Information Security Essentials for

Research

Information Security Essentials for

Research

Randy Moore, CISSPDirector, IT Information Security ServicesOU HIPAA Security OfficerUniversity of Oklahoma Health Sciences Center

Randy Moore, CISSPDirector, IT Information Security ServicesOU HIPAA Security OfficerUniversity of Oklahoma Health Sciences Center

Outcome StatementOutcome Statement

At the conclusion of this presentation you should be able to:At the conclusion of this presentation you should be able to:

1. Identify threats

2. State safe practices

3. Know where to report an incident

1. Identify threats

2. State safe practices

3. Know where to report an incident

Research dataResearch data

• Where is your research data?• Is it safe from common threats?

• Where is your research data?• Is it safe from common threats?

Common threat #1Common threat #1

• Virus and worm infections (malicious code)• Virus and worm infections (malicious code)

Virus Detection SummaryVirus Detection Summary

• Last 4 Hours: 36• Last 24 Hours: 301• Last 7 Days: 1,902• Last 30 Days: 14, 466

 

• Last 4 Hours: 36• Last 24 Hours: 301• Last 7 Days: 1,902• Last 30 Days: 14, 466

 

Threat #2: Software vulnerabilitiesThreat #2: Software vulnerabilities

• 484 Vulnerabilities identified in 1 month• 484 Vulnerabilities identified in 1 month

Threat #3: Data lossThreat #3: Data loss

• Data loss or destruction– Hardware failure– Theft– Accidental deletion– Fire– Tornado– Flood

• Data loss or destruction– Hardware failure– Theft– Accidental deletion– Fire– Tornado– Flood

What if? Disaster strikes you?What if? Disaster strikes you?

• Is your data backed up? – To tape?– Have you tested the restore process?– Do you lock your doors and keep your laptop secure?– Do you use tracking software on laptops?

• Is your data backed up? – To tape?– Have you tested the restore process?– Do you lock your doors and keep your laptop secure?– Do you use tracking software on laptops?

Threat #4: Unauthorized accessThreat #4: Unauthorized access

• Connecting to 700 million on the Internet– There are bad guys on the “Net”– They want access to your computer

• 44,000 probes per day

• Connecting to 700 million on the Internet– There are bad guys on the “Net”– They want access to your computer

• 44,000 probes per day

Threat #5: Malicious software from the webThreat #5: Malicious software from the web

• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers

• 1 in 10 web sites attempt to download software without permission

• Malicious software downloads from the web– Spyware– Trojan Horse– Key Loggers

• 1 in 10 web sites attempt to download software without permission

OUHSC Threat Level OUHSC Threat Level

Safe Practices for the InternetSafe Practices for the Internet

• Set higher security settings in your browser

• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)

• Avoid Game Sites and sites that require you to fill out online forms

• Install a spyware removal tool

• Always remember that your computer is a business tool

• Set higher security settings in your browser

• Do not install add-ons to your browser(Google tool bar, Comet Curser, Gator, HotBar, etc.)

• Avoid Game Sites and sites that require you to fill out online forms

• Install a spyware removal tool

• Always remember that your computer is a business tool

Threat #6: EmailThreat #6: Email

• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM

• 27,735,000 malicious e-mails blocked from delivery to OUHSC last month

• 89% of e-mail traffic contains viruses, phishing schemes, or is SPAM

• 27,735,000 malicious e-mails blocked from delivery to OUHSC last month

Safe Practices for EmailSafe Practices for Email

• Do not open unsolicited email or attachments

• Do not reply to SPAM

• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business.

• Place a confidentiality notice in your signature block

• Do not open unsolicited email or attachments

• Do not reply to SPAM

• Do not use your OUHSC email address in online forms and questionnaires unless it becomes necessary for University related business.

• Place a confidentiality notice in your signature block

Safe practices summarySafe practices summary

– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings (periodically)– Avoid unknown software from the Internet (always)– Firewall protection (annually)– Email caution (always)– Report suspicious activity (always)

– Antivirus updates (daily)– Security patches (monthly)– Data backups (daily)– Browser security settings (periodically)– Avoid unknown software from the Internet (always)– Firewall protection (annually)– Email caution (always)– Report suspicious activity (always)

Incident Response Incident Response

Incidents are reported to:Incidents are reported to:

• Tier 1 or Computer Support Personnel or Supervisor• IT Service Desk• IT Security• Office of Compliance (PHI incidents)

• Tier 1 or Computer Support Personnel or Supervisor• IT Service Desk• IT Security• Office of Compliance (PHI incidents)

Safe PracticesSafe Practices

• Follow policies to help protect your data• See http://it.ouhsc.edu/policies/

• Follow policies to help protect your data• See http://it.ouhsc.edu/policies/

Contact informationContact information

• IT Information Security Services• IT-Security@ouhsc.edu• 271-2476

• IT Service Desk• Servicedesk@ouhsc.edu• 271-2203

• IT Information Security Services• IT-Security@ouhsc.edu• 271-2476

• IT Service Desk• Servicedesk@ouhsc.edu• 271-2203

QuestionsQuestions

??