1 / 21

Information Security

Information Security. Information Security. Overview. Information Security We must meet strict confidentiality standards for certain information We must safeguard business/confidential information we deal with day-to-day

foy
Download Presentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security

  2. Information Security

  3. Overview • Information Security • We must meet strict confidentiality standards for certain information • We must safeguard business/confidential information we deal with day-to-day • Policy is intended to help us protect information we deal with, handle it responsibly and keep it confidential • Policy is based on — • Prudent and responsible business practices • Contractual obligations • Laws and regulations

  4. Electronic ID and Passwords • Confidential information must remain secure at all times • Access to confidential information is granted on "need-to-know“ basis • You have level of access needed to perform your job duties User ID/password is your electronic identity Protect your password at all times — even from your co-workers Lost/stolen password can compromise confidentiality and lead to identity theft

  5. Pop Quiz! • Roz hates to think of passwords and makes her latest password "u9gi'y/8o" by just letting her fingers glide over the keyboard randomly. Is this password strong or weak? • Strong. • Weak.

  6. Avoiding Identity Theft • To avoid identity theft — • Memorize passwords — don't write them down • Use password that is not immediately associated with you • Make password hard to crack • Never let anyone "borrow" your password • People who use your password to access organization’s information are intruders who should be reported to your supervisor or IT Department

  7. Avoiding Identity Theft (cont’d) • To avoid identity theft — • Memorize passwords — don't write them down • Use password that is not immediately associated with you • Make password hard to crack • Never let anyone "borrow" your password • People who use your password to access Company information are intruders who should be reported to your supervisor or IT Department

  8. Information Classification • Information is divided into four classes: • Restricted — e.g., passwords • Confidential — protected health information; personal, confidential and business-confidential information • Internal — personal and business information for internal use only • Public Restricted and confidential information must be encrypted. Confidential information must not be left unattended on fax machines, desktops or computer screens. Business confidential information must not be disclosed to anyone who has not signed a nondisclosure agreement

  9. Special Note…

  10. Computer Viruses and Hoaxes • Computer viruses, worms and Trojan horses can damage our information assets • Contact IT Department immediately if you think your computer is infected Malicious code infects computer networks through — • E-mail attachments • CD-ROMs or other storage media • Downloads from the Internet Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

  11. Computer Viruses and Hoaxes (cont’d) • Computer viruses, worms and Trojan horses can damage our information assets • Contact IT Department immediately if you think your computer is infected Malicious code infects computer networks through — • E-mail attachments • CD-ROMs or other storage media • Downloads from the Internet Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

  12. Using Our E-Communication Systems • Our e-communication systems are to be used primarily for conducting Company business • You should have no expectation of privacy when using them • Activities prohibited on our e-communication systems: • Pornography, obscene material or offensive language • Excessive personal use • Inappropriate comments about characteristics protected by law • Material that would reflect poorly on the Company • Other content that violates any law or regulation

  13. Extra E-mail Precautions • Keep these e-mail precautions in mind: • Spam — delete junk-mail received your work e-mail account • Questionable attachments — be careful about opening attachments unless you know sender and contents of attachment

  14. Workspace Security • Workspace-security tips: • Beware of "Tailgaters" in Secure Facilities • Don't hold a door open for strangers • Report incidents of unauthorized entry to security • Protect Your Work Area • Secure all media containing confidential information when not in use • Shred confidential/sensitive information that you need to dispose of • Use screensavers with passwords • Lock your computer when you are away from it

  15. In the news…

  16. Social Engineering • There are many low-tech ways — called social engineering — used to gain unauthorized access to confidential information: • Impersonating an authorized person online, by phone or even in person • Coaxing information out of employees by preying on their trust, charming them or flirting • Rigging the system, offering to "fix it," then accessing passwords in the course of repairing it • Entering work area and looking over people's shoulders to see passwords • Sifting through unshredded documents in trash

  17. Pop Quiz! • Sean took some work home with him. He decided to clean out his briefcase and dispose of some old memos and an out dated employee phone list in the recycling bin behind his apartment building. Sean didn't bother shredding any of the old paperwork because he was sure it contained no confidential information. Were there any security concerns here? • No, if he was sure that the documents contained no confidential information. • Yes, because the information could be useful to hackers. • Maybe, if the documents contained information that was not totally out of date.

  18. Business Continuity Plans • Business Continuity Plans are designed to prevent or reduce downtime in event of catastrophe • You are responsible for — • Reviewing/understanding your department's BCP and making necessary preparations • Backing up and storing information assets in authorized manner • Knowing location of fire exits and escape routes • Having alternate method of coming to work

  19. Final Quiz

  20. Questions?

  21. Thank you for participating! This course and the related materials were developed by WeComply, Inc. and the Association of Corporate Counsel.

More Related