1 / 99

HR Liaison Network Meeting

HR Liaison Network Meeting. Meeting Purpose Provide a forum for communication between HR Staff and the HR Liaisons for continuous improvement in HR programs, services, and best practices for the UCF community Build partnerships with colleges/departments Meeting Guidelines

mathewse
Download Presentation

HR Liaison Network Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HR Liaison Network Meeting Meeting Purpose • Provide a forum for communication between HR Staff and the HR Liaisons for continuous improvement in HR programs, services, and best practices for the UCF community • Build partnerships with colleges/departments Meeting Guidelines • Goal is to establish dialogue, while keeping flow of the meeting on track • Maximum of three questions following each presentation • Questions & Feedback – 3x5 cards • Submit questions • Tell us what worked well • What would you improve • Suggestions for topics for future meetings

  2. Shelia Daniels, Executive Director Human Resources Welcome & introductions

  3. Maureen Binder, Assoc. Vice President/Chief HR Officer Opening

  4. Keeping University Information SafeChris VakhordjianInformation Security Officer, UCF

  5. Computer Viruses You Don't Wish to Have • ARNOLD SCHWARZENEGGER VIRUS… Terminates and stays resident. It vill be bahk. • TITANIC VIRUS… Makes your whole computer go down • DISNEY VIRUS… Everything in the computer goes Goofy • VIAGRA VIRUS… Makes a new hard drive out of an old floppy • JANE FONDA VIRUS… Attacks your hard drive's FAT • JACK KEVORKIAN VIRUS… Deletes all old files

  6. Information Security Awareness Chris Vakhordjian Information Security Officer

  7. PUZZLE I

  8. Agenda • What Is Information Security? • What Do We Need To Protect? • Why Do We Need To Protect It? • What Are The Threats? • Steps Toward Better Information Security • Some Parting Words

  9. What is Information Security? It is to maintain... • Confidentiality • Integrity • Availability

  10. Confidentiality Keep information… • Private • Safe • Secure

  11. Integrity Information should be… • Unaltered • Accurate • Sound

  12. Availability Information and resources are …. • Available for authorized users • Redundant • Failsafe

  13. What Information Must Be Protected & CIA Incorporated? • Restricted Data • Highly Restricted Data • Social Security Numbers (SSN) • Electronic Protected Health Information (ePHI) • Credit card account numbers • Financial and tax information • Driver’s license numbers • Passport numbers • Restricted Data • Academic Records (FERPA protected) • Business sensitive information, infrastructure information, system configurations, application settings, etc. • Regardless of whether it is on paper or in electronic form UCF POLICY 4-008 Go to policies.ucf.edu

  14. Whose Information? • Students (& Alumni) • Employees • Applicants • Prospects • Third Parties

  15. Whose Information? • Students (& Alumni) (~ 250k) • Employees (~ 60k) • Applicants (~ 880k) • Prospects (~ 2,500k) • Third Parties (negligible, but growing)

  16. Why Security? FERPA - Family Educational Rights and Privacy Act of 1974, as Amended • Protects the privacy of student educational and personal records • PCI DSS - Payment Card Industry (PCI) Data Security Standards (DSS) • All merchants who process transmit or store credit card data are required to be compliant with PCI DSS • HIPAA - Health Insurance Portability and Accountability Act of 1996 • Provides guidelines on how electronic protected health information (ePHI) may be used and disclosed

  17. Why Security? (Cont.) • Florida Statutes • All state, county, and municipal records are open for personal inspection and copying by any person. Providing access to public records is a duty of each agency. However, there are general exemptions…F.S. 119.07 (4)(d)1-7 • UCF Policies(http://policies.ucf.edu) • Data Classification and Protection Policy (Policy 4-008) • Use of Information Technologies and Resources (Policy 4-002) • Security of Mobile Computing, Data Storage, and Communication Devices (Policy 4-007) • Etc.

  18. Florida Information Protection Act of 2014 • Any person who conducts business in this state and maintains computerized data in a system that includes personal information shall provide notice of any breach of the security… • Notification must be made no later than 30 days after determination of the breach or reason to believe a breach occurred. • Personal Information - first name, first initial and last name, or any middle name and last name, in combination with any one or more of the following • Social Security number • A driver license or identification card number, passport number, etc. • Financial account numbers, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account • Information regarding an individual’s medical history, mental or physical condition • A user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account

  19. Information Security Challenges • University Culture – “Academic Freedom” • Distributed IT, inconsistent standards, processes and technologies, or none at all • Faculty/GAs doing System Administration • Sensitive data distributed throughout campus • Multiple locations where data is collected and stored • Cloud Computing • Lack of employee awareness • High turnover – student employees • Lack of training (no mandatory training)

  20. Threats to Information Security • Malware: Ransomware, Malware, Trojans, Keystroke Loggers, etc. • Social Engineering Attacks • Phishing • Spear Phishing • Inadvertent disclosure (human mistakes) • Missing or stolen portable devices • Hacked servers due to poorly written code or un-patched systems

  21. Let’s not get carried away…

  22. PUZZLE II

  23. Steps Toward Better Information Security • Protect Your PC • Email Security • Encryption • Cloud Storage Security • Password Security • Physical Security

  24. Protect Your PC • Beware of Internet browser pop-ups asking you to accept plug-ins (e.g., Flash Player, Java, etc.) • Install only necessary and trusted applications • Keep your system up-to-date and run anti-malware software!

  25. Protect Your PC • Do not save Highly Restricted data (e.g., SSNs, credit card numbers, etc.) on your workstation, laptop, smartphone or flash drive. • Use UCFID/EmplID to communicate identity related information between offices • Do not send Highly Restricted data via instant messenger or other third party chat tools

  26. Protect Your PC and Yourself (Cont.) Social Media Security Threats • Koobface • The Mikeyy Worm • Acai Attack • Facebook Phishing • BE SKEPTICAL • USE GOOD JUDGMENT • KNOW YOUR CONTACTS • KNOW YOUR PRIVACY SETTINGS

  27. Email Security

  28. Received Email • Question ALL unsolicited emails • Avoid opening attachments - especially executable attachments (e.g., .exe, .com, .bat, etc.) • Verify with sender before you open attachments • Do not click on links in an e-mail • Copy & paste URL • Type URL • Beware of Phishing

  29. PHISHING

  30. PHISHING

  31. Sending Email • Email is analogous to a postcard • Never send Highly Restricted Data via email without encryption • Encryption is the only way to guarantee privacy, confidentiality, and integrity. •  Postcard

  32. What are the consequences of Being Hacked? • Losing your files to Ransomware • Your PC attacking others • Your identity being stolen • Your bank account being emptied • UCF confidential information leaking • Sending spam and phishing messages to thousands of people • Storing and delivering pornography, stolen software and media to anyone • Listening in on your meetings or phone calls at work or at home through the PC microphone

  33. Encryption

  34. Use Encryption(Protecting Restricted Information) • Could someone capture and view information I’m sending or receiving? • Is someone eavesdropping on the network? • Encryption transforms information to make it unreadable to anyone except those possessing special knowledge or a key.

  35. Use Encryption (Cont.) (Protecting Restricted Information) • To keep data confidential, use encryption • Common applications offer encryption;e.g., Word, Excel, Adobe PDF writer, etc. • Never send Highly Restricted data through email without encryption. Restricted data is acceptable using our @ucf.edu addresses. • Always verify the address (URL) in your browser and look for a secure web connection (https://) before entering passwords or other sensitive data

  36. Using Encryption in MS Office Click on “Encrypt Document”

  37. Using Encryption in Adobe • Click on “Properties…”

  38. Cloud Storage Security

  39. UCF POLICY 4-008 Go to policies.ucf.edu Cloud Storage Security • Pros • Provides easy access to your data • Convenient and generally “free” • For storing university data (not Highly Restricted Data) only university provided cloud storage (Office365/OneDrive) is permitted- coming soon… • Personal cloud storage (e.g., iCloud, Dropbox, etc.) is not permitted for university data • Cons • No guarantee that your data will be secure or treated confidentially • Terms of Service is via a "click-through" agreement, which is a legal contract between the individual and the service provide – not with the university

  40. Password Security

  41. Top 10 most hacked passwords: • 123456 • ninja • password • welcome • princess • 12345678 • qwerty • sunshine • abc123 • 123456789 And others….

  42. Password Security Protecting encrypted data or access to your account begins with a strong password

  43. Password Security (Cont.) • Do not use dictionary words • Do not use easy to guess passwords • password 123456 computer hello love • Do not write it down, don’t share it • Do not use the same password on multiple sites, such as using your NID password for your Facebook password • Be careful when entering passwords on public or suspicious computers

  44. Password Security (Cont.) • Use a password management tool to simplify your life with saving and protecting passwords • Password Safe • KeePass

  45. PUZZLE III

  46. Physical Security

  47. Physical Security • Is there Highly Restricted data on your laptop? • Laptop went missing or stolen • Drive crashed… • What do you do? • Highly Restricted data must not reside on laptops, smartphones, flash drives, external drives, etc.

  48. Physical Security (Cont.) • Always store Restricted data on secure servers • Use Remote Desktop to get to your documents • Do not leave your computers unlocked when not at your desk • CTRL+ALT+DEL, then “Lock Computer” • Or set your screen saver to lock • Lock laptops when not in use • Use laptops with encrypted drives • Password protect your Smartphone • UCF Policy 4-007

More Related