information security essentials for research
DESCRIPTION
Information Security Essentials for Research. Randy Moore, CISSP Director, IT Information Security Services OU HIPAA Security Officer University of Oklahoma Health Sciences Center. Outcome Statement. At the conclusion of this presentation you should be able to:. Identify threats - PowerPoint PPT PresentationTRANSCRIPT
Information Security Essentials for
Research
Information Security Essentials for
Research
Randy Moore, CISSPDirector, IT Information Security ServicesOU HIPAA Security OfficerUniversity of Oklahoma Health Sciences Center
Randy Moore, CISSPDirector, IT Information Security ServicesOU HIPAA Security OfficerUniversity of Oklahoma Health Sciences Center
Outcome StatementOutcome Statement
At the conclusion of this presentation you should be able to:At the conclusion of this presentation you should be able to:
1. Identify threats
2. State safe practices
3. Know where to report an incident
1. Identify threats
2. State safe practices
3. Know where to report an incident
Research dataResearch data
• Where is your research data?• Is it safe from common threats?
• Where is your research data?• Is it safe from common threats?
Common threat #1Common threat #1
• Virus and worm infections (malicious code)• Virus and worm infections (malicious code)
Virus Detection SummaryVirus Detection Summary
• Last 4 Hours: 36• Last 24 Hours: 301• Last 7 Days: 1,902• Last 30 Days: 14, 466
• Last 4 Hours: 36• Last 24 Hours: 301• Last 7 Days: 1,902• Last 30 Days: 14, 466
Threat #2: Software vulnerabilitiesThreat #2: Software vulnerabilities
• 484 Vulnerabilities identified in 1 month• 484 Vulnerabilities identified in 1 month
Threat #3: Data lossThreat #3: Data loss
• Data loss or destruction– Hardware failure– Theft– Accidental deletion– Fire– Tornado– Flood
• Data loss or destruction– Hardware failure– Theft– Accidental deletion– Fire– Tornado– Flood
What if? Disaster strikes you?What if? Disaster strikes you?
• Is your data backed up? – To tape?– Have you tested the restore process?– Do you lock your doors and keep your laptop secure?– Do you use tracking software on laptops?
• Is your data backed up? – To tape?– Have you tested the restore process?– Do you lock your doors and keep your laptop secure?– Do you use tracking software on laptops?
Threat #4: Unauthorized accessThreat #4: Unauthorized access
• Connecting to 700 million on the Internet– There are bad guys on the “Net”– They want access to your computer
• 44,000 probes per day
• Connecting to 700 million on the Internet– There are bad guys on the “Net”– They want access to your computer
• 44,000 probes per day
Threat #5: Malicious software from the webThreat #5: Malicious software from the web
• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers
• 1 in 10 web sites attempt to download software without permission
• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers
• 1 in 10 web sites attempt to download software without permission
OUHSC Threat Level OUHSC Threat Level
Safe Practices for the InternetSafe Practices for the Internet
• Set higher security settings in your browser
• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)
• Avoid Game Sites and sites that require you to fill out online forms
• Install a spyware removal tool
• Always remember that your computer is a business tool
• Set higher security settings in your browser
• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)
• Avoid Game Sites and sites that require you to fill out online forms
• Install a spyware removal tool
• Always remember that your computer is a business tool
Threat #6: EmailThreat #6: Email
• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM
• 27,735,000 malicious e-mails blocked from delivery to OUHSC last month
• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM
• 27,735,000 malicious e-mails blocked from delivery to OUHSC last month
Safe Practices for EmailSafe Practices for Email
• Do not open unsolicited email or attachments
• Do not reply to SPAM
• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business.
• Place a confidentiality notice in your signature block
• Do not open unsolicited email or attachments
• Do not reply to SPAM
• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business.
• Place a confidentiality notice in your signature block
Safe practices summarySafe practices summary
– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings (periodically)– Avoid unknown software from the Internet (always)– Firewall protection (annually)– Email caution (always)– Report suspicious activity (always)
– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings (periodically)– Avoid unknown software from the Internet (always)– Firewall protection (annually)– Email caution (always)– Report suspicious activity (always)
Incident Response Incident Response
Incidents are reported to:Incidents are reported to:
• Tier 1 or Computer Support Personnel or Supervisor• IT Service Desk• IT Security• Office of Compliance (PHI incidents)
• Tier 1 or Computer Support Personnel or Supervisor• IT Service Desk• IT Security• Office of Compliance (PHI incidents)
Safe PracticesSafe Practices
• Follow policies to help protect your data• See http://it.ouhsc.edu/policies/
• Follow policies to help protect your data• See http://it.ouhsc.edu/policies/
Contact informationContact information
• IT Information Security Services• [email protected]• 271-2476
• IT Service Desk• [email protected]• 271-2203
• IT Information Security Services• [email protected]• 271-2476
• IT Service Desk• [email protected]• 271-2203
QuestionsQuestions
??