welcome to new hire orientation information security
Post on 19-Dec-2015
226 views
TRANSCRIPT
Welcome to
New Hire Orientation
Information Security
Confidential
Information Services
UMMS Information SecurityCWM Office of Compliance &
Review
Information Security Awareness Training
Confidential
Information Services
What is Information Security?
Info Sec is the protection of data in all forms
• Electronic files
• Static files
• Database files
• Paper documents
• Printed materials
• Hand written notes
• Photographs
• Recordings
• Video recordings
• Audio recordings
• Conversations
• Telephone
• Cell phone
• Face to face
• Messages
• Fax
• Video
• Instant messages
• Paper messages
Confidential
Information Services
Why is this Important?
• A data breach could result in:
– Requirement to report the loss
• HIPAA, FERPA, MGL c.93H, PCI, SOX, others
– Civil and criminal penalties
– Damage to organizational reputation
– Loss of revenue
– Individual accountability
Confidential
Information Services
Isn’t this just a technical problem?
• Technology defenses comprise roughly 15% of our controls
• Technical controls often cannot compensate for user’s behavior
• Cyber-criminals focus on users as a weak link in security
• Having a security-aware workforce is a requirement in today’s threat landscape
Confidential
Information Services
What are the risks?Evolving “Threat Landscape”• Older attacks targeted infrastructure• Modern attacks target users
Nature of threat landscape• Over 90% of Cyber thieves are affiliated with organized
crime• Their sophistication rivals those of commercial software
vendors
Methods of infection• Cyber thieves attack high-volume web sites• Computers that visit the site become infected• Email-borne ‘malware’• Infected machine “phones home” to say I’m infected • Use the infected computer to strengthen their hold on the
organizationAmateurs target systems,
Professionals target users --Kevin Mitnick
Confidential
Information Services
What can I do?
• Become aware of cyber threats• Understand that YOU are often the front
line of defense against cyber threats• Understand data sensitivity and how to
manage data appropriately
• Safeguard information that is entrusted to you
• Report suspected InfoSec incidents
Confidential
Information Services
Security Resources
• On-line security awareness course:http://onlinetraining.umassmed.edu/infosecreg/event/event_info.html
• UMMS IS Help Desk 508-856-8643
• CWM Office of Compliance and Review 508-856-6547