HIPPA Steering Committee

1
Campus Security Awareness Campaign Other
Initiatives
Kelley Bogart, Analyst Melissa Guenther, Security
Awareness Consultant
2
What is Security Awareness?

• Security Awareness is recognizing what types of
  security issues and incidents may arise and
  knowing which actions to take in the event of a
  security breach.
• It is knowing what to do if you feel someone is
  attempting to
• Wrongfully take university of Arizona property
  or information.
• Wrongfully obtain personal information about
  staff, clients, or vendors.
• Utilize university of Arizona resources for
  illegal or unethical purposes

3
Todays Situation Universal Access

• There are an estimated 304 million people with
  internet access.
• All 304 million of them can attempt to
  communicate with your U of A connected computer
• Any of the 304 million can rattle the door to
  your computer to see if its locked
• On the U of A network, someone tries on a daily
  basis. (200,000 attempts every day)

4
Todays Situation Opportunities for Abuse

• To break into a safe, the safe cracker needs to
  know something about safes.
• To break into a computer, the computer cracker
  often only needs to know where to download a
  program written by someone else who knows
  something about computers.
• Such programs are freely available all over the
  net.

5
Todays Situation Result

• The complexity, anonymity, speed, and global
  reach of the internet creates opportunities for
  abusers and nightmares for law enforcement.
• Mass computer break-ins, vandalism, and abuse are
  a common occurrence.

Nothing short of no access will provide 100
security
6
Practical Aspects of Securing Our Computers

• We can secure something so well that it is
  unusable
• Most security incidents can be prevented.
• Most common computer break-ins are accomplished
  through preventable vulnerabilities.
• Security is a process, not a product. Bruce
  Schneier
• We cant buy security. We have to live it.

7
Why Awareness?

• We cant protect ourselves from a threat very
  well if were not aware of it
• Nobody can do it for us. Our ability to
  communicate with anyone around the world, our
  ability to load and configure our computers as we
  see fit, and our computers ability to perform
  any action based on the software we load means
  our security depends upon our behavior

8
Why Awareness ?

• Our dependence on computers is increasing
• Communications
• Functionality
• Service access
• The way we operate our computers increasingly
  affects our network neighbors.

9
Why Awareness?

• A free society depends upon the cooperation and
  behavior of its members. So does an open network.
  Uncooperative members can disrupt and ruin it for
  all of us.
• The internet makes it easy for uncooperative
  members to strike quickly and anonymously.
• WITFM Whats in it for me?
• How would our behavior change if our wallets,
  homes, and mail boxes could be accessed from
  around the world like our computers can?

10
Question?
When you think of the words protect, detect and
react in the realm of security, which areas do
you think is the most important to you and to
University of Arizona as a business?
11
During your typical day, you may be exposed to
situations where you become aware of an attempt
to breach an area of security. You need to be
prepared to
Protect
Detect
React
12
Campus Security Awareness Initiatives

• Ongoing Brown Bag Sessions
• Topics included
• Password Construction and Management
• Social Engineering
• Basic Computer Security
• Anti-Virus, Patches, Personal Firewall
• Email Use and Etiquette
• Schedule available at security.arizona.edu/BBSched
  ule.htm
• Security Awareness Poster
• Customized group presentations

13
Campus Security Awareness Initiatives (cont.)

• Campus Security Awareness Day
• Tuesday December 2nd
• Main Campus and AHSC
• Redesigned Security Page
• To include awareness and SIRT
• Working with HR to get a handout included in the
  New Employee Orientation
• Case for Action Video President Likins

14
Campus Policies, Guidelines and Standards

• Privacy Guidelines
• Acceptable Use Policy Interim
• Security Policy Draft
• Supporting Security Standards
• - Passwords COH enforces password changes
• - Account Management provided by COH server
• - PC Maintenance COHHelp nightly, unattended
  updates
• - Virus Malicious Code provided by COH
  server
• - Access Controls COH limits administrative
  system access
• - Software licensed, trusted installations
  provided managed by COH
• - Physical Security cable locks for COH
  computer systems
• - Business Continuity and Disaster Recovery COH
  plan
• - AND many others

15
The key to security is embedded in the word
security.
U - R - IT
SEC- -Y
16
RememberChange Your Mindset

• Average internet miscreant doesn't care about
  your research or your email
• Does care about having a new platform from which
  he can launch distributed network attacks
• May also care about your credit card number and
  personal information
• May have Robin Hood syndrome
• Easy to fall into the trap of thinking that your
  computer wouldn't be an inviting target for an
  attack - usually not the case

17
If not you, who?
If not now, when?
18

• University Information Security Office
• Bob Lancaster
• University Information Security Officer
• Co-Director CCIT, Telecommunications
• Lancaster_at_arizona.edu
• 621-4482
• Security Incident Response Team (SIRT)
• sirt_at_arizona.edu
• 626-0100
• Kelley Bogart
• Information Security Office Analyst
• Bogartk_at_u.arizona.edu
• 626-8232

http//security.arizona.edu