copyright© 2010 wecomply, inc. all rights reserved. 10/13/2015 information security

21
Copyright© 2010 WeComply, Inc. All rights reserved. 05/15/22 Information Security

Upload: blaise-jenkins

Post on 31-Dec-2015

216 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.

04/19/23

Information Security

Page 2: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.

04/19/23

Information Security

Page 3: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 3

Overview

Information Security

•We must meet strict confidentiality standards for certain information

•We must safeguard business/confidential information we deal with day-to-day

Policy is intended to help us protect information we deal with, handle it responsibly and keep it confidential

Policy is based on —

•Prudent and responsible business practices

•Contractual obligations

•Laws and regulations

Page 4: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 4

Electronic ID and Passwords

Confidential information must remain secure at all times

Access to confidential information is granted on "need-to-know“ basis

You have level of access needed to perform your job duties

User ID/password is your electronic identity

Protect your password at all times — even from your co-workers

Lost/stolen password can compromise confidentiality and lead to identity theft

Page 5: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 5

Pop Quiz!

Roz hates to think of passwords and makes her latest password "u9gi'y/8o" by just letting her fingers glide over the keyboard randomly. Is this password strong or weak?

A.Strong.

B.Weak.

Page 6: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 6

Avoiding Identity Theft

To avoid identity theft —

•Memorize passwords — don't write them down

•Use password that is not immediately associated with you

•Make password hard to crack

•Never let anyone "borrow" your password

•People who use your password to access organization’s information are intruders who should be reported to your supervisor or IT Department

Page 7: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 7

Avoiding Identity Theft (cont’d)

To avoid identity theft —

•Memorize passwords — don't write them down

•Use password that is not immediately associated with you

•Make password hard to crack

•Never let anyone "borrow" your password

•People who use your password to access Company information are intruders who should be reported to your supervisor or IT Department

Page 8: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 8

Information Classification

Information is divided into four classes:

•Restricted — e.g., passwords

•Confidential — protected health information; personal, confidential and business-confidential information

•Internal — personal and business information for internal use only

•Public

Restricted and confidential information must be encrypted. Confidential information must not be left unattended on fax machines, desktops or computer screens. Business confidential information must not be disclosed to anyone who has not signed a nondisclosure agreement

Page 9: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 9

Special Note…

Page 10: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 10

Computer Viruses and Hoaxes

Computer viruses, worms and Trojan horses can damage our information assets

Contact IT Department immediately if you think your computer is infected

Malicious code infects computer networks through —

•E-mail attachments

•CD-ROMs or other storage media

•Downloads from the Internet

Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

Page 11: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 11

Computer Viruses and Hoaxes (cont’d)

Computer viruses, worms and Trojan horses can damage our information assets

Contact IT Department immediately if you think your computer is infected

Malicious code infects computer networks through —

•E-mail attachments

•CD-ROMs or other storage media

•Downloads from the Internet

Hoaxes — e-mail messages that warn of virus/worm that doesn't really exist — should not be forwarded

Page 12: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 12

Using Our E-Communication Systems

Our e-communication systems are to be used primarily for conducting Company business

You should have no expectation of privacy when using them

Activities prohibited on our e-communication systems:

•Pornography, obscene material or offensive language

•Excessive personal use

•Inappropriate comments about characteristics protected by law

•Material that would reflect poorly on the Company

•Other content that violates any law or regulation

Page 13: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 13

Extra E-mail Precautions

Keep these e-mail precautions in mind:

•Spam — delete junk-mail received your work e-mail account

•Questionable attachments — be careful about opening attachments unless you know sender and contents of attachment

Page 14: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 14

Workspace Security

Workspace-security tips:

Beware of "Tailgaters" in Secure Facilities

•Don't hold a door open for strangers

•Report incidents of unauthorized entry to security

Protect Your Work Area

•Secure all media containing confidential information when not in use

•Shred confidential/sensitive information that you need to dispose of

•Use screensavers with passwords

•Lock your computer when you are away from it

Page 15: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 15

In the news…

Page 16: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 16

Social Engineering

There are many low-tech ways — called social engineering — used to gain unauthorized access to confidential information:

•Impersonating an authorized person online, by phone or even in person

•Coaxing information out of employees by preying on their trust, charming them or flirting

•Rigging the system, offering to "fix it," then accessing passwords in the course of repairing it

• Entering work area and looking over people's shoulders to see passwords

• Sifting through unshredded documents in trash

Page 17: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 17

Pop Quiz!

Sean took some work home with him. He decided to clean out his briefcase and dispose of some old memos and an out dated employee phone list in the recycling bin behind his apartment building. Sean didn't bother shredding any of the old paperwork because he was sure it contained no confidential information. Were there any security concerns here?

A.No, if he was sure that the documents contained no confidential information.

B.Yes, because the information could be useful to hackers.

C.Maybe, if the documents contained information that was not totally out of date.

Page 18: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.8/11/2010 18

Business Continuity Plans

Business Continuity Plans are designed to prevent or reduce downtime in event of catastrophe

You are responsible for —

•Reviewing/understanding your department's BCP and making necessary preparations

•Backing up and storing information assets in authorized manner

•Knowing location of fire exits and escape routes

•Having alternate method of coming to work

Page 19: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.

04/19/23

Final Quiz

Page 20: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.

04/19/23

Questions?

Page 21: Copyright© 2010 WeComply, Inc. All rights reserved. 10/13/2015 Information Security

Copyright© 2010 WeComply, Inc. All rights reserved.

04/19/23

Thank you for participating!

This course and the related materials were developed by WeComply, Inc. and the Association of Corporate Counsel.