Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1 infosec@wfu.edu

Post on 23-Dec-2015

215 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

Transcript

1

New Employee Orientation-

Information Security

Joel Garmon, Director, Information Security

Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior

infosec@wfu.eduhttp://infosec.wfu.edu/

2

Who We Are - IT Security

Work together as a team to ensure protection of computer systems and data University-wide (using technology, policies and procedures).

infosec@wfu.eduhttp://infosec.wfu.edu/

Director of Information Security reports to Information Systems CIO and General Counsel in Legal Department.

3

Password Guidelines At least 6 characters.

At least 1 number.

Do not reuse old passwords.

Change password every 6 months. 

infosec@wfu.eduhttp://infosec.wfu.edu/

4

Phishing

The fraudulent practice of sending emails purporting to be from legitimate companies in order to induce individuals to reveal personal information.

NEVER SEND YOUR PASSWORD OR ANY PERSONAL INFORMATION THROUGH EMAIL TO ANYONE.

Wake Forest University will never ask you to provide personal information, such as your social security number or passwords, via email message.

infosec@wfu.eduhttp://infosec.wfu.edu/

5

Phishing Example

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

infosec@wfu.eduhttp://infosec.wfu.edu/

6

Legitimate Email?--------- Forwarded message ----------From: Wake Forest University <customerservice@wfu.edu>Date: Tue, Apr 17, 2012 at 8:09 AMSubject: New Secure Message Regarding Your Wake Forest UniversityTo:

New Important Security Message Alert!

Log In in order to resolve the problem . Click to log in.

infosec@wfu.eduhttp://infosec.wfu.edu/

7

Copyright Violations Do not use peer-to-peer sharing

applications, such as BitTorrent.

If you have questions about use of video or music, please contact ZSR Library for guidance.

infosec@wfu.eduhttp://infosec.wfu.edu/

8

Encryption of Emails WinZip can be used to encrypt

attachments to emails.

Confirm recipient's email address is correct.

Email encryption password in separate email.

If unsure of confidentiality of data, be conservative and encrypt attachment files.

infosec@wfu.eduhttp://infosec.wfu.edu/

9

EncryptionWFU IS department will encrypt staff laptops.

Smart phones that receive WFU email must be passcode protected.

USB flash drives can be encrypted. Consult the following web site for examples of USB flash drives that support encryption.

http://infosec.wfu.edu/Consult IT support person in your area or any member of security team for questions.

infosec@wfu.eduhttp://infosec.wfu.edu/

10

Connection from Home Use the Virtual Private Network (VPN) software to

connect to the WFU network. Consult the following web site for information:

http://help.wfu.edu/techguide/vpn

Ensure that your home computer is up to date regarding operating system patches, and antivirus patches.

Ensure that data is secure appropriately on USB drive as the data is being transported home.

infosec@wfu.eduhttp://infosec.wfu.edu/

11

Workstation SecurityPhysical Controls –

Use lock down cable connected to laptop or desktop. Do not leave laptop visible in car. Do not leave unattended laptop in meeting rooms,

library tables or classrooms.

Logical Controls – Enable password protected screen savers. Do not post passwords on desk, on wall, or anywhere

visible to others. Do not share passwords with others.

infosec@wfu.eduhttp://infosec.wfu.edu/

12

Data ClassificationNon-Public Information (NPI)

Social Security Number

Credit Card Information

Bank Information

Student Records

Drivers License Information

infosec@wfu.eduhttp://infosec.wfu.edu/

13

Impact of Security Breach

Any employee that works with NPI could potentially be aware of a breach.

More importantly, employees aware of a breach must contact IS Security.

Security breaches can affect many people.

For example, Norte Dame had a breach of credit card data in 2006 as well as an employee record data breach in 2009. The affects were as follows: 24,000 employees affected by 2009 breach, personal information exposed on the Internet, and Notre Dame worked to minimize future threats. Notre Dame’s overall cost to mitigate 2006 PCI breach was a one time $4.6M fee and $630K recurring.

http://www.ndsmcobserver.com/ WFU’s reputation would be majorly affected as well as having to pay financial

penalties.

infosec@wfu.eduhttp://infosec.wfu.edu/

14

Who to Contact for Security Concerns

Bridge at ZSR Library http://help.wfu.edu758-4357

infosec@wfu.eduJoel Garmon, Director, Information SecurityMike Rollins, Security ArchitectJeffrey Teague, Security Analyst, Senior

infosec@wfu.eduhttp://infosec.wfu.edu/

15

infosec@wfu.eduhttp://infosec.wfu.edu/

top related