IT Security Awareness: Information Security is Everyone - PowerPoint PPT Presentation

About This Presentation
Title:

IT Security Awareness: Information Security is Everyone

Description:

IT Security Awareness: Information Security is Everyone s Business A Guide to Information Technology Security at Northern Virginia Community College – PowerPoint PPT presentation

Number of Views:589
Avg rating:3.0/5.0
Slides: 40
Provided by: Cathy198
Category:

less

Transcript and Presenter's Notes

Title: IT Security Awareness: Information Security is Everyone


1
IT Security AwarenessInformation Security is
Everyones Business
  • A Guide to Information Technology Security at
  • Northern Virginia
  • Community College

2
Goals of IT Security Awareness Training
  • To assist faculty and staff in using safe, secure
    computer practice to safeguard College computing
    systems and data they store or access.
  • To answer any questions about information
    security requirements and procedures
  • To promote Computer Security Awareness

3
Information Technology Security Awareness
4
What Is IT Security Awareness?
  • Information Technology Security Awareness means
    understanding various information technology
    threats that exist in one's computing environment
    and taking reasonable steps to guard against
    them.

5
Who Is Responsible for IT Security?
  • Everyone who uses a computer needs to know how to
    keep his or her computer and data secure to
    ensure a safe working environment.
  • NOTE Security Awareness is one of the thirteen
    security components required in the COV ITRM
    Standard SEC2001-01.1.

6
Who Must Have Security Awareness Training?
  • All new employees who use information technology
    or have access to areas where information
    resources reside, must receive formal training
    within 30 days
  • Refresher training must be provided to all
    personnel annually at a minimum

7
What Are User Personal Responsibilities?
  • Report security violations
  • Develop end-of-day security procedures
  • Practice proper telephone and e-mail security
  • Clear physical area in office of sensitive data
    when not in office
  • Do not leave your portable unattended
  • Lock your office, if possible

8
What Are the Consequences for Security Violations?
  • Risk to security and integrity of personal or
    confidential information
  • Los of employee and public trust resulting in
    embarrassment and bad publicity
  • Costly reporting requirements in case of
    compromise of sensitive information
  • Internal disciplinary action(s) up to and
    including termination of employment, possible
    penalties, prosecution, potential for
    sanctions/lawsuits

9
What Must Be Included in the Security Awareness
Training Program?
  • Provide both general and position appropriate
    security awareness content
  • Specify timeframes for receiving initial, ongoing
    and refresher training
  • Be documented on an auditable medium
  • Be approved by the Information Systems Security
    Officer

10
How Is Security Awareness Training Documented?
  • Receipt of training must be documented in
    employees personnel file with employees
    acknowledgement of receipt and understanding
  • All training must be documented and filed with
    Information Systems Security Officer and
    available for audit

11
How Can Training Be Delivered?
  • New employee orientation
  • General sessions
  • Departmental sessions
  • Web delivery via Web Pages, PowerPoint or video
  • Tip of the month via email to distribution lists

12
How Can Training Be Delivered?
  • Posters
  • Brochures
  • Security Day
  • Brown bag lunch sessions

13
Computer Security
14
How Do I Secure My Computer?
  • Use a firewall
  • Use strong passwords
  • Use antivirus software
  • Install security patches
  • Share files correctly
  • Back up files regularly
  • Dont store sensitive information on hard drive

15
How Can I Prevent Spyware on my Computer?
  • Avoid free tool bars for your browser since they
    may come with spyware
  • Regularly use spam cleaners to remove spyware.

16
Using USB Drives Safely
17
How Do I Use USB Flash Drives Safely?
  • Back up files on USB flash drive
  • Do not store sensitive data, such as SSNs or
    student grades, on USB flash drive
  • If possible, use password to protect data on USB
    flash drive
  • Remember to remove drive from your computer
    before walking away

18
Safe Email Practice
19
What Is Safe Email Practice?
  • Dont open email attachments unless you know what
    they are.
  • Dont open, forward or reply to spam or
    suspicious emails delete them.
  • Be aware of sure signs of scam email.
  • Not addressed to you by name
  • Asks for personal or financial information
  • Asks you for password
  • Asks you to forward it to lots of other people

20
Safe Email Practice
  • Dont click on website addresses in emails unless
    you know what you are opening.
  • Use official VCCS student email to communicate
    with students about grades or to provide feedback
    on assignments.
  • Report email security concerns to IT Help Desk.

21
How Do I Recognize Phishing?
  • Phishing is type of email or instant message scam
    designed to steal your identity.
  • Phishing is the act of attempting to
    fraudulently acquire sensitive information, such
    as usernames, passwords, and credit card details,
    by masquerading as trustworthy entity in
    electronic communication using email or instant
    message.

22
How Can I Safeguard Against Phishing?
  • Dont reply to email or pop-up messages that ask
    for personal or financial information.
  • Dont click on links in email or instant message.
  • Dont cut and paste link from questionable
    message into your Web browser.
  • Use antivirus and firewalls and update them
    regularly.
  • Dont email personal or financial information.

23
  • If you are scammed, visit Federal Trade
    Commissions Identity Theft website
    www.consumer.gov/idtheft

24
Protecting Sensitive Information
25
How Do I Protect Sensitive Data?
  • Protect sensitive information on lists and
    reports with social security numbers (SSNs).
  • Limit access to lists and reports with SSNs to
    those who specifically need SSNs for official
    college business.
  • Never store SSNs or lists with SSNs on laptops or
    home computers.
  • Save and store sensitive information on server
    managed by campus or college IT staff.

26
Protection of Sensitive Data
  • Never copy sensitive data to CDs, disks, or
    portable storage devices.
  • Do not sore lists with sensitive information on
    the Web.
  • Lock printed materials with sensitive data in
    drawers or cabinets when you leave at night.
  • When done with printed sensitive material, shred
    them.

27
Protection of Sensitive Data
  • Remove sensitive materials from printer right
    away.
  • If problem with printer, turn off printer to
    remove sensitive material from printers memory.
  • Personally deliver sensitive materials to
    recipient or distribute information
    electronically using Colleges email system.
  • Arrange for shared electronic file that requires
    user ID and password.

28
Password Security Guidelines
29
What Are the Password Security Guidelines?
  • Passwords must be treated as sensitive and
    confidential information.
  • Never share your password with anyone for any
    reason.
  • Passwords should not be written down, stored
    electronically, or published.

30
Password Security Guidelines
  • Be sure to change initial passwords, password
    resets and default passwords first time you log
    in.
  • Use different passwords for your different
    accounts.
  • Create passwords that are
  • not common,
  • avoid common keyboard sequences,
  • contain personal information, such as pets
    birthdays.

31
Top Ten List of Good Computing Practices
32
What Are the Steps to Take to Ensure Safe
Computing?
  • Use cryptic passwords that cant be easily
    guessed and protect your passwords.
  • Secure your area, files and portable equipment
    before leaving them unattended.
  • Make sure your computer is protected with
    anti-virus and all security patches and updates.

33
Steps to Ensure Safe Computing
  • Make backup copies of data you do not want to
    lose and store the copies very securely.
  • Dont save sensitive information on portable
    devises, such as laptops, memory sticks, PDAs
    data phones, CDs/DVDs.
  • Practice safe emailing.
  • Be responsible when using the Internet.

34
Steps to Ensure Safe Computing
  • Dont install unknown or suspicious programs on
    your computer.
  • Prevent illegal duplication of proprietary
    software.
  • Protect against sypware/adware.

35
How Should I Report Security Incidents?
  • Immediately report suspected security incidents
    breaches to your supervisor and the IT Help Desk.

36
Resources
37
Resource Handout
  • Use the handout found on the IT Security
    Awareness Training website as easy reference for
    steps to follow to ensure information security.

38
College and Campus Resources
  • Contact the IT HelpDesk
  • ithelpdesk_at_nvcc.vccs.edu
  • 703-426-4141
  • Contact the Office of Instructional Information
    Technology Support Services
  • 703-323-3278
  • Contact your campus Information Technology
    Manager (ITMs)

39
Campus IT Staff Contacts
  • Dave Babel (AL) dbabel_at_nvcc.vccs.edu
  • 703-845-6019
  • Bruce Ghofrany (AN) bghofrany_at_nvcc.edu
  • 323-4259
  • Jeff Howlett (MEC) jhowlett_at_nvcc.vccs.edu
  • 703-822-6666
  • Kevin Kelley (LO) kkelley_at_nvcc.edu
  • 703-450-2569
  • Lynn Bowers (MA) lbowers_at_nvcc.vccs.edu
  • 703-257-6652
  • Lynn Feist (WO) nvfeisl_at_nvcc.vccs.edu
  • 703-878-5659
  • Peter Tharp (CS) ptharp_at_nvcc.vccs.edu
  • 703-323-3705
  • Tom Pyron (ELI) jpyron_at_nvcc.edu
  • 703-323-3800
Write a Comment
User Comments (0)
About PowerShow.com