1 information security basics for it staff sponsored by uw division of informational technology...
TRANSCRIPT
![Page 1: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/1.jpg)
1
SECURITY 101:Information Security Basics for IT Staff
Sponsored by UW Division of Informational Technology Office of Campus Information Security
and Professional Technical Education--------------------------------
Instructors: Cliff Cunningham & Braden Bruington
![Page 2: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/2.jpg)
2
GREETINGS & INTRODUCTIONS
Cliff Cunningham & Braden Bruington Technology Instructor & Consultant
DoIT security staff
![Page 3: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/3.jpg)
3
WHY ARE YOU HERE?Let’s be honest…
![Page 4: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/4.jpg)
4
GOALS FOR THIS COURSE
To communicate… … healthy data management practices.
To demonstrate… … how to locate sensitive data.
To educate you… … in the event of a data security incident.
To encourage you … to take some preemptive steps.
![Page 5: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/5.jpg)
5
AGENDA
1. Defining our scope: Why is this important?
2. Defining sensitive data.---------- BREAK ----------
3. How do I find sensitive data?4. Handling a data security incident.
---------- BREAK ----------
5. Resources & Next steps
![Page 6: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/6.jpg)
6
HAND-OUTS
Sign-up sheet (blue) Copy of this presentation Resources page (green) Next Steps (yellow) Evaluation form (pink)
cream
![Page 7: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/7.jpg)
7
WHO ARE YOU?
Titles? Roles? Operating systems? Show of hands…
Financial information Health information Grades Credit cards Other unique information types
![Page 8: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/8.jpg)
8
AGENDA
1. Defining our scope: Why is this important?
2. Defining sensitive data.---------- BREAK ----------
3. How do I find sensitive data?4. Handling a data security incident.
---------- BREAK ----------
5. Resources & Next steps
![Page 9: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/9.jpg)
9
DID YOU KNOW…?
Within UW system… 2 out of 3 IT
professionals work outside of DoIT
How many different UW entities have their own IT staff?
Non-DoIT
DoIT
IT Professionals at UW
Why is this important?
![Page 10: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/10.jpg)
10
SHOW ME THE MONEY
80% of campus-wide IT budget is for specified work
Decentralized funding = decentralized IT
Why is this important?
![Page 11: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/11.jpg)
11
THUS, THIS COURSE…
This is a campus-wide initiative to… To standardize our approach to campus-
wide information security Establish expectations Generate a sense of ownership
Our own little “E Pluribus Unum” “From many, one”
Why is this important?
![Page 12: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/12.jpg)
12
TIP OF THE TRAINING ICEBERG
All staff
Security workshops
100-levelAll IT staff
Security 101:Information
Security Basics for IT
Staff
Security 1XX:Information Security for
Managers (?)(TBA)
200-levelSystem Admin
(others?)
Security 201:Windows(JUL 28)
Security 202:OS X
(AUG 11)
Security 203:Linux
(SUM 2009)
300-levelSelected staff
IIS Security
Developing Secure Code
Apache SecurityOracle
SecurityFirewall Security
Other…?Other…?You are
here!
Why is this important?
![Page 13: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/13.jpg)
13
TELL US YOUR STORIES…Why is this important?
![Page 14: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/14.jpg)
14
IT’S THE LAW…
Wisconsin’s Data Breach Notification Law Statute 895.507 (2006) Formerly, Act 138 Any unauthorized access to personal info…
… must notify individual(s) within 45 days Data includes
SSN Driver’s license or state ID Account number, code, password, PIN DNA or biometric info
Why is this important?
![Page 15: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/15.jpg)
15
ANALYSIS OF DATA LOSS INCIDENTS
http://www.privacyrights.org/ar/DataBreaches2006-Analysis.htm
2006 Private Sector
Public Sector
Higher Educ’n
Medical Centers
Outside Hackers 15% 13% 52% 3%
Insider Malfeasance 10% 5% 2% 20%
Human Error or Software Misconfig 20% 44% 21% 20%
Theft 55% 38% 37% 57%
Why is this important?
![Page 16: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/16.jpg)
16
ANALYSIS OF DATA LOSS INCIDENTS
2006 Private Sector
Public Sector
Higher Educ’n
Medical Centers
Outside Hackers 15% 13% 52% 3%
Insider Malfeasance 10% 5% 2% 20%
Human Error or Software Misconfig 20% 44% 21% 20%
Theft 55% 38% 37% 57%
http://www.privacyrights.org/ar/DataBreaches2006-Analysis.htm
Why is this important?
![Page 17: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/17.jpg)
17
FALLOUT FROM DATA LOSS AT OU
“If there is any financial damage… I will hold OU at fault and seek legal counsel to recover
any and all loss, with punitive damages.”
“It was my intention to leave a sizable
endowment to OU, but not any longer”
“I will never donate another penny to you.”
Quotes taken from article “OU has been getting an earful about huge data theft”
by Jim Phillips, Athens NEWS Sr Writer, 2006-06-12
![Page 18: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/18.jpg)
18
EFFECTS OF DATA LOSS - VICTIM
On the victim Personal credit info can be destroyed Bank accounts can be exploited Private information can be made public Intellectual property can be compromised Patent opportunities can be lost
Why is this important?
![Page 19: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/19.jpg)
19
EFFECTS OF DATA LOSS - UNIVERSITY On the university
Loss of grant money, contracts, research opp. National Institute of Health won’t grant
funds until… Loss of reputation Lawsuits Intellectual property & patents
Why is this important?
![Page 20: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/20.jpg)
20
LAWSUITS…
Lending Tree, May ‘08 TJ Maxx, Jan ’07 ($24 million) Fidelity Nat’l Information Services, Aug
‘07 Davidson Companies, Apr ’08 Hannaford Bros. Co, Mar ‘08 TSA, May ‘07
Why is this important?
![Page 21: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/21.jpg)
21
WHAT CAN YOU DO TO HELP?
Don’t overestimate… … the awareness of
managers. Don’t underestimate…
… the value that you can add. Use your educated eyes and
ears. Help data custodians realize that
they (we?) may be in violation of certain laws or policies.
Why is this important?
![Page 22: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/22.jpg)
22
WHY IS THIS IMPORTANT? - recap
It’s the law. 1/5th of data loss episodes result from
human error or software misconfiguration.
Lost data causes damage to individuals.
Lost data causes damage to the university.
You are in a great position to help.
Why is this important?
![Page 23: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/23.jpg)
23
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 24: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/24.jpg)
24
PERSONAL INFORMATION
SSN Drivers License
Number Name & Address Biometric data
Finger prints DNA Maps Voice patterns
What is sensitive information?
![Page 25: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/25.jpg)
25
HEALTH & MEDICAL INFORMATION
Physical diagnoses
Psychological diagnoses & treatment
Prescriptions
What is sensitive information?
![Page 26: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/26.jpg)
26
FINANCIAL INFORMATION
Account numbers Account passcodes Debt balances Net worth Payroll Expense report
What is sensitive information?
![Page 27: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/27.jpg)
27
ACADEMIC INFORMATION
Students Grades Transcripts Communications
w/faculty Faculty/Staff
Intellectual property Research data
What is sensitive information?
![Page 28: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/28.jpg)
28
LAWS
Wisconsin’s “Breach Notification” law
FERPA – academic Family Education Rights
and Privacy Act HIPAA – health & medical
Health Insurance Portability and Accountability Act
What is sensitive information?
![Page 29: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/29.jpg)
29
FERPA: TWO TYPES OF INFO
Public Information Considered public Student must request
to have it suppressed Includes
Name, address, phone Email address Dates of attendance Degrees awarded Enrollment status Major field of study
(this is a partial list)
Private Information Tightly restricted Includes
SSN Student ID number Race, ethnicity,
nationality Gender Transcripts & grades
(this is a partial list)Information provided by Office of Registrar
UW-Madison Student Privacy Rights and Responsibilities
What is sensitive information?
![Page 30: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/30.jpg)
30
FERPA AND ITS TENTACLES
Lesser-known items within FERPA’s reach Educational records Personal notes between faculty and students Communications with parents/guardians How to post grades Letters of recommendations
What is sensitive information?
![Page 31: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/31.jpg)
31
WWW.REGISTRAR.WISC.EDU
For more info, Office of the Registrar Brochures FAQs On-line tutorials Onsite training One-on-one consultation
What is sensitive information?
![Page 32: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/32.jpg)
32
POLICIES & GUIDELINES
Campus IT Policies Appropriate Use Policies Electronic Devices
Payment Card Industry Data Security Standard a.k.a. PCIDSS List of specific
suggestions Used by OCIS
What is sensitive information?
![Page 33: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/33.jpg)
33
CASE STUDY…
DoIT Store website Collecting data from hits This collected data was being analyzed
by the web hosting service Web hosting service posted its findings
What is sensitive information?
![Page 34: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/34.jpg)
34
THE REST OF THE STORY…
The data that was being captured included… campus ID’s and NetIDs
Old Campus ID’s used to include SSN’s Web hosting service didn’t know Web hosting service made its finding
available to too many people Web hosting service included captured data
What is sensitive information?
![Page 35: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/35.jpg)
35
THE ANALYSIS
All were capable, professional entities They didn’t know They didn’t anticipate
What is sensitive information?
![Page 36: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/36.jpg)
36
SOME RED FLAGS
Multiple parties involved SSNs were still in some University IDs Website collected too much info Findings were publicly available
What is sensitive information?
![Page 37: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/37.jpg)
37
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 38: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/38.jpg)
38
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 39: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/39.jpg)
39
BEFORE RUNNING A SCAN!!How do I find sensitive information?
GET INFORMED PERMISSION!!!
These scans will produce unusual
net-traffic !
![Page 40: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/40.jpg)
40
FINDING SENSITIVE INFORMATION?
PII = Personally identifiable information
Numerous applications, called “PII finders” They scan drives They locate recognizable patterns They produce reports
You don’t always know what is on your machine
How do I find sensitive information?
![Page 41: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/41.jpg)
41
HOW?
Question:How might sensitive data find its way onto a piece of hardware?
How do I find sensitive information?
![Page 42: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/42.jpg)
42
TWO PII FINDERS
Cornell Spider Free, simplistic
Identity Finder Being considered by UW DoIT Security
group More costly, but more robust Free edition is now available, so it’s worth
a try Let’s see how they work
How do I find sensitive information?
![Page 43: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/43.jpg)
43
COMPARE / CONTRAST
Pro Con
Cornell Spider Free
Fewer results, less
accurate
Identity Finder
More results, more
accurate
Relatively expensive
How do I find sensitive information?
![Page 44: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/44.jpg)
44
ARE YOU AT RISK?
OCIS provides access to a few scanning tools
These tools test the security of network & workstation
This will tell you whether you are “at risk”.
How do I find sensitive information?
![Page 45: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/45.jpg)
45
BEFORE RUNNING A SCAN!!How do I find sensitive information?
GET INFORMED PERMISSION!!!
These scans will produce unusual
net-traffic !
![Page 46: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/46.jpg)
46
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 47: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/47.jpg)
47
INCIDENT VS. BREACH
Define “incident” Undetermined whether data has been lost Any number of scenarios…
Losing a laptop Firewall down Critical patches are out-of-date Hacked, or infected with malware
What to do with an incident?
![Page 48: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/48.jpg)
48
INCIDENT VS. BREACH
Define “breach” We know data has been acquired by
unauthorized person
What to do with an incident?
![Page 49: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/49.jpg)
49
INCIDENT VS. BREACH
All breaches are incidents.Not all incidents are
breaches.
What to do with an incident?
![Page 50: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/50.jpg)
50
WELL-HANDLED INCIDENTS
Well-handled incidents will reduce…1. … your exposure,2. … the university’s exposure.
What to do with an incident?
![Page 51: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/51.jpg)
51
DISCUSSION QUESTION…
Do you have an incident handling process?
What to do with an incident?
![Page 52: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/52.jpg)
52
What to do with an incident?
Incident Response Flowchart
- Department
- Investigators
- CIO
- Admin Leader Team
- University Comm’ns
TOO MUCH
INFORMATIO
N
![Page 53: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/53.jpg)
53
What to do with an incident?
Incident Response Flowchart
- Department
- Investigators
- CIO
- Admin Leader Team
- University Comm’ns
![Page 54: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/54.jpg)
54
What to do with an incident?The part you need to
know
![Page 55: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/55.jpg)
55
1 – WHAT HAPPENED?
Incident Any exposure Any risk Not a “breach”, yet
What to do with an incident?
![Page 56: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/56.jpg)
56
2 – WAS DATA AT RISK?
Was sensitive information at risk? Does the device
contain sensitive information?
Was that information accessible by non-authorized user?
Physically accessible Cyber-accessible
(judgment?)
What to do with an incident?
![Page 57: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/57.jpg)
57
3 – IF “NO”… RESOLVE THE INCIDENT
Close the issue No need to report
it
What to do with an incident?
![Page 58: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/58.jpg)
58
4 – IF “YES”… REPORT THE INCIDENT
You need to escalate the issue…
But, how do you report an incident?
What to do with an incident?
![Page 59: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/59.jpg)
59
HOW TO REPORT AN INCIDENT?
“It depends.” Non-urgent:
[email protected] Need a faster response?
Open a DoIT HelpDesk ticket They can escalate it if necessary
After hours? Contact Network
Operations Center (NOC) Phone: 263-4188
What to do with an incident?
![Page 60: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/60.jpg)
60
WHAT DO I DO?
Preserve as much data as possible. Do not tamper with the information
This can hinder further investigation. Remove device from the network
This cuts off any remote access to the machine
Do not power-off the machine Some forensic information may be stored in
cache
What to do with an incident?
![Page 61: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/61.jpg)
61
SCENARIOS
1. A laptop in your department has been infected with a virus.
2. You have a single workstation that interfaces with a special piece of scientific equipment. It runs an unsupported OS. You are concerned that it may have been compromised.
3. You get a call saying your department’s web server is unexpectedly serving pop-up ads.
![Page 62: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/62.jpg)
62
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 63: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/63.jpg)
63
AGENDA
1. Defining our scope: Why is this important?
2. What is sensitive data?---------- BREAK ----------
3. How do I find sensitive data?4. What do I do with a data security
incident?---------- BREAK ----------
5. Resources & Next steps
![Page 64: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/64.jpg)
64
70% of data breaches involve data the owners didn’t even
know was there.
![Page 65: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/65.jpg)
65
THE TROUBLE WITH SENSITIVE DATA… Once you get it, it is
very difficult to get rid of.
It replicates… Hardcopy Backed up
Get rid of it! (if possible)
Resources & next steps
![Page 66: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/66.jpg)
66
THINGS TO CONSIDER…
Do you really need the data? Question business practices.
Frequently re-assess security standards. Things change… Yesterday: SSNs Tomorrow: Mobile phone numbers?
Office of Campus Information Security OCIS is your friend
Resources & next steps
![Page 67: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/67.jpg)
67
OCIS IS YOUR FRIEND
Training and Lockdown
Extensive resources
Security risk assessment
Individual & Departmental
www.cio.wisc.edu/security
IT Security Principles
![Page 68: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/68.jpg)
68
IT SECURITY PRINCIPLE #1
Principle #1: Security is everyone’s responsibility. It takes a village...
Managers IT support Office staff Faculty End users Students Maintenance crew Cleaning crew Campus police
![Page 69: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/69.jpg)
69
IT SECURITY PRINCIPLE #2
Principle #2: Security is part of the development life cycle.
Plan for it! Not an after-thought! Designed into the project plan
i.e. Resources allocated Logging & auditing capabilities Layering security defenses
![Page 70: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/70.jpg)
70
IT SECURITY PRINCIPLE #3
Principle #3: Security is asset management.
Lock it up! Classification of data Establishing privileges Separating or
redistributing job responsibilities and duties
![Page 71: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/71.jpg)
71
IT SECURITY PRINCIPLE #4
Principle #4: Security is a common understanding.
Think it through! Due diligence Risks & Threats
Costs (OCIS assessment)
Incident handling
![Page 72: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/72.jpg)
72
RESOURCES & NEXT STEPS
Organizations www.doit.wisc.edu/about/advisory.asp TechPartners – forum
Sign-up CTIG – Campus Technical Issues Group
Watch for presentations, attend… and join? MTAG – Madison Technology Advisory
Group Know they exist… appointed roles
Resources & next steps
![Page 73: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/73.jpg)
73
RESOURCES & NEXT STEPS
Refer to your handout… “When I Get Back to My Office, I Will…”
Resources & next steps
![Page 74: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/74.jpg)
74
AGENDA - RECAP
1. Defining our scope: Why is this important?
2. What is sensitive data?
3. How do I find sensitive data?
4. What do I do with a data security incident?
5. Resources & Next steps
![Page 75: 1 Information Security Basics for IT Staff Sponsored by UW Division of Informational Technology Office of Campus Information Security and Professional](https://reader038.vdocuments.site/reader038/viewer/2022110209/56649e155503460f94aff91b/html5/thumbnails/75.jpg)
75
THE END…
Thank you!