140 likes | 335 Views
“Quinnipiac University Information Security Tips You Can Take Home”. Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and Network Operations. The key to Information Security is embedded in the word security. SEC- -Y. U - R - IT.
E N D
“Quinnipiac University Information Security Tips You Can Take Home” Brian Kelly, CISSP, CISM, MSIAInformation Security OfficerDirector of Information Security and Network Operations
The key to Information Security is embedded in the word security SEC--Y U - R - IT At home you are the Information Security department People and Process are arguably more important to Information Security than technology.
Where are your wallets right now? • Are your cars locked? • Where are your computers right now? Are they locked? Access to Personal Information…
Opportunities for Abuse… • To break into a safe, the thief needs to know something about safes. • To break into your computer, the hacker only needs to know where to download a program written by someone else who knows something about computers. • Identity Theft is the fastest growing crime in the U.S. and it accounts for more than 750,000 victims a year and losses exceeded 2 Billion dollars. • Why hack when you can just ask? • Please pass your car keys and wallets forward…
In the News • Alaska House Passes Personal Information Protection Act With a vote of 35-0, Alaska's House of Representatives has passed HB 65, the Personal Information Protection Act. The bill would require organizations to notify citizens when their personal data are compromised in a security breach. Other provisions in the bill include banning the sale and disclosure of Social Security numbers (SSNs), and allowing consumers to freeze their credit reports. The bill now goes to the Senate. If the legislation passes, Alaska will become the 31st state to have an identity theft law. http://www.forbes.com/feeds/ap/2008/02/28/ap4710415.html • Google Health Privacy Concerns The emergence of personal health record management services has raised privacy concerns. Google is piloting one such product - Google Health with the Cleveland Clinic. While the online dossiers offer the convenience of being able to merge health data, they are controlled by consumers, not physicians, and are therefore not protected by the Health Insurance Portability and Accountability Act (HIPAA). Although Google and other entities developing similar products maintain they will offer even more stringent protections than HIPAA's, "the very existence of a detailed health dossier accessible in an instant can make control difficult.“http://www.washingtonpost.com/wp-dyn/content/article/2008/02/26/AR2008022602993.html • Salt Lake Community College has contacted more then 25,000 individuals after it discovered that a stolen laptop may contain usernames and passwords. According to officials, the laptop, stolen from the SLCC's Continuing Community Education office, could contain the login information on up to 1,000 students, faculty and staff members. The login information would allow and individual to access SLCC's "My Page" system which contains information such as Social Security numbers and financial information. Within a few hours of the theft, SLCC staff began contacting individuals, urging them to change their "My Page" passwords. http://www.sltrib.com/news/ci_8375979
What worries you? When you think of the vulnerabilities in the realm of information security, which areas do you think are the most important to you and to Quinnipiac University ?
How Information Security affects you? • A compromised computer provides access to all accounts, keystrokes, and data. • Account and keystroke information can then be used to access other resources • Operational difficulties (Availability) • Email and documents (Confidential) • Financial transactions (QU’s or yours) • Identity theft (Personal Information) • Criminal use of computer (SPAM - botnets)
So How Do We Start? Be aware or beware • Know how to identify a potential issue (healthy vs. sick) • Use sound judgment (When in doubt – throw it out) • Spam, Phishing, Spyware, File sharing (careful what you eat) Learn and practice good security habits • Incorporate secure practices into your everyday routine • Encourage others to do so as well • Antivirus Software, Firewalls and Patches/updates Report anything unusual • Notify the appropriate contacts if you become aware of a suspected security incident
Useful Information Security sites • Hoax Busters - How to recognize hoaxes, what to do about them, and some of the history of hoaxes on the Internet http://hoaxbusters.ciac.org/ • Ad-Aware – Spyware detection and removal toolhttp://www.lavasoft.com/products/ad-aware_se_personal.php • Microsoft Updates http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us • Apple – Periodically, Apple releases free updates to your computer’s software. Software updates include important security updates that eliminate threats to your computer. http://docs.info.apple.com/article.html?path=Mac/10.5/en/8514.html • Shields Up – Checks for vulnerabilities on home systems connected to the internet by Broadband or DSL https://www.grc.com/x/ne.dll?bh0bkyd2 • Symantec – Anti-virus checker http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Protecting Your Children While On-line • Family PC should be in a common area, not in child's bedroom • Spend time online with your child, whether at home, at the library, or at a computer center in your community. • Keep yourself informed about the parental control tools that can help you keep your child safe online.
Protecting Your Children While On-line …continued • How to be safe on-line • http://www.safekids.com/ • Parental Control Software • http://www.cybersitter.com/ • ISP Parental Controls • http://www.aol.com/info/parentcontrol.html • At&T, Comcast and Cox also have instructions on Parental Controls on their web sites.
Final Thoughts Would you recognize an Information Security Incident? Would you know how to and where to report it? Would you choose to do so?
Information Security Officer Brian.Kelly@quinnipiac.edu 582-3625 or 507- 9348 IS-Security@quinnipiac.edu Computer Help Desk 582-Help (4357) Https://myq.quinnipiac.edu/IT%20%20Libraries/Information%20Security/Pages/default.aspx QU Information Security Contacts