security awareness 2009

7/31/2019 Security Awareness 2009

1/41

Security Awareness Presentation

Florida International University

Cheryl Lyn Granto, IT Security Officer

http://security.fiu.edu


2/41

We will never ask youfor your Password or

personal information in

person, on the phone or in

email!


3/41

IT SECURITY?

What is it?


4/41

It is

Maintaining:

ConfidentialityAvailability

Integrity


5/41

Confidentiality

Keeping your information:

Hidden Safe

Private


6/41

Availability

Making sure IT resources are:

Present Ready for immediate use!


7/41

Integrity

Knowing and using information

that is Sound and Unchangedby Anyone who is not

authorized


8/41

So what does this

meanfor FIU?


9/41

President Maidiques Objectives

FY 05-06

Execute a communications program that

increases knowledge regarding laws, rules

and regulations addressing student record

confidentiality and University security

requirements


10/41

Mark Luker, VP Educause, said atSURA/Critical Infrastructure ProtectionProject Conference:

Higher Education must address their ITSecurity problems or they are going to findthemselves subject to Mandatory Federal

Security Requirements. We have to show weare moving in the right direction withregards to IT Security

Higher Education Implication


11/41

A Legal Perspective for

Higher Education

FIU is subject to Local, State and Federal Laws.For more information refer to the Laws and Policypage at the end of the FIU General Policy

SECPA Electronic Communications Privacy Act

FERPA

Family Educational Rights and Privacy Act

HIPAA

Health Insurance Portability and Accountability Act CFAA

Computer Fraud and Abuse Act

USA Patriot Act

GLBA

GrammLeachBliley Act


12/41

At FIU we have

Compliance Issues

& Safety Issues

The Problems are Real!


13/41

Information Security Awareness

Defined

Security awareness is being cognizant of:

The variety of information security situations

that may take place

How to protect oneself from such situations

The necessary steps to take should a security

infringement situation arise


14/41

Play your partBe aware!

Security Infrastructure, Policy and

Technology

WILL NOT WORK WITHOUT YOU!


15/41

Ignorance is not bliss!

Nothing of great importance is stored on my computer.NOT TRUE-your access is very valuable

The network is protected and the techies can handle

security issues. NOT TRUE-we cannot watch everythingall of the time.

Who would want to steal my identity? Everyone

Are people really that malicious?

Unfortunately, YES!


16/41

The numbers speak for

themselves

Over 300 million users with access to

Internet

Over 1000 new viruses created each month Every 80 seconds someones identity is

stolen

40% of laptop theft happens in offices andmeeting rooms

100s of FIU computers are compromised on

the FIU network each year

Y PC i d!


17/41

Your PC is protected!

Your computer is now part of

the campus Active DirectoryWe take care of:

Your anti-virus

System Patches

Locking your screen

But you need to:


18/41

Make regular back-ups of criticaldata

Turn your computers off when youleave for the day

Do not keep any critical

information (Social Securitynumbers, birthdates, credit cardnumbers, etc.) on your computer

or on network file shares (M, NDrive etc.). You should neversend such critical information viainstant messenger or other chattools


19/41

E-mail Security

Never open e-mail attachments from strangers

Make sure that the message references the attachment

Be cautious even when opening attachments from your

peers Never hesitate to contact the sender to verify if he/she

actually sent an attachment

Never send personal information (name, account numbers,

address, phone numbers, passwords to strangers When in doubt, contact UTS 7-2284

Spread the word, not the virus!

Trust your instinctsit probably is a virus.


20/41

Password Management

The longer the

better

Should be changed

every 3 months Should not be

found in any

dictionary in any

language

Never share them

with anyone

Never write them

down Be careful when

entering your

password on a

strange computer


21/41

Making a Strong Password

Use at least 6 characters1 numeric

Misspell woords & add speshul

ch@ract3rs

Easy to remember phrases can equal

complicated passwords

I finally got my Masters degree at 28! ifgmmd@28!

I signed up for Drop in 1998! 1su4din1998!
http://images.google.com/imgres?imgurl=www.thelearningcurve.org/images/checkmark.gif&imgrefurl=http://www.thelearningcurve.org/mcla.htm&h=338&w=229&sz=11&tbnid=MC8ATtooGlgJ:&tbnh=113&tbnw=77&prev=/images%3Fq%3Dcheckmark%26start%3D60%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DNhttp://images.google.com/imgres?imgurl=www.thelearningcurve.org/images/checkmark.gif&imgrefurl=http://www.thelearningcurve.org/mcla.htm&h=338&w=229&sz=11&tbnid=MC8ATtooGlgJ:&tbnh=113&tbnw=77&prev=/images%3Fq%3Dcheckmark%26start%3D60%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DN


22/41

Keep confidential documents off your desk

Dont share your access

Take note of strangers in your area

Use laptop locking devices

Keep a record of make, model, serial number

Be careful of piggybacking and tailgatingThis is when someone follows you through a locked door

Be careful of bump and run! especially in

airports

Physical Security


23/41

Social Engineering Defined

When one is deceived

or conned into

divulging information

that would not be

sharedunder normal

circumstances

Please ask questions,

never assume authority!


24/41

Cyber Victims

Cyber Crime is as Serious as any other

crime!

Contact

FIU Victim Advocacy Center

305-348-1215


25/41

DONT

Gossip or share with others sensitiveinformation you have access to.

Look up confidential information for co-workerswho do not have the access without supervisorapproval.

Store your confidential files on public orunsecured network file servers.

Throw confidential reports in the trash withoutshredding them first.

Handling Sensitive Information


26/41

FERPA Violations

Its so Easy


27/41

FERPA Violationhow does it

happen?

Here sits Jane at her desk:

Jane works for the Registrar


28/41

Jane needs a break and walks over to

the Graham CenterLindsey, an OPS student walks by and

Sees that Jane has Left her computer logged

on and Lindsey knows Jane has access to

Look at any students records

And wants to see her boyfriendsInformation


29/41

This must be reported and the

student must be notified that

his information was possibly compromised.

When Jane returns she sees

a record open that she knows

she did not access.


30/41

An afternoon at FIU

Can you see the FERPA Violations?


31/41

Lets look closer.

Instant Messaging SocialSecurity Numbers

TerminalsLeftLogged in

Weak Passwordsand

PasswordSharing

Files left outOn desk


32/41

DO Use excerpts with appropriate attribution (fair

use).

Install and use the software licensed for

everyone at the University (site-licensed). Install and use software purchased by your

department for your use

Copyright, Fair Use and Piracy


33/41

DONT

Use your co-workers computer disks to installsoftware programs unless you have a license.

Copy or share free music or video files that

you would reasonably expect to pay for (e.g.,

feature films, music CDs, e-books). Copy software to take home with you.

Copyright, Fair Use and

Piracy


34/41

Most Common Security

Mistakes Poor password management

Leaving your computer on, unattended

Opening email attachments from strangers Not installing anti-virus software

Laptops on the loose

Sharing information (passwords and machines)

Not reporting security violations Always behind the times (software patches)

Keeping an eye out inside the organization


35/41

Never give out your password, billing

information or other personalinformation to strangers online

Be mindful of who you're talking withbefore you give out personal information

Protect Yourself


36/41

Don't click on hyperlinks or downloadattachments from people/web sites youdon't know

Be skeptical of any company thatdoesn't clearly state its name, physicaladdress and telephone number

Protect Yourself


37/41


38/41

Before releasing any information, it is

essential to at least establish:

the sensitivity of the information

your authority to exchange or release theinformation

the real identity of the third party (proper

authentication) the purpose of the exchange

You are responsible for theinformation you handle!


39/41

Some parting words

Protect yourself; Protect FIU

Be aware and beware

Trust your instincts Take proactive steps

Ask questions and report incidents at

http://security.fiu.edu/http://security.fiu.edu/


40/41

Security.fiu.edu


41/41

Visit us online at

http://security.fiu.edu/http://security.fiu.edu/

security awareness 2009

Documents