![Page 1: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/1.jpg)
Information Security:Everyone is Responsible
Information Security:Everyone is Responsible
Presented by:Information Technology - Information Security Services
University of Oklahoma Health Sciences Center
Presented by:Information Technology - Information Security Services
University of Oklahoma Health Sciences Center
Information Security: New Employee OrientationInformation Security: New Employee Orientation
![Page 2: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/2.jpg)
Information Security: Outcome StatementInformation Security: Outcome Statement
At the conclusion of this presentation you should be able to:
1. Define Information Security
2. Identify threats
3. State safe practices
4. Know where to report an incident
1. Define Information Security
2. Identify threats
3. State safe practices
4. Know where to report an incident
![Page 3: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/3.jpg)
Information Security: What is it? Why?Information Security: What is it? Why?
Information Security is:
• Protection of information from threats
Goals of Information Security:
• Ensure Business Continuity• Minimize Risk• Maximize Return on Investment
![Page 4: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/4.jpg)
Information Security: Three TenantsInformation Security: Three Tenants
• ConfidentialityInformation is disclosed only to those
authorized• Availability
Information is accessible when required• Integrity
Information is accurate, authentic, complete and reliable.
The right data to the right people at the right time
![Page 5: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/5.jpg)
Information Security: What does it Protect…Information Security: What does it Protect…
• Patient Information• Personal Identifiable Information• Our Identity• Our reputation
![Page 6: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/6.jpg)
Information Security: ThreatsInformation Security: Threats
• Malware• Viruses• Worms• Spyware• Trojans
• Social Engineering• Phishing• Spear Phishing• Spam
![Page 7: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/7.jpg)
Information Security: E-mail ThreatInformation Security: E-mail Threat
• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM
• 27,735,000 malicious e-mails blocked from delivery to OUHSC in a month
![Page 8: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/8.jpg)
Information Security: Safe Practices for E-mailInformation Security: Safe Practices for E-mail
• Do not open unsolicited email or attachments
• Do not reply to SPAM
• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business
• Place a confidentiality notice in your signature block
![Page 9: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/9.jpg)
Information Security: Malicious Software threatInformation Security: Malicious Software threat
• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers
• 1 in 10 web sites attempt to download software without permission
![Page 10: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/10.jpg)
Information Security: Safe Practices for the InternetInformation Security: Safe Practices for the Internet
• Set higher security settings in your browser
• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)
• Avoid Game Sites and sites that require you to fill out online forms
• Install a spyware removal tool
• Always remember that your computer is a business tool
![Page 11: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/11.jpg)
Information Security: Employee ResponsibilitiesInformation Security: Employee Responsibilities
• Use resources appropriately
• Protect your user-id and system
• Only access information that pertains to your job function
• Policies, Procedures, local, state and federal laws
• Be responsible
![Page 12: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/12.jpg)
Information Security: Password ManagementInformation Security: Password Management
• Protect It! Memorize It!
• Use Strong Passwords• At least 8 characters• No personal information• No dictionary words• Use 3 of 4 character types
• Upper case letters• Lower case letters• Numbers• Special Characters (!@#$%^&*)
![Page 13: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/13.jpg)
Information Security: Password ManagementInformation Security: Password Management
Create “Passphrases” Make it memorable Use a secret code
Examples:“il2pBB@6:30”: I like to play basketball at 6:30
“LMissMs04t”: Little Miss Muffet sat on a tuffet
“RedPensTalk2WhiteG@tors”: made up phrase
![Page 14: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/14.jpg)
Information Security: Regulatory ComplianceInformation Security: Regulatory Compliance
• HIPAA – Healthcare Insurance Portability and Accountability Act
• Protected Health Information “PHI”
• PCI DSS – Payment Card Industry Data Security Standards• Protects cardholder data
• GLBA – Gramm-Leach-Bliley Act• Protects consumers’ personal financial
information
![Page 15: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/15.jpg)
Information Security: Safe Practice- Follow PoliciesInformation Security: Safe Practice- Follow Policies
• Follow policies to help protect your data
• It’s the LAW
• See http://it.ouhsc.edu/policies/
![Page 16: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/16.jpg)
Information Security: Incident ResponseInformation Security: Incident Response
• Types of Incidents• Suspicious email (spam or phishing attacks)• Viruses (usually via email)• Sharing of authentication (passwords or
privileges)• Attempts to gain unauthorized access• Unauthorized modifications of files and records• Attaching unapproved devices to the network• Abuse of authority or privilege• Theft
![Page 17: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/17.jpg)
Information Security: Incident ResponseInformation Security: Incident Response
• How to report an Incident• Information Security Services should be notified
immediately of an information security incident.
• Information Security Incidents can be reported in the following methods:• Contact the Service Desk at 405.271.2203• Email: [email protected]• Contact the Information Security Services office at
405.271.2476• Email: [email protected]• Website: http://it.ouhsc.edu/services/infosecurity/
![Page 18: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/18.jpg)
Information Security: Safe practices summaryInformation Security: Safe practices summary
– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings – Avoid unknown software from the Internet– Personal Firewall protection installed– Email caution– Report suspicious activity
![Page 19: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/19.jpg)
Information Security: Stay Safe OnlineInformation Security: Stay Safe Online
• Information Security• http://www.sans.org• http://www.sans.org/tip_of_the_day.php• http://www.microsoft.com/protect/yourself/password/checker.mspx
• Free Anti-Virus and Anti-Spyware Tools• http://free.grisoft.com• http://www.comodo.com• http://www.safer-networking.org/en/index.html
• Online Safety• http://www.staysafeonline.org
• Identity Theft• http://www.privacyrights.org• http://www.usdoj.gov/criminal/fraud/websites/idtheft.html
![Page 20: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/20.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…
1. What is Information Security?The protection of information from threats
![Page 21: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/21.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…
2. I have a responsibility to protect what two aspects of information security at OUHSC?
a. Confidentiality and Integrityb. Confidentiality and Availabilityc. Integrity and Availabilityd. I am not responsible for information
security at OUHSC
![Page 22: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/22.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…
3. When I receive an email with an attachment from someone I do not know, I should…
a. Open it immediately to find out what it saysb. Forward it to my friends and familyc. Just delete itd. Unsubscribe
![Page 23: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/23.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…
4. How do I report an incident?
a. Contact the Service Deskb. Contact Information Securityc. Go to Website:
http://it.ouhsc.edu/services/infosecurity/d. All of the above
![Page 24: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/24.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…5. What is the best way to remember your
password?
a. Write it down and hide it under the keyboard
b. Share it with a coworker so he/she can help when you forget it
c. Memorize itd. Create a simple password, like abc123
![Page 25: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/25.jpg)
Information Security: QuizInformation Security: Quiz
Quiz Time…Bonus
What are the characteristics of a complex password?
![Page 26: Information Security: Everyone is Responsible Presented by: Information Technology - Information Security Services University of Oklahoma Health Sciences](https://reader037.vdocuments.net/reader037/viewer/2022102923/5517789055034645368b4ef8/html5/thumbnails/26.jpg)
Information Security: Thank YouInformation Security: Thank You