quinnipiac University ?
  • Slide 8
  • How Information Security affects you? A compromised computer provides access to all accounts, keystrokes, and data. Account and keystroke information can then be used to access other resources Operational difficulties (Availability) Email and documents (Confidential) Financial transactions (QUs or yours) Identity theft (Personal Information) Criminal use of computer (SPAM - botnets)
  • Slide 9
  • Be aware or beware Know how to identify a potential issue (healthy vs. sick) Use sound judgment (When in doubt throw it out) Spam, Phishing, Spyware, File sharing (careful what you eat) Learn and practice good security habits Incorporate secure practices into your everyday routine Encourage others to do so as well Antivirus Software, Firewalls and Patches/updates Report anything unusual Notify the appropriate contacts if you become aware of a suspected security incident So How Do We Start?
  • Slide 10
  • Useful Information Security sites Hoax Busters - How to recognize hoaxes, what to do about them, and some of the history of hoaxes on the Internet http://hoaxbusters.ciac.org/recognize hoaxeswhat to do about themhistory of hoaxeshttp://hoaxbusters.ciac.org/ Ad-Aware Spyware detection and removal tool http://www.lavasoft.com/products/ad-aware_se_personal.php http://www.lavasoft.com/products/ad-aware_se_personal.php Microsoft Updates http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us Apple Periodically, Apple releases free updates to your computers software. Software updates include important security updates that eliminate threats to your computer. http://docs.info.apple.com/article.html?path=Mac/10.5/en/8514.html http://docs.info.apple.com/article.html?path=Mac/10.5/en/8514.html Shields Up Checks for vulnerabilities on home systems connected to the internet by Broadband or DSL https://www.grc.com/x/ne.dll?bh0bkyd2https://www.grc.com/x/ne.dll?bh0bkyd2 Symantec Anti-virus checker http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=i e&venid=sym http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=i e&venid=sym
  • Slide 11
  • Protecting Your Children While On-line Family PC should be in a common area, not in child's bedroom Spend time online with your child, whether at home, at the library, or at a computer center in your community. Keep yourself informed about the parental control tools that can help you keep your child safe online.
  • Slide 12
  • Protecting Your Children While On-line continued How to be safe on-line http://www.safekids.com/ Parental Control Software http://www.cybersitter.com/ ISP Parental Controls http://www.aol.com/info/parentcontrol.html At&T, Comcast and Cox also have instructions on Parental Controls on their web sites.
  • Slide 13
  • Final Thoughts Would you recognize an Information Security Incident? Would you know how to and where to report it? Would you choose to do so?
  • Slide 14
  • QU Information Security Contacts Information Security Officer [email protected] 582-3625 or 507- 9348 [email protected] Computer Help Desk 582-Help (4357) Https://myq.quinnipiac.edu/IT%20%20Libraries/Informa tion%20Security/Pages/default.aspx