INFORMATIONINFORMATION

SECURITYSECURITY

WHAT IS IT?

Information Security

The protection of Information Systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.

Reference- NSTISSI 4009

In other words…The Protection of

of university information

Availability

ConfidentialityIntegrity

The Need for Security Education

Many users believe they have nothing of importance on their computer This belief is false! Even if your

machine doesn’t contain important information, your machine may still be used by intruders or unauthorized persons to access other machines on the network that do contain important information.

Many believe technology can solve security problems

The Need for Security Education

Again false!

Technology is ever changing; therefore, it is only as good as the people that use it

The Need for Security Education

Internal Threat vs. External Threat Most are aware of

external threats but internal threats are even more of a security problem because most wrong-doers already have access and are not easily detected

Top Security Mistakes

Opening email attachments from unknown sources

Unsecured work space

Leaving computers on and unattended

Poor password management

Lack of anti-virus protection

Out of date patches/updates

Unsecured laptops; PDAs

Lax physical security

Throwing sensitive data in the trash

Using default system configurations

USC War Stories

USC War StoriesEmployee steals emails from department server then posts derogatory messages about other employeesEmployee leaves computer on overnight causing 6 computers containing sensitive data in the building to become compromisedEmployee disciplined for telephone misuse gains access to monthly telephone bills and alters them to cover-up long distance calls Employee uses procurement card to purchase personal items in excess of $1800Employee and temporary worker involved in check fraudEx-Spouse gains access to employee workplace vandalizing and stealing personal property

So, do you think information security

doesn’t apply to you?

THINK AGAIN!

What Information Needs Protection?

Do you use any of these forms of information to perform your job functions?

Budget information

Financial data/transactions

Student records

Faculty/Staff personal information

SSNs

Loan documents

Intellectual property

If so, then just ask If so, then just ask yourself…yourself…

What if this information is lost or stolen?

If so, then just ask If so, then just ask yourself…yourself…

What if someone sees this information who

should not have access to it?

If so, then just ask If so, then just ask yourself…yourself…

Would either of these scenarios be a problem for

you or your supervisor?

When you leave home you…When you leave home you…

Secure your house

Right?

When you leave your car When you leave your car you…you…

Lock the doors

Right?

Well,Well, What About Work? What About Work?

Protect the university

Protect yourself

=

Or…Protect university information just as you would your personal information

What can you do to protect university information?

Lock doors and cabinets

Don’t leave sensitive information in open view

Lock Your Computer You never know who may enter

your office while you step away from your desk

Protects the confidentiality of your data from:

unauthorized viewing unauthorized use

What can you do to protect university information?

Tips: Use password protected screen saversPress ctrl + alt + delete then enter (PC)

Don’t leave sensitive data in your car! An employee working in the financial

department trying to meet a deadline decided to take her work home. Before going home, she stopped off at the grocery store. To her dismay, she came out of the store to find her car had been stolen!

What can you do to protect university information?

Properly secure information taken outside of Properly secure information taken outside of the office!the office!

Protect Your Password NEVER SHARE! Don’t post-it! Don’t use default passwords At least 8 characters in length (letters, numbers

and caps) Meaningful but not easily guessed

What can you do to protect university information?

What can you do to protect university information?

REMEMBER, EMAIL IS REMEMBER, EMAIL IS NOTNOT A SECURE A SECURE MEANS OF COMMUNICATION!MEANS OF COMMUNICATION!

Do not forward emails: With suspicious or virus attachments From unknown sources Containing personal information Containing sensitive/confidential data

What else can you do to protect university information?

Maintain an inventory of technology-related assetsRefrain from speaking in public places about sensitive/confidential informationUse your anti-virus softwarePatch and update your system regularlyFollow document retention proceduresSecure laptops and PDAsSecure your workspaceReport security violations

Each of us has a responsibility to treat

information responsibly!

InfoSec PoliciesInfoSec PoliciesThe Office of Information Security

in conjunction with the Information Security Working

Group and Information Security Liaison Committee are currently

writing information security policies addressing many of these areas. These policies are being

developed to assist you in making sure you and your environment

are secure.

Do you need additional assistance? Do you need additional assistance? PleasePlease call the USC Office of call the USC Office of

Information Security at:Information Security at:213.743-4900 or e-mail us at 213.743-4900 or e-mail us at

infosec@usc.eduinfosec@usc.edu