180 likes | 377 Views
Information Systems Security for the Special Educator. MGMT 636 – Information Systems Security. Overview. Awareness of information systems security in work and at home. Basic understanding of security techniques that can be implemented in both the work environment and at home.
E N D
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security
Overview • Awareness of information systems security in work and at home. • Basic understanding of security techniques that can be implemented in both the work environment and at home.
Legal Environment • FERPA • Family Educational Rights and Privacy Act L.S. v. Mount Olive Board of Education (New Jersey) • 11th grade English class studying The Catcher in the Rye. • An assignment required students to create a psychological profile of the main character. • The teacher obtained a real psychological profile from the school’s psychologist to use as an example. • Even though the profile was redacted, a student deduced that the profile was his friend’s psychological profile.
Legal Environment • FERPA • L.S. v. Mount Olive Board of Education (New Jersey) • The court ruled that the teacher and the school’s psychologist could be personally sued under 42 U.S.C. § 1983: Civil action for deprivation of rights. • Extreme case due to negligence.
Work Computing Environment • District and school policies concerning information systems security. • Know your data. • Schools provide protection infrastructure. • Firewalls to protect networked computers. • School assumes risk in case of a security breach, unless negligence is found.
Protecting Your Computer • Password protect your computer. • Lock computer when away. • Use username and password to login. • Do not share password or accounts. • Do not allow others use your computer while you are logged in. • Someone could e-mail parents, students, your boss.
Protect Your Files • MS Office: 2010 offers AES 128-bit advanced encryption. • iWork offers encryption. • File encryption software. • Third party software. • Requires being able to add software to computer.
Encryption • Benefits • “Scrambles data” making it unusable in it’s encrypted state. • Downfalls • Forgotten password. • Business continuity.
Password Construction • In order to understand solid password creation, it is important to understand the three basic techniques to “crack” a password.
Three Basic File Hacking Techniques • Shoulder surfing and social engineering. • Brute force attack. • A properly designed password can make this technique take a million years to crack. • Dictionary attack. • Avoid common words and combinations. • Avoid common password security techniques. • i=!, i=1, a=@, and etcetera.
Password Construction • The longer the better. • What is a bit and what does it mean? • Using a passphrase. “and she's climbing the stairway to heaven”
Password Construction The Next Level • Multi-Factor Authentication • Goes beyond username and password. • Requires additional information that only the user would know (knowledge factor). • Increases security. Used by banks and credit reporting agencies. • Questions such as “Name of your first pet” or “Name of company that holds your home mortgage”.
Taking Work Home • Risk transference. • You are now responsible for data security. • Does this violate security policies? • Transportation of data. • Flash Drive • SanDisk Cruzer offers software to encrypt the entire flash drive (SanDisk Secure Access). • E-Mail: Not highly secure on its own. • Laptop: Whole device could be stolen.
Home Networking Security The firewall is the first line of defense. • Decent router with firewall. • Wi-Fi with good encryption protocols and a strong password.
Personal Devices Risks • Text messaging. • E-mail. • Loss of device or laptop. • Password protect entire device. • Google’s pattern lock.
Questions? Questions?