The “Convenient” Information Security
Simple tools that can help you protect your information and privacy in cyberspace
July 24 and July 26, 2013
The “Convenient” Information Security
• The content of this presentation are suggestions made to share best practices and are for personal use only.
• The solutions and examples cited within this presentation should not be used on GW-owned and managed systems and/or GW data without consulting the Division of Information Technology (IT). These tools are not provided or supported by GW, and the Division of IT does not provide any technical support related to these tools or resources.
• Some of the tools and resources suggested may have costs attached. Users should research and read documentation thoroughly for individual tools that meet their needs, prior to use.
• Support information can usually be found within the documentation of each tool or by visiting the company’s website
Disclaimer
The “Convenient” Information Security
• Information Security vs. Privacy• Information leaks and privacy breaches• “PPT” of Information Security• Threat Avenues and What They Mean• The Tools that You Can Use
Presentation Overview
• Information security – The general practice of defending information from unauthorized
access ,use, disclosure, disruption, modification or destruction. – Can apply to electronic or other (for example, paper or magnetic
tapes)
• Privacy– Choice of anonymity– Boundaries defined by a person for his/her safety and comfort
The “Convenient” Information Security
Information Security vs. Privacy
The “Convenient” Information Security
Information Leaks and Privacy Breaches
What happens when information leaks and privacy is breached?Root causes: Intentional, “Did not know,” Disregard, “Human error”
The “Convenient” Information Security
Threat Avenues and What They Mean
• Access– Opening the door or “logging in”– Examples: physical doorways, usernames, passwords, keyfobs,
badge access, biometrics etc.
• Storage– Where the data and information rest– Examples: a data center, the “cloud”(a collection of devices often
across multiple data centers), a local desktop, a thumb drive, a portable hard drive, tapes etc.
• Transmission– Sending or receiving– Examples: e-mail, file transfer, snail mail, fax, etc.
• Destruction– Deleting the data , reliably, irreversibly and completely such that
the remnants have no meaning or value tied to the original
The “Convenient” Information Security
What is encryption?
• At all stages of the data lifecycle, you will hear
information security professionals emphasize ‘use encryption’
So what is ‘encryption’?
Video:
http://www.youtube.com/watch?v=hd2kEJoQmOU
Demo:
http://infoencrypt.com/
The “Convenient” Information Security
The Tools that You Can Use
• Access– Password managers - you have to remember just one (strong)
password– Examples: Kaspersky Password Manager, Roboform Desktop,
Ironkey Personal, LastPass, Roboform, KeePass– Rationale: Rather than using 10 weak passwords or one weak
password shared among 10 web applications, better to use a password manager
The “Convenient” Information Security
The Tools that You Can Use Continued…
• Storage– Where the data and information rest
• Examples: a data center, the “cloud”(a collection of devices often across multiple data centers), a local desktop, a thumb drive, a portable hard drive, tapes etc.
– Encrypt• Examples: using TrueCrypt, Hide-in-picture, Cypherix,
nCryptedCloud, boxcryptor– Rationale: YOU have the key that hides the data
The “Convenient” Information Security
• Transmission– Sending or receiving– E-mail, file transfer, snail mail, fax, etc.– Examples: Sendinc, Comodo, Lockbin, Safe-mail– Rationale: Un-encrypted e-mails can be intercepted and read
The Tools that You Can Use Continued…
The “Convenient” Information Security
• Destruction– Deleting or destroying the data or its media, reliably, irreversibly
and completely– Examples: KillDisk , Eraser, Interconnection.org,
Resources listed at Virginia.gov, FreeSecureShredding.com– Rationale: The remnants have no meaning or value tied to the
original; includes paper and electronic
The Tools that You Can Use Continued…
The “Convenient” Information Security
For more information, contact …
Noor Aarohi
Senior Analyst, Risk and Compliance
Division of Information Technology
E-mail : [email protected]