information security 2014 roadshow
DESCRIPTION
Information Security 2014 Roadshow. Threats Facing Us Today Scams Phishing Social Engineering Malware What We Can Do Information Security’s Efforts Efforts You Can Make Data Classification Data Collection Risks PCI Resources. Roadshow Outline. What to Watch Out For. Web Scams: - PowerPoint PPT PresentationTRANSCRIPT
Information Security2014 Roadshow
Roadshow Outline Threats Facing Us Today
Scams Phishing Social Engineering Malware
What We Can Do Information Security’s Efforts Efforts You Can Make
Data Classification Data Collection Risks
PCI Resources
What to Watch Out For
Web Scams: Always check the Address of the site Check to verify HTTPS if appropriate Check links for spoofed destinations Miss directed URLs – Bad download sites
Phishing:Do NOT click links or attachments when you do not know the senderRead the message to verify the language and contentCheck the address of the sender to see if spoofedCheck any links to see if spoofedMake sure the signature is from a valid personIf victim of phishing, RESET PASSWORD,
call HelpdeskForward suspect phishing messages to
What to Watch Out For
Malware:
Ensure you are running anti-virus software at all times
Verify download sites before downloading any software. Always pull from the vendor and only install necessary components
Watch for Adware Look for browser plugins and software add-ons
during installs. Ensure you are downloading the correct software Ensure you are at the correct download site Don’t install software you do not need
With Fake-AV, power down the system. Do not try to save or perform a safe Shutdown.
What to do if Infected with Malware
What is Information Security Doing
Monitoring:• Through network equipment we
watch for potential threats and will notify if we suspect a threat.
Support:• User Services will help to
restore your system and if possible protect your data.
Education:• Through programs like this and
new CBTs we work to inform users of threats and safeguards.
Endpoint protections:• Through tools such as anti-virus
we work to protect users computers against malware threats and attacks.
What can you do if you suspect you have been infected.
Remove your computer from the network:• If you suspect you have a virus
power down your computer and unplug the network connection immediately.
Change all of your passwords:• From a different computer,
reset all of your passwords (Network, Banner, etc.).
Contact the Helpdesk:• The helpdesk is your first line
of support. They have a protocol for managing malware infected systems.
Inventory your data:• LIS makes no promises of being
able to recover locally stored data. Begin an inventory off all data and where you have it stored. This will aid in the recovery process as well as assessing where we need to look for potential corruption.
What Can be Done to Prevent an Attack
What is Information Security Doing
Education:• CBT: New CBT being developed• RoadShow: Updated InfoSec
presentation• Web:
http://go.middlebury.edu/infosec
• Working with the Helpdesk to improve response time for security issues.
Architecting a More Secure Infrastructure• Working with CSNS to improve
edge Security• PCI Enclave
Technology improvements• Auditing tools• Multi-Factor authentication• Secure communication and
messaging Governance enhancements
• New Policies: PCI, DCP• Better Auditing through
automation• Better Monitoring through
automation and more coverage
What can you do around Information Security
Always maintain your anti-virus
Stay educated and aware on information security issues
Employ best and safe computing practices
Stay aware of current security policies
Verify all software before instillation
Only download applications or data from known sources.
Data Classification – What to Collect and How
http://go.middlebury.edu/sensitivedatahttp://go.miis.edu/sensitivedata
What is the Risk
Risk• Loss of Data
• Exposure of Data
• Corruption of Data
Consequences• Reputational Damage
• Fines and Loss of Revenue
• Legal Repercussions
PCI-DSS: How Schools Compare
PCI-DSS: What Does it Mean to Middlebury and You
• Compliance with PCI determines our ability to process credit cards
• A data breach could include your data.
• A breach could result in penalties and fines as well as reputational damage.
• As a data processor or an MDRP you are partially responsible for the protection of the card holder data.
• Middlebury has committed to PCI through policy and practice.
• Middlebury will not accept payment cards by email or fax and does not store card data in written form.
• A part of PCI-DSS includes education which will help you better understand the security concerns
Resources on Information Security
Policies:• Privacy Policy =Confidentiality
of Datahttp://go.middlebury.edu/privacy
• Network Monitoring Policy = Protection of College Technology Resourceshttp://go.middlebury.edu/netmon
• Technical Incident Response Policy = Response to Information Security Eventshttp://go.middlebury.edu/tirp
• Data Classification Policy = Defines Data Types
http://go.Middlebury.edu/dcp
• Red Flags Policy = Identity Theft ProtectionNot presently in hand book
• PCI Policy = Payment Card Data Handling
http://go.middlebury.edu/pcipolicy
Web Sites:• Middlebury’s Information
Securityhttp://go.middlebury.edu/infosec
• Phishing Information http://go.middlebury.edu/phish http://www.phishing.org/
• Protect Yourself On-linehttp://www.onguardonline.gov/
• Parents Resource for Kids On-line
http://getnetwise.org/
• Best Practices for Home and Workhttp://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf
Discussion and Links
Please share your thoughts!Information Security Resources:
http://go.middlebury.edu/infosechttp://go.miis.edu/infosec
Report Information Security Events To: [email protected]