8/8/2019 Information Security Guide
1/18
Information Security Guide
Meenu Jain (09609083)
Sonal Bora (06502923)
Pankaj Kumar Singh (09609036)
9/28/2010 Information Security Guide 1
8/8/2019 Information Security Guide
2/18
Introduction
Information Security Guide by Case
Western research University.
To protect information resources.
To make sure information systems are not
used in a way that damages the university,
students, or its employees.
Information Security is a Collective
Responsibility.
Helps safeguard from situations that could
inadvertently disclose university &
students information.9/28/2010 Information Security Guide 2
8/8/2019 Information Security Guide
3/18
Handling Sensitive Information
Safeguard sensitive information from
damage, loss, misuse, or unauthorized
disclosure.
Lock or log off computers when away
from your desk.
Use a password-protected screensaver.
Keep sensitive files from inadvertent
disclosure by ensuring they are not on
freely accessible servers.
9/28/2010 Information Security Guide 3
8/8/2019 Information Security Guide
4/18
Human Capital Management
Enables easily accessing payroll and
benefits data and securely managing
personal and banking tasks.
Do not share your network password with
anyone.
Do not enable automatic login.
Be sure to log out each time you visit the
HCM website.
Avoid using your ID and password
combination for other personal accounts.
9/28/2010 Information Security Guide 4
8/8/2019 Information Security Guide
5/18
FERPA & HIPAA
FERPA protects the privacy of student education
records.
Information is to be stored and transmitted using
practices for sensitive information.
Access to data is restricted to individuals who
need this information for legitimate educational
purposes.
HIPAA mandates the protection and privacy of
patient health information.
Ensure that patient data is safeguarded against
potential hacking and unauthorized access.
9/28/2010 Information Security Guide 5
8/8/2019 Information Security Guide
6/18
Passwords
Keep your Network ID, Passwords, and
PINs Confidential.
Dont use anything that can be easily
guessed.
Strong passwords should be at least 12
alphanumeric characters in length.
Passwords should be changed often
Passwords should not be shared, posted,
written down, or recycled.
Passwords should be unique.
9/28/2010 Information Security Guide 6
8/8/2019 Information Security Guide
7/18
E-mail and Instant Messaging
E-mail and IM are not risk free.
Be cautious about what you send.
Be wary about the actual source of
received e-mails.
Set up spam and junk mail filtering to
reduce your mail volume and risk
Do not open an attachment that seems
odd or out of context.
Always check the To: distribution line
before sending a message.
9/28/2010 Information Security Guide 7
8/8/2019 Information Security Guide
8/18
Computer Virus & Spam Protection
Electronic viruses are rampant. Protect yourself
Make sure that you understand the source and
purpose of any attachment before opening it.
Make sure that your computers are always
running current anti-virus software.
Sign-up for automatic online live updates to
ensure up-to-date protection.
Consider using a separate e-mail address for
some public activities.
Never buy anything advertised in spam.
9/28/2010 Information Security Guide 8
8/8/2019 Information Security Guide
9/18
Internet
Be aware of Internet risks.
Pay attention to security warnings
Dont assume that information found
on the Internet is necessarily accurate
or up to date.
Make sure that all materials you
download comply with all applicable
laws, copyright restrictions, and Case
policies.
9/28/2010 Information Security Guide 9
8/8/2019 Information Security Guide
10/18
Public Wireless Hotspots and Spyware
Wireless networking requires vigilance.
Use a VPN (Virtual Private Network)
encrypted connection when you access
proprietary information wirelessly.
Protect yourself from spyware intrusions.
Use an anti-spyware product from a
trusted vendor.
Use a personal firewall product and keep it
updated.
9/28/2010 Information Security Guide 10
8/8/2019 Information Security Guide
11/18
Phishing
Protect yourself from identity theft.
Legitimate organizations NEVERrequest personal information in such a way.
A phishing e-mail is seldom addressed to you directly.
A phishing webpage will look authentic.
Phishing is rooted in information and identity theft, which permits online theft
of millions of dollars.
9/28/2010 Information Security Guide 11
8/8/2019 Information Security Guide
12/18
Anti-Hacker Checklist - Never divulge information to strangers.
Hackers often obtain confidential information by contacting employees who
unintentionally respond.
Verify the identity of callers requesting information.
Refer all inquires on information about yourself/employees to HR.
Never discuss Cases computer hardware, software.., unless the person is
known or can verify his/her identity and need to know.
Never respond to online inquiries about banking, credit
card or other personal information.
Never give out password to anyone under any circumstances.
e wary of phishing techniques.
9/28/2010 Information Security Guide 12
8/8/2019 Information Security Guide
13/18
Software Piracyand Copyright Use only licensed software.
University provides many software programs and packages generally at no
cost to its faculty, staff and students.
Do not install any unauthorized software on PC.
If a specific software package is required which is not available
with Chase Software Center, contact business manager/Help Desk.
Do not create unauthorized copies of vendor software.
Voice Mail Ensure voice mail confidentiality.
Select passwords having at least 4 characters (8 characters are recommended).
Do not tell anyone else your password and avoid writing your password down.
Change password periodically.
Change password immediately if you think that someone else knows it.
9/28/2010 Information Security Guide 13
8/8/2019 Information Security Guide
14/18
Removable Media These powerful tools can be full of important
and proprietary information.
Removable media such as diskettes, CDs,USB drives and other
media often contain important information and should be secured.
Lock up removable media when not in use. Do not place removable media near magnets/magnetic devices.
Properly label diskettes and other removable media.
Do not dispose of a disk without ensuring the destruction of
information.
Be sure to inventory the contents of media on a regular basis.
9/28/2010 Information Security Guide 14
8/8/2019 Information Security Guide
15/18
8/8/2019 Information Security Guide
16/18
Theft Deterrents Protect your electronic equipment from theft.
Restrict physical access of machines to trusted and authorized individuals.
Never leave a laptop unattended and make sure it is secured with a
cable lock or locked into docking station, or in a drawer.
Protect your home PC A five-step proactive security approach.
Step 1: Set Security Configurations.
Step 2: Use an Internet Firewall.
Step 3: Update Computer.
Step 4: Use Up-to-Date Antivirus Software.
Step 5: Secure Home Wireless Network.
9/28/2010 Information Security Guide 16
8/8/2019 Information Security Guide
17/18
Conclusion
Human Capital Management
FERPA - A federal law
HIPAA - Security rule
Threats to Information Security
Passwords
E-mail and Instant Messaging
Computer Viruses
Spam Protection
Internet
Phishing
Public Wireless Hotspots
Spyware
Identity Theft
Software Piracy & Copyright
Removable Media
Mobile Devices
9/28/2010 Information Security Guide 17
Information Security A Collective Responsibility
8/8/2019 Information Security Guide
18/18
Thank YouAny Questions ?
Meenu Jain (09609083)
Sonal Bora (06502923)
Pankaj Kumar Singh (09609036)
9/28/2010 Information Security Guide 18