Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and Network Operations

1
Quinnipiac University Information Security Tips
You Can Take Home

• Brian Kelly, CISSP, CISM, MSIAInformation
  Security OfficerDirector of Information Security
  and Network Operations

2
The key to Information Security is embedded in
the word security
SEC- -Y
U - R - IT

At home you are the Information Security
department
People and Process are arguably more important to
Information Security than technology.
3
Access to Personal Information

• Where are your wallets right now?
• Are your cars locked?
• Where are your computers right now? Are they
  locked?

4
Opportunities for Abuse

• To break into a safe, the thief needs to know
  something about safes.
• To break into your computer, the
• hacker only needs to know where to download a
  program written by someone else who knows
  something about computers.
• Identity Theft is the fastest growing crime in
  the U.S. and it accounts for more than 750,000
  victims a year and losses exceeded 2 Billion
  dollars.  
• Why hack when you can just ask?
• Please pass your car keys and wallets forward

5
In the News

• Alaska House Passes Personal Information
  Protection Act With a vote of 35-0, Alaska's
  House of Representatives has passed HB 65, the
  Personal Information Protection Act. The bill
  would require organizations to notify citizens
  when their personal data are compromised in a
  security breach. Other provisions in the bill
  include banning the sale and disclosure of Social
  Security numbers (SSNs), and allowing consumers
  to freeze their credit reports. The bill now
  goes to the Senate. If the legislation passes,
  Alaska will become the 31st state to have an
  identity theft law.
• http//www.forbes.com/feeds/ap/2008/02/28/ap471041
  5.html
• Google Health Privacy Concerns The emergence of
  personal health record management services has
  raised privacy concerns. Google is piloting one
  such product - Google Health with the Cleveland
  Clinic. While the online dossiers offer the
  convenience of being able to merge health data,
  they are controlled by consumers, not physicians,
  and are therefore not protected by the Health
  Insurance Portability and Accountability Act
  (HIPAA). Although Google and other entities
  developing similar products maintain they will
  offer even more stringent protections than
  HIPAA's, "the very existence of a detailed health
  dossier accessible in an instant can make control
  difficult. http//www.washingtonpost.com/wp-dyn
  /content/article/2008/02/26/AR2008022602993.html
• Salt Lake Community College has contacted more
  then 25,000 individuals after it discovered that
  a stolen laptop may contain usernames and
  passwords. According to officials, the laptop,
  stolen from the SLCC's Continuing Community
  Education office, could contain the login
  information on up to 1,000 students, faculty and
  staff members. The login information would allow
  and individual to access SLCC's "My Page" system
  which contains information such as Social
  Security numbers and financial information.
  Within a few hours of the theft, SLCC staff began
  contacting individuals, urging them to change
  their "My Page" passwords. http//www.sltrib.co
  m/news/ci_8375979

6
What is Information Security?
7
What worries you?

• When you think of the vulnerabilities in the
  realm of information security, which areas do you
  think are the most important to you and to
  Quinnipiac University ?

8
How Information Security affects you?

• A compromised computer provides access to all
  accounts, keystrokes, and data.
• Account and keystroke information can then be
  used to access other resources
• Operational difficulties (Availability)
• Email and documents (Confidential)
• Financial transactions (QUs or yours)
• Identity theft (Personal Information)
• Criminal use of computer (SPAM - botnets)

9
So How Do We Start?

• Be aware or beware
• Know how to identify a potential issue (healthy
  vs. sick)
• Use sound judgment (When in doubt throw it
  out)
• Spam, Phishing, Spyware, File sharing (careful
  what you eat)
• Learn and practice good security habits
• Incorporate secure practices into your everyday
  routine
• Encourage others to do so as well
• Antivirus Software, Firewalls and
  Patches/updates
• Report anything unusual
• Notify the appropriate contacts if you become
  aware of a suspected security incident

10
Useful Information Security sites

• Hoax Busters - How to recognize hoaxes, what to
  do about them, and some of the history of hoaxes
  on the Internet http//hoaxbusters.ciac.org/
• Ad-Aware Spyware detection and removal
  toolhttp//www.lavasoft.com/products/ad-aware_se_
  personal.php
• Microsoft Updates http//update.microsoft.com/mic
  rosoftupdate/v6/default.aspx?lnen-us
• Apple Periodically, Apple releases free updates
  to your computers software. Software updates
  include important security updates that eliminate
  threats to your computer. http//docs.info.apple
  .com/article.html?pathMac/10.5/en/8514.html
• Shields Up Checks for vulnerabilities on home
  systems connected to the internet by Broadband or
  DSL https//www.grc.com/x/ne.dll?bh0bkyd2
• Symantec Anti-virus checker http//security.syma
  ntec.com/sscv6/default.asp?productidsymhomelangi
  dievenidsym

11
Protecting Your Children While On-line

• Family PC should be in a common area, not in
  child's bedroom
• Spend time online with your child, whether at
  home, at the library, or at a computer center in
  your community.
• Keep yourself informed about the parental control
  tools that can help you keep your child safe
  online.

12
Protecting Your Children While On-line continued

• How to be safe on-line
• http//www.safekids.com/
• Parental Control Software
• http//www.cybersitter.com/
• ISP Parental Controls
• http//www.aol.com/info/parentcontrol.html
• AtT, Comcast and Cox also have instructions on
  Parental Controls on their web sites.

13
Final Thoughts
Would you recognize an Information Security
Incident? Would you know how to and where to
report it? Would you choose to do so?
14
QU Information Security Contacts
Information Security Officer Brian.Kelly_at_quinnipia
c.edu 582-3625 or 507- 9348 IS-Security_at_quin
nipiac.edu Computer Help Desk 582-Help
(4357) Https//myq.quinnipiac.edu/IT2020Librarie
s/Information20Security/Pages/default.aspx