information security what is it? information security the protection of information systems against...
TRANSCRIPT
INFORMATIONINFORMATION
SECURITYSECURITY
WHAT IS IT?
Information Security
The protection of Information Systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.
Reference- NSTISSI 4009
In other words…The Protection of
of university information
Availability
ConfidentialityIntegrity
The Need for Security Education
Many users believe they have nothing of importance on their computer This belief is false! Even if your
machine doesn’t contain important information, your machine may still be used by intruders or unauthorized persons to access other machines on the network that do contain important information.
Many believe technology can solve security problems
The Need for Security Education
Again false!
Technology is ever changing; therefore, it is only as good as the people that use it
The Need for Security Education
Internal Threat vs. External Threat Most are aware of
external threats but internal threats are even more of a security problem because most wrong-doers already have access and are not easily detected
Top Security Mistakes
Opening email attachments from unknown sources
Unsecured work space
Leaving computers on and unattended
Poor password management
Lack of anti-virus protection
Out of date patches/updates
Unsecured laptops; PDAs
Lax physical security
Throwing sensitive data in the trash
Using default system configurations
USC War Stories
USC War StoriesEmployee steals emails from department server then posts derogatory messages about other employeesEmployee leaves computer on overnight causing 6 computers containing sensitive data in the building to become compromisedEmployee disciplined for telephone misuse gains access to monthly telephone bills and alters them to cover-up long distance calls Employee uses procurement card to purchase personal items in excess of $1800Employee and temporary worker involved in check fraudEx-Spouse gains access to employee workplace vandalizing and stealing personal property
So, do you think information security
doesn’t apply to you?
THINK AGAIN!
What Information Needs Protection?
Do you use any of these forms of information to perform your job functions?
Budget information
Financial data/transactions
Student records
Faculty/Staff personal information
SSNs
Loan documents
Intellectual property
If so, then just ask If so, then just ask yourself…yourself…
What if this information is lost or stolen?
If so, then just ask If so, then just ask yourself…yourself…
What if someone sees this information who
should not have access to it?
If so, then just ask If so, then just ask yourself…yourself…
Would either of these scenarios be a problem for
you or your supervisor?
When you leave home you…When you leave home you…
Secure your house
Right?
When you leave your car When you leave your car you…you…
Lock the doors
Right?
Well,Well, What About Work? What About Work?
Protect the university
Protect yourself
=
Or…Protect university information just as you would your personal information
What can you do to protect university information?
Lock doors and cabinets
Don’t leave sensitive information in open view
Lock Your Computer You never know who may enter
your office while you step away from your desk
Protects the confidentiality of your data from:
unauthorized viewing unauthorized use
What can you do to protect university information?
Tips: Use password protected screen saversPress ctrl + alt + delete then enter (PC)
Don’t leave sensitive data in your car! An employee working in the financial
department trying to meet a deadline decided to take her work home. Before going home, she stopped off at the grocery store. To her dismay, she came out of the store to find her car had been stolen!
What can you do to protect university information?
Properly secure information taken outside of Properly secure information taken outside of the office!the office!
Protect Your Password NEVER SHARE! Don’t post-it! Don’t use default passwords At least 8 characters in length (letters, numbers
and caps) Meaningful but not easily guessed
What can you do to protect university information?
What can you do to protect university information?
REMEMBER, EMAIL IS REMEMBER, EMAIL IS NOTNOT A SECURE A SECURE MEANS OF COMMUNICATION!MEANS OF COMMUNICATION!
Do not forward emails: With suspicious or virus attachments From unknown sources Containing personal information Containing sensitive/confidential data
What else can you do to protect university information?
Maintain an inventory of technology-related assetsRefrain from speaking in public places about sensitive/confidential informationUse your anti-virus softwarePatch and update your system regularlyFollow document retention proceduresSecure laptops and PDAsSecure your workspaceReport security violations
Each of us has a responsibility to treat
information responsibly!
InfoSec PoliciesInfoSec PoliciesThe Office of Information Security
in conjunction with the Information Security Working
Group and Information Security Liaison Committee are currently
writing information security policies addressing many of these areas. These policies are being
developed to assist you in making sure you and your environment
are secure.
Do you need additional assistance? Do you need additional assistance? PleasePlease call the USC Office of call the USC Office of
Information Security at:Information Security at:213.743-4900 or e-mail us at 213.743-4900 or e-mail us at
[email protected]@usc.edu