IT Security Essentials Ian Lazerwitz, Information Security Officer - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

IT Security Essentials Ian Lazerwitz, Information Security Officer

Description:

Mail/Spam Volume Mail volumes increased dramatically during the month of August, ... Don't use Internet files sharing software such as Kazaa or BitTorrent. ... – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 25
Provided by: paceuni
Category:

less

Transcript and Presenter's Notes

Title: IT Security Essentials Ian Lazerwitz, Information Security Officer


1
IT Security EssentialsIan Lazerwitz,
Information Security Officer
2
Trends in Email, Web, and Malware Threats
  • Mail/Spam Volume Mail volumes increased
    dramatically during the month of August,
    eclipsing even the record highs established last
    December, with spam making up 89 of all email.
    The increase was largely caused by the huge
    number of fake greeting card and YouTube video
    emails with links to malicious websites sent by
    the Storm worm, as well as large amount of PDF
    spam also distributed by Storm. At the end of the
    month, Storm had ceased to distribute PDF spam,
    most likely due to a lower response rate from
    users for this type of spam

3
Spam Statistics
4
Trends in Email, Web, and Malware Threats II
  • Malware Trojans accounted for over 78 of all
    newly discovered malware in August, followed by
    Adware and Spyware that made up almost 14. 97
    of all new malware came in the form of Windows
    Executable files.
  • Zombies An average of 264,133 new zombies were
    detected daily in August, many associated with
    the new infections caused by the Storm worm.

5
Trends in Email, Web, and Malware Threats III
  • Web Threats An average of 11,906 total new
    malicious websites were detected daily in August.
    Over 30,000 of them had been used by the Storm
    worm to host the Mpack exploit toolkit that it
    uses to infect victim machines.

6
Fundamentals of Security
  • Confidentiality
  • Integrity
  • Availability

7
Why all the concern about security?
  • Computer hacking has become a big business
  • We store large amounts of personal data in our
    systems on students and employees
  • We need that data to be accurate and available in
    order to do our jobs
  • We must comply with state and federal regulations

8
What are we doing about it?
  • Constantly monitoring our systems and threats to
    keep our servers and our network secure
  • Implementing policies, procedures and practices
    to assure only authorized users have access to
    data
  • Educating users

9
What can you do?
  • Security is everyones responsibility
  • Contact the IT Security Office with any questions
    or if you suspect there has been a security
    breach
  • Follow some basic guidelines

10
Be aware
  • Make information security a regular practice
  • Recognize poor security practices in your own
    habits and in your office
  • Remain vigilant where information security is
    concerned

11
Passwords
  • Never share a password
  • If more than one person needs access work with
    DoIT to create a network share so each can use
    their own password
  • Even the DoIT Helpdesk should never ask for your
    password

12
Passwords
  • Choose a strong password
  • We recommend that you change your password
    regularly
  • Use a phase thats easy to remember but hard to
    guess
  • Your password must contain 3 of 4
  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special Characters

13
Password Examples
  • Weak Passwords
  • Fluffy
  • Password3
  • Lazerwitz
  • Strong Passwords
  • str0ngPa55
  • 3plus3Six
  • myc_at_tisf!uffy

14
Passwords
  • Never post your password
  • On your computer monitor
  • Under your keyboard
  • In a desk drawer
  • Anyplace that someone might look

15
Passwords
  • Never save passwords in applications
  • E-mail, Web Authoring, Dialup, VPN
  • Anyone who site at your computer has access to
    those applications
  • Equally important at home

16
Personally Identifiable Information
  • (PII) is information that can be used to
    steal identities, disrupt University operations
    and damage Paces reputation includes
  • Social Security Numbers (SSNs)
  • Health Information including immunization
    information, FMLA information and
  • Credit Card information
  • Non public directory information including
    student grades

17
PII Date Handling Best Practices
  • Assign a complex password and change it
    regularly
  • Dont use Internet files sharing software such as
    Kazaa or BitTorrent.
  • It is important to treat other peoples
    information as if it was your own!!!!

18
PII Date Handling Best Practices
  • Delete files from ALL locations (hard drive and
    network drive) when no longer valid.
  • Do not hold on to old queries or reports that
    contain personal information. Empty your
    computers recycle bin and clear temporary file
    folders

19
PII Date Handling Best Practices
  • Never share passwords
  • Avoid emailing sensitive files. If email is
    absolutely necessary, use password protection
  • Use a password protected screen saver
  • Shut down or turn off the computer when not in
    use

20
PII Printing Best Practices
  • Printed reports with PII data must contain the
    creators name, date and time, data source and a
    confidential notice.
  • Limit display of personal information. Do not
    leave paper containing personal information on
    desks or in open view avoid printing SSN unless
    required by law.

21
PII Printing Best Practices
  • Always store paper reports containing PII in a
    secure location such as a locked filing cabinet
    and know who has access to the location. Avoid
    taking PII reports with you to unsecured
    locations such as your home or car.

22
PIIPrinting Best Practices
  • Limit distribution of documents with PII and know
    who is receiving the documents and how it will be
    used.

23
Physical Security
  • Always lock your computer when you leave it
    unattended (ctrl-alt-del)
  • Never leave hard copies with sensitive date in
    plain view
  • Always log out of web applications (Banner,
    e-mail, calendar) and close the browser

24
Laptops and Mobile Devices
  • Theft
  • Access on unsecure networks
  • Strong passwords
  • Encryption

25
Did you know? (Antivirus)
  • Pace University has a site license to install
    Symantec Antivirus on all Pace computer
  • We also provide Antivirus software for staff,
    faculty, and student home use

26
Did you know?
  • It is a violation of University policy to share
    your password
  • You should keep your computer operating system
    and applications patched to protect against
    unwanted intrusions

27
Did you know?
  • You should make backups of critical files
  • At home use a personal firewall
  • Do not open unexpected emails

28
Information Security Office
  • Ian Lazerwitz
  • Information Security Officer
  • ilazerwitz_at_pace.edu
  • itsecurity_at_pace.edu
  • Http//www.pace.edu/safecomputing
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IT Security Essentials Ian Lazerwitz, Information Security Officer" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!