1 / 10

Information Security Awareness Training

Information Security Awareness Training. UMMS Information Security Office. What is Information Security?. InfoSec is the protection of data in all forms. Electronic files Static files Database files Paper documents Printed materials Hand written notes Photographs

teleri
Download Presentation

Information Security Awareness Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Awareness Training UMMS Information Security Office

  2. What is Information Security? InfoSec is the protection of data in all forms • Electronic files • Static files • Database files • Paper documents • Printed materials • Hand written notes • Photographs • Recordings • Video recordings • Audio recordings • Conversations • Telephone • Cell phone • Face to face • Messages • Email • Fax • Video • Instant messages • Paper messages

  3. Why is this Important? • A data breach could result in: • Requirement to report the loss • HIPAA, FERPA, MGL c.93H, PCI, SOX, others • Civil and criminal penalties • Damage to organizational reputation • Loss of revenue • Individual accountability

  4. Isn’t this just a technical problem? • Technology defenses comprise roughly 15% of our controls • Technical controls often cannot compensate for user’s behavior • Cyber-criminals focus on users as a weak link in security • Having a security-aware workforce is a requirement in today’s threat landscape

  5. What are the risks? Evolving “Threat Landscape” • Older attacks targeted infrastructure • Modern attacks target users Nature of threat landscape • Over 90% of Cyber thieves are affiliated with organized crime • Their sophistication rivals those of commercial software vendors Methods of infection • Cyber thieves attack high-volume web sites • Computers that visit the site become infected • Email-borne ‘malware’ • Infected machine “phones home” to say I’m infected • Use the infected computer to strengthen their hold on the organization

  6. Social Engineering and Top Techniques • Social engineering is: “the art of manipulating people into performing actions or divulging confidential information”. E.G. • Reply now in order to keep your email account from being deleted • Did you see this video of YOU? Check out this link! • Click here to see a message from your secret admirer. • You’ve won the big sweepstakes! Click here to claim your prize. • Can you hold the door for me? I don’t have my access card. • Hi, I’m the rep from the copier company and I’m here to see Jeff. • “APTs” • Amateurs target systems • -Professionals target people -Kevin Mitnick

  7. An Honest Mistake • To work at home you copy sensitive information onto a handy USB flash drive. • You lose your flash drive. • The data which you took from your secure work computer is now possibly in the hands of someone who can use it inappropriately.   • The likelihood of this scenario is increasing as the use of convenient plug and play devices like USB flash drives becomes more common.

  8. What can I do? • Become aware of cyber threats • Understand that YOU are often the front line of defense against cyber threats • Select a strong password, and never share it!! • Remain guarded when working with data, email, WWW • Understand data sensitivity and how to manage data appropriately • Safeguard information that is entrusted to you • Report suspected InfoSec incidents (UMass Help Desk, 508-856-UMHD)

  9. Security Resources • UMMS IS Help Desk 508-856-8643 • Look for our IT Security postings on Inside.umassmed.edu • UMass Security Policy: http://media.umassp.edu/massedu/policy/2-1-12%20University%20Information%20Security%20Policy.pdf • Take the MSISAC Cyber Security Pledge: https://msisac.cisecurity.org/cyber-pledge/ • Daily tip: https://msisac.cisecurity.org/daily-tips/

  10. FIN • Welcome to UMMS! • Discussion

More Related