Information Security Training for Users with Elevated Privileges to University Systems

1. Information Security Training for Users with Elevated Privileges to University Systems Brought to you by: University Information Security Office

2. The Need ForTraining……. • Statistics show many breaches are caused by insiders: • Intentional • Disgruntled • Inquisitive • Unintentional • Action • Sharing your NetID password • Inaction • Not locking your workstation when away

3. Is It Ever Okay To Share Your NetID Password? • New employee with no access yet? • Student worker to help you with data entry during crunch period? • With your supervisor? • With a co-worker that needs to access something you normally do, but you’re out on medical leave?

4. Watch the following video. . . . • http://security.arizona.edu/sites/default/files/UA_Password_Video_Final_1.flv

5. It’s NEVER okay to share your NetID password • Passwords authenticate a person’s identity • Your roles and permissions can now be accessed by someone else • Anyone authenticating as you = access to anything your access allows (including your personal information) • YOU are responsible for activity (legitimate or illegitimate) occurring while logged into your account!

6. A shared password CAN be misused! • Can be misused by students workers, co-workers, consultants, vendors, or ANYONE • How well do you REALLY know them? • Curiosity + Opportunity can lead to misuse and compromise • “What can I access?” • “This could solve all my problems!”

7. More on the why. . . . Justifying actions? Right and wrong? Unintended consequences Motive or circumstances Opportunity Stress? Curiosity personal. . . . financial. . . . • NetID Password sharing

8. The Opportunity to Compromise. . . . • Integrity - Add, Update or Delete Records • Change grades • Admit or deny admittance for someone • Enter a degree exception requirement • Change Enrollment Deposit Status • Update Lawful Presence Status • Confidentiality and Integrity – View or update • Social Security Numbers • Direct deposit information • Tax information • Benefits information

9. Additional NetID Password Security • DO NOT • Use your NetID password for any other account • Store online (unless encrypted) • Password Manager Programs • KeePass and Password Safe (Windows) • Password Gorilla (Macs) http://www.security.arizona.edu/topten3 • If you must write it down • Store securely - Locked file cabinet • Not filed under “P” for passwords 

10. Lock Computer When Away From Desk • Inaction = Not locking your computer • How long might you be gone? • Did you leave access to: • An application with sensitive data? • Could someone install a keylogger? Windows: Windows + L Or Ctrl-Alt-Delete and select “lock this computer” Macs: Shift (⇧) + Command (⌘) + Q

11. Consequences • Financial and/or reputational loss • Employee may be held responsible for any action or inaction that led to the incident • Disciplinary action up to and including termination • Arizona’s Breach Notification Statute (44-7501) = if the compromise involves SSNs • Could have significant financial and reputational impact

12. End of Awareness Module • Please follow the link below to sign the privileged user agreement. https://request.uaccess.arizona.edu/privilegeduseragreement/