Information Security for Your Office - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Information Security for Your Office

Description:

Protecting Information. Universities in the News! University of Idaho. 70,000 Donor Records ... Information Technology Resource Use (8000) ... – PowerPoint PPT presentation

Number of Views:69
Avg rating:3.0/5.0
Slides: 24
Provided by: bob490
Category:

less

Transcript and Presenter's Notes

Title: Information Security for Your Office


1
Information Security for Your Office
  • Information Security Office
  • Bob Henry
  • Information Security Officer
  • CISSP
  • GCIH
  • GCFA
  • http//boisestate.edu/oit/iso

2
Information Security for Your Office
  • Role of Information Security Office
  • Mission and Role
  • Alphabet Soup
  • Laws, Rules, Regulations, Policies, Standards
  • Best Practices
  • Data Classification
  • And How to Classify Data
  • Protecting Information

3
Universities in the News!
  • University of Idaho
  • 70,000 Donor Records
  • University of Texas at Austin
  • 225,000 Student Records
  • UCLA
  • 500,000 Student Records

4
University NOT in the News!
  • Boise State University
  • Zero Lost Records
  • So Far!
  • Go Broncos!

5
Information Security Office
  • MISSION
  • Build Security Awareness
  • Maintain and Develop Information Security Policy
  • Investigate Information Security Incidents
  • Protecting Our Constituent Information is a Team
    Effort

6
Information We Keep
  • Students, Faculty, Staff, Donors, Contractors
  • Financial Records
  • Grades
  • Credit Card Information
  • Health Care Information
  • Addresses
  • Phone Numbers
  • Insurance Records
  • Social Security Numbers
  • All Protected By Law!

7
Alphabet Soup
  • So Many Laws . . .
  • FERPA
  • HIPAA
  • PCI-DSS
  • GLB
  • SOX
  • Red Flag Alerts
  • Idaho Code
  • 28-51-105
  • 28-51-

8
Alphabet Soup
  • . . . And Boise State Policy!
  • Information Technology Resource Use (8000)
  • http//www.boisestate.edu/policy/policy_docs/8000_
    informationtechnologyresourceuse.pdf
  • Information Privacy and Security (8060)
  • http//www.boisestate.edu/policy/policy_docs/8060_
    InformationPrivacySecurity.pdf
  • Cash Handling (6010)
  • http//www.boisestate.edu/policy/policy_docs/6010_
    CashHandling.pdf

9
Alphabet Soup
  • P. I. I.
  • Personally Identifiable Information
  • The One Acronym That Says it All!

10
Best Practices
  • Know the Data Your Office Handles
  • Data Classification
  • Know How to Safeguard the Data
  • Protecting Information

11
Best Practices
  • Data Classification
  • Method to identify the level of protection
    various kinds of information need or require
  • A rubric of three levels of sensitivity
  • Policy is currently in the approval process
  • http//boisestate.edu/oit/iso/dataclassification.s
    html

12
Best Practices
  • Data ClassificationLevel One
  • Private information that must be protected as
    required by law, industry regulation, or by
    contract
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

13
Best Practices
  • Data ClassificationLevel Two
  • Protected information that may be available
    through Freedom of Information Act Requests to
    Examine or Copy Records
  • Examples?
  • Consequences of loss
  • Loss of funding
  • Fines
  • Bad Publicity
  • Expose students, staff, contractors, donors to
    identity theft

14
Best Practices
  • Data ClassificationLevel Three
  • Public Information
  • Examples?
  • Consequences of loss
  • Loss of personal use of a computer
  • Loss of personal data with no impact to the
    university
  • Bad Publicity

15
Best Practices
  • Data ClassificationHow To
  • The Big Three of Information Security
  • Confidentiality
  • the need to strictly limit access to data to
    protect the university and individuals from loss
  • Integrity
  • data must be accurate and users must be able to
    trust its accuracy
  • Availability
  • data must be accessible to authorized persons,
    entities, or devices
  • http//boisestate.edu/oit/iso/how2classdata.shtml

16
Best Practices
  • Data ClassificationHow Can Data be Lost?
  • Laptop or other data storage system stolen from
    car, lab, or office.  
  • Research Assistant accesses system after leaving
    research project because passwords aren't
    changed.  
  • Unauthorized visitor walks into unlocked lab or
    office and steals equipment or accesses unsecured
    computer.  
  • Unsecured application on a networked computer is
    hacked and data stolen.

17
Best Practices
  • Data ClassificationHow To Protect Systems
  • Minimum Security Standard for Systems
  • http//boisestate.edu/oit/iso/minsecstdsystems.sht
    ml

18
Best Practices
  • Protecting Information
  • Dont let personnel issues become security issues
  • Control access to buildings and work areas
  • If you print itgo get it right away
  • Lock up sensitive informationincluding laptops
  • Store sensitive information on file servers
  • Shred it if you can
  • Know Boise State Information Handling Policies

19
Best Practices
  • Protecting Information
  • Use strong passwords
  • Change passwords often
  • Use different passwords on different systems
  • Never share your password
  • Password protect your screensaver
  • Manually lock your screen whenever you leave your
    desk

20
Best Practices
  • Protecting Information
  • Be sure your office computers operating systems
    and anti-virus software are up-to-date
  • Remind staff to never open unsolicited email from
    an unknown source or click on unfamiliar web
    addresses
  • Follow computer salvage proceduresfor disks,
    too!

21
Best Practices
  • Know who to call!
  • I think an office computer is infected, what do I
    do?
  • Call the Help Desk
  • 6-4357
  • I think I lost the USB drive I used to take some
    sensitive files home to work on, what do I do?
  • Call the Information Security Office
  • 6-5501

22
(No Transcript)
23
Information Security for Your Office
  • Incident Response Procedure
  • http//boisestate.edu/oit/iso/incresponseprocedure
    .shtml
  • Presentation available
  • http//boisestate.edu/oit/iso/awareness.shtml
  • Questions? Suggestions?
Write a Comment
User Comments (0)
About PowerShow.com