1 / 13

Information Systems Security

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager.

nydia
Download Presentation

Information Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Systems SecurityNew Faculty Orientation DayQueen’s UniversityAugust 2011George Farah, GIAC/GSEC Gold, CRISC, CISA University Information Systems Security Manager

  2. Information Systems Security has become a significant concern for the reputation of our institution due to increasing threats. We must therefore make special efforts to: • protect Queen’s administrative, teaching, research, and personal and confidential systems and information; • enable Queen’s staff, faculty, students and researchers to perform their computing activities securely in support of the mission of the University; and • adhere to increasing regulatory and compliance requirements (privacy legislation such as FIPPA, PHIPA, etc). Information Systems Security Why?

  3. Today’s Growing & Changing Threat Model Increased number and changing nature of attacks: Source: Gartner Dataquest

  4. Why Do I Need To Know About Information Security? Scenario #1: A faculty member/researcher calls IT support to say they lost their research data due to a hack. Consider these real world scenarios:

  5. Scenario #2: A faculty member/clinician wants to know how to remove a virus/Trojan from his/her system or lab computers. Why Do I Need To Know About Information Security?

  6. Scenario #3: A faculty member is doing research using data related to human subjects. The dataset contains personal and confidential information. The faculty member/researcher wants to know how to protect the system or application he/she is building to avoid issues with data integrity, confidentiality, and legal liability under PHIPA. Why Do I Need To Know About Information Security?

  7. Scenario #4: A faculty member/researcher/physician wants to know how to protect sensitive patient data on their laptop while they travel. Privacy requirements as per Queen’s policy, Office of the Privacy Commissioner and FIPPA is to encrypt personal data. Why Do I Need To Know About Information Security?

  8. Scenario #5: A faculty member used their dog’s name, “Poodle”, as the password for their Queen’s NetID. Weak passwords can be cracked very easily nowadays. Why Do I Need To Know About Information Security?

  9. Scenario #6: A faculty member responds to a hoax or phishing email by providing their user ID and password, making them vulnerable to identity theft. Why Do I Need To Know About Information Security?

  10. Scenario #7: ITServices gets notified by an external party (e.g. bank or government agency) that a Queen’s computer system has been compromised and is being used for malicious purposes (SPAM and other forms of computer attacks such as phishing). A review reveals that the computer system belongs to a faculty member and that the system has been compromised without his/her knowledge. Why Do I Need To Know About Information Security?

  11. Information Security Website • Queen’s IT Security policies, standards and guidelines • Education and awareness offerings - Safe Computing Course • Security information such as the Golden Rules of Safe Computing, secure disposal of data, and securing network printers • Links to available security software (e.g. free antivirus software) • Security services such as systems security assessments, hard drive destruction and disposal, and SSL certificates …and much more • www.queensu.ca/its/security • Queen’s ITServices can help Visit the Information Security website for information on:

  12. Queen’s University New Faculty Orientation DayThank You George Farah, GIAC/GSEC Gold, CRISC, CISAUniversity Information Systems Security Manager613 533 2638 or ext. 32638george.farah@queensu.caQ & A

More Related