Information Security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Information Security

Description:

Select the right tools for the protection we need and tailor them to our environment ... Test the solution and make sure it works the way it is intended to ... – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 23
Provided by: SBSU2
Category:

less

Transcript and Presenter's Notes

Title: Information Security


1
Information Security
Georgios Mousouros Support Systems Analyst,
Sr Information Security Liaison College of Social
and Behavioral Sciences University of
Arizona georgios_at_email.arizona.edu
http//www.sbs.arizona.edu/security
2
Agenda
  • Introduction
  • Goals
  • Security Cycle of Life
  • The Numbers
  • Identity Theft
  • Examples and Incidents
  • Internet and System Security
  • Social Engineering
  • Social Networking and Privacy
  • Physical Security
  • Backups
  • Data classification
  • Where the data is stored
  • Personal Information
  • Retention Schedule
  • Tools
  • Questions?

3
Information Security
  • Information Security means protecting information
    and systems from unauthorized access, use,
    disclosure, disruption, modification, or
    destruction.
  • Information Security includes
  • - Physical (environment and facilities)
  • - Logical (passwords, firewalls etc)
  • - Data (classification)
  • - User access (browsing, entering sensitive
    data)

4
Goals
  • Education and awareness
  • Prevent the compromise of Information Security
  • Increase Level of Security
  • Prevent unauthorized users from accessing our
    information
  • Prevent loss of information

5
Security Cycle of Life
  • Audit and Assessment
  • Get an accurate picture of the colleges
    security risks
  • Solution Design
  • Select the right tools for the protection we
    need and tailor them to our environment
  • Solution Implementation
  • Implement the solution according to needs and
    availability
  • Testing
  • Test the solution and make sure it works the way
    it is intended to
  • Operation and Maintenance
  • Enforce security standards by continuously
    measuring and tracking for new security gaps

6
The Numbers
  • 98 of users say that sending and receiving
    emails is their top priority
  • 14 of users read spam and 4 buy products
    advertised in spam
  • 71 of all emails in the second half of 2007 was
    spam
  • 63 of all phishing hosts identified, were in the
    United States

7
The Numbers
  • 55 of online users have been infected with
    spyware
  • 83 of users use an anti-virus protection and 73
    of them update their definitions regularly
  • 42 of all complaints in the Federal Trade
    Commissions database, accounted for Identity
    Theft
  • Arizona has the worst per-capita trouble with
    identity theft
  • Why is your information important?

8
Identity Theft
9
How much is your stolen Identity worth?
  • In the second half of 2007
  • 500 stolen credit cards 200 (40cents per card,
    50 less than 1st half of 2007)
  • 50 full Identities 100 (2 per Identity)
  • EU Identities 30 per Identity (it can be used
    in multiple countries)
  • 1 bank account 10
  • The cost to you Priceless

10
Phishing Example
  • From "EMAIL.UC.EDU SUPPORT" ltsupport_at_email.uc.edu
    gt
  • Date January 24, 2008 93614 AM EST
  • To undisclosed-recipients       
  • Subject Confirm Your E-mail Address
  • Reply-To youfidnet_at_yahoo.com
  •  
  •         Dear Email.uc.edu Subscriber,  
  •         To complete your email.uc.edu account,
    you must reply to this email 
  •         immediately and enter your password here
    ()  
  •         Failure to do this will immediately
    render your email address 
  •         deactivated from our database.
  •  
  •         You can also confirm your email address
    by logging into your 
  •         email.uc.edu account at
    https//email.uc.edu
  •  
  •  
  •         Thank you for using EMAIL.UC.EDU ! 
  •         EMAIL.UC.EDU TEAM

11
Incidents
  • Library, Student Union
  • Stolen Laptops
  • Identity Theft
  • Instant Messenger (FBI)
  • Homeland Security Department telephone system
  • Phishing
  • USB Flash drives in parking lot
  • 11 hackers stole 41 million credit card numbers
  • Chile 6 million IDs online
  • Virginia Tech

12
Internet and System Security
  • Email
  • - Email is the electronic equivalent of a
    postcard
  • Public Wireless Networks
  • Web browsing
  • Instant Messaging
  • Anti-virus/Firewall
  • Sharing Passwords
  • System Lock or Logoff

13
Social Engineering
  • Collection of techniques used to manipulate
    people into giving confidential information
  • - Pretexting the act of creating a scenario
    to persuade a target to release information
  • - Phishing a technique to obtain private
    information
  • - Phone phishing a system that recreates a
    legitimate sounding copy of a bank or other legit
    organizations
  • - Trojan Horse and virus this technique
    usually uses attachments in emails or websites,
    small files that take and send private information

14
Social Networking and Privacy
  • 350 sites and growing
  • Face book, MySpace

15
Physical Security
  • Lock doors
  • Secure any media
  • Intrusion detection
  • Levels of access and authorization

16
Data Classification
  • Confidential
  • SSNs and Student IDs
  • Driver Licenses
  • Student Financial Information
  • Birth dates
  • Account Numbers
  • P-cards
  • Insurance Information
  • Grades
  • Counseling/Mental Health Records
  • Medical Records
  • Disability Records
  • Non-disclosure Agreements
  • Sensitive
  • Actions pertaining to renewal/termination of
    employment
  • Library Patron Records

17
Where the data is stored
  • Websites
  • Email
  • Personal documents
  • Homework assignments
  • Grade books
  • Purchase forms
  • Which computers in our college have sensitive
    data?

18
Personal Information
  • Personal information includes first name or
    initial and last name accompanied by
  • Social Security Numbers
  • Arizona drivers license numbers
  • State ID card
  • Credit or debit card number
  • http//www.security.arizona.edu/pi

19
Retention Schedule
  • Email
  • Electronic and paper files
  • Applications
  • Grades
  • All records have expiration dates
  • If you delete it you dont need to secure it!
  • If you cant delete the file, secure the personal
    information.
  • Option 1 Transfer files with personal
    information to a server or media
  • Option 2 Separate the number from the associated
    name
  • Option 3 Truncate the number to the last four
    digits
  • Option 4 Encrypt personal information

20
Backups
  • Backups should be conducted daily on users end
  • Secure any media you have files on
  • - hard drives
  • - cd/dvd
  • - flash drives

21
Tools
  • Password Safe, Password Gorilla
  • Spider (Personal Information Sweep)
  • Encryption for portable media (Truecrypt)
  • Secunia
  • Central patching and updating (OCS)

22
Georgios Mousouros Support Systems Analyst,
Sr Information Security Liaison College of Social
and Behavioral Sciences University of
Arizona georgios_at_email.arizona.edu
  • Questions?

http//www.sbs.arizona.edu/security
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!