The “Convenient” Information Security Simple tools that can help you protect your information and privacy in cyberspace July 24 and July 26, 2013.

The “Convenient” Information Security

Simple tools that can help you protect your information and privacy in cyberspace

July 24 and July 26, 2013


• The content of this presentation are suggestions made to share best practices and are for personal use only.

• The solutions and examples cited within this presentation should not be used on GW-owned and managed systems and/or GW data without consulting the Division of Information Technology (IT). These tools are not provided or supported by GW, and the Division of IT does not provide any technical support related to these tools or resources.

• Some of the tools and resources suggested may have costs attached. Users should research and read documentation thoroughly for individual tools that meet their needs, prior to use.

• Support information can usually be found within the documentation of each tool or by visiting the company’s website

Disclaimer


• Information Security vs. Privacy• Information leaks and privacy breaches• “PPT” of Information Security• Threat Avenues and What They Mean• The Tools that You Can Use

Presentation Overview

• Information security – The general practice of defending information from unauthorized

access ,use, disclosure, disruption, modification or destruction. – Can apply to electronic or other (for example, paper or magnetic

tapes)

• Privacy– Choice of anonymity– Boundaries defined by a person for his/her safety and comfort


Information Security vs. Privacy


Information Leaks and Privacy Breaches

What happens when information leaks and privacy is breached?Root causes: Intentional, “Did not know,” Disregard, “Human error”


“PPT” of Information Security

People

Process

Technology


Threat Avenues and What They Mean

• Access– Opening the door or “logging in”– Examples: physical doorways, usernames, passwords, keyfobs,

badge access, biometrics etc.

• Storage– Where the data and information rest– Examples: a data center, the “cloud”(a collection of devices often

across multiple data centers), a local desktop, a thumb drive, a portable hard drive, tapes etc.

• Transmission– Sending or receiving– Examples: e-mail, file transfer, snail mail, fax, etc.

• Destruction– Deleting the data , reliably, irreversibly and completely such that

the remnants have no meaning or value tied to the original


What is encryption?

• At all stages of the data lifecycle, you will hear

information security professionals emphasize ‘use encryption’

So what is ‘encryption’?

Video:

http://www.youtube.com/watch?v=hd2kEJoQmOU

Demo:

http://infoencrypt.com/

http://www.youtube.com/watch?v=hd2kEJoQmOU





The Tools that You Can Use

• Access– Password managers - you have to remember just one (strong)

password– Examples: Kaspersky Password Manager, Roboform Desktop,

Ironkey Personal, LastPass, Roboform, KeePass– Rationale: Rather than using 10 weak passwords or one weak

password shared among 10 web applications, better to use a password manager

http://usa.kaspersky.com/products-services/home-computer-security/password-manager?domain=kaspersky.com

mailto:http://www.roboform.com/download

mailto:http://store1.imation.com/store/imation/list/categoryID.59867200

mailto:https://lastpass.com/

mailto:http://www.roboform.com/

http://keepass.info/


The Tools that You Can Use Continued…

• Storage– Where the data and information rest

• Examples: a data center, the “cloud”(a collection of devices often across multiple data centers), a local desktop, a thumb drive, a portable hard drive, tapes etc.

– Encrypt• Examples: using TrueCrypt, Hide-in-picture, Cypherix,

nCryptedCloud, boxcryptor– Rationale: YOU have the key that hides the data

mailto:http://www.truecrypt.org/

http://sourceforge.net/projects/hide-in-picture/

http://www.cypherix.com/cryptainerle/

https://www.ncryptedcloud.com/

https://www.boxcryptor.com/


• Transmission– Sending or receiving– E-mail, file transfer, snail mail, fax, etc.– Examples: Sendinc, Comodo, Lockbin, Safe-mail– Rationale: Un-encrypted e-mails can be intercepted and read


http://www.sendinc.com/software/outlook-email-encryption-add-in

http://www.comodo.com/home/email-security/free-email-certificate.php

https://lockbin.com/Account/SelectAccountType

http://www.safe-mail.net/


• Destruction– Deleting or destroying the data or its media, reliably, irreversibly

and completely– Examples: KillDisk , Eraser, Interconnection.org,

Resources listed at Virginia.gov, FreeSecureShredding.com– Rationale: The remnants have no meaning or value tied to the

original; includes paper and electronic


http://www.killdisk.com/

http://www.killdisk.com/

http://eraser.heidi.ie/

http://www.interconnection.org/data_destruction.php

http://www.deq.virginia.gov/Programs/LandProtectionRevitalization/RecyclingandLitterPreventionPrograms/ElectronicsRecycling/Computerandelectronicsrecycling.aspx

http://www.freesecureshredding.com/


For more information, contact …

Noor Aarohi

Senior Analyst, Risk and Compliance

Division of Information Technology

E-mail : [email protected]

mailto:[email protected]

mailto:[email protected]

The “Convenient” Information Security Simple tools that can help you protect your information and privacy in cyberspace July 24 and July 26, 2013.

Documents

support information

privacy information

information rest examples

privacy slide

technology slide

original slide

use encryption

presentation overview