1 / 14

Information Security at ASU

Information Security at ASU. Tina Thorstenson Chief Information Security Officer University Technology Office infosec@asu.edu. information security program. data breach statistics. 50% resulted from hacking 49% incorporated malware 29 % involved physical attacks

cholena-harris
Download Presentation

Information Security at ASU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security at ASU Tina Thorstenson Chief Information Security Officer University Technology Office infosec@asu.edu

  2. information security program

  3. data breach statistics 50%resulted from hacking 49% incorporated malware 29% involved physical attacks 17% resulted from privilege misuse 11% employed social tactics 2011 Data Breach Investigations Report

  4. databreaches • Thousands of new users come on our network each year, with thousands more departing • We support nearly every kind of device on the consumer market • Our large population of the younger generation that’s more likely to to take risks online • Our IT organizations are largely decentralized which makes it difficult to deploy standard technologies or adopt standard policies Why University Security Matters The Privacy Rights Clearinghouse tracks thousands of breaches involving millions of individual records

  5. report security events • To report an event or incident, contact the ASU Help Desk at 1-855-278-5080. • For events that do not require an immediate response, email the Information Security Team directly at infosec@asu.eduor visit getprotected.asu.edu.

  6. securing our community

  7. best practices • keep it under wraps: don’t share your password • length is strength: guess proof your passwords • update often: stay safe with anti-virus, anti-spyware & anti-malware • don’t get hooked like a phish: beware anonymous emails

  8. best practices • be careful where you surf: some websites are harmful • if you don’t need it, delete it: trash unnecessary data • protect with pins & passwords: use pins and passwords to secure your computer, phone & other mobile devices • encryption is key: encrypt your computer, flash drive, phone & other mobile devices to prevent others from stealing your data

  9. tips & tricks (for department systems & servers) • Review systems and accounts for unnecessary access. • Review server and system logs regularly. Set system automated alerts for unusual activity. • Set your browser to block pop-ups, flash movies, scripts, etc. Most tools will let you whitelist the good stuff with a click or two. • Keep systems patched; apply vendor security maintenance promptly.

  10. useful links ASU’s Get Protected website has all this and more… • phishing alerts • data handling standard • training information • rotating videos • “ask a question” service • incident response

  11. projects in progress • Additional Security for Personally Identifiable Information • Emergency Response Improvements • ASURITE Password Improvements • Laptop Encryption • Historical Sensitive Data Cleanup • Core Application Security • Email Security • Mobile Device Security

  12. projects in progress • Asset Registration and Network Segmentation • Secure wireless network • Network registration and segmentation • Credit Card processing improvements (PCI compliance) • Privileged Administrator Account Access Review • Data Oversight Implementation • Defining Data Stewards • Clarifying Department Data Steward Responsibilities • Access to University Technology Resources & Services • Policy • Procedure • Implementation Plan

  13. questions? Tina Thorstenson Chief Information Security Officer University Technology Office infosec@asu.edu

More Related