Title: Brian Kelly, CISSP, CISM, MSIA Information Security Officer Director of Information Security and Network Operations
1Quinnipiac University Information Security Tips
You Can Take Home
- Brian Kelly, CISSP, CISM, MSIAInformation
Security OfficerDirector of Information Security
and Network Operations
2The key to Information Security is embedded in
the word security
SEC- -Y
U - R - IT
At home you are the Information Security
department
People and Process are arguably more important to
Information Security than technology.
3Access to Personal Information
- Where are your wallets right now?
- Are your cars locked?
- Where are your computers right now? Are they
locked?
4Opportunities for Abuse
- To break into a safe, the thief needs to know
something about safes. - To break into your computer, the
- hacker only needs to know where to download a
program written by someone else who knows
something about computers. - Identity Theft is the fastest growing crime in
the U.S. and it accounts for more than 750,000
victims a year and losses exceeded 2 Billion
dollars. - Why hack when you can just ask?
- Please pass your car keys and wallets forward
5In the News
- Alaska House Passes Personal Information
Protection Act With a vote of 35-0, Alaska's
House of Representatives has passed HB 65, the
Personal Information Protection Act. The bill
would require organizations to notify citizens
when their personal data are compromised in a
security breach. Other provisions in the bill
include banning the sale and disclosure of Social
Security numbers (SSNs), and allowing consumers
to freeze their credit reports. The bill now
goes to the Senate. If the legislation passes,
Alaska will become the 31st state to have an
identity theft law. - http//www.forbes.com/feeds/ap/2008/02/28/ap471041
5.html - Google Health Privacy Concerns The emergence of
personal health record management services has
raised privacy concerns. Google is piloting one
such product - Google Health with the Cleveland
Clinic. While the online dossiers offer the
convenience of being able to merge health data,
they are controlled by consumers, not physicians,
and are therefore not protected by the Health
Insurance Portability and Accountability Act
(HIPAA). Although Google and other entities
developing similar products maintain they will
offer even more stringent protections than
HIPAA's, "the very existence of a detailed health
dossier accessible in an instant can make control
difficult. http//www.washingtonpost.com/wp-dyn
/content/article/2008/02/26/AR2008022602993.html - Salt Lake Community College has contacted more
then 25,000 individuals after it discovered that
a stolen laptop may contain usernames and
passwords. According to officials, the laptop,
stolen from the SLCC's Continuing Community
Education office, could contain the login
information on up to 1,000 students, faculty and
staff members. The login information would allow
and individual to access SLCC's "My Page" system
which contains information such as Social
Security numbers and financial information.
Within a few hours of the theft, SLCC staff began
contacting individuals, urging them to change
their "My Page" passwords. http//www.sltrib.co
m/news/ci_8375979
6What is Information Security?
7What worries you?
- When you think of the vulnerabilities in the
realm of information security, which areas do you
think are the most important to you and to
Quinnipiac University ?
8How Information Security affects you?
- A compromised computer provides access to all
accounts, keystrokes, and data. - Account and keystroke information can then be
used to access other resources - Operational difficulties (Availability)
- Email and documents (Confidential)
- Financial transactions (QUs or yours)
- Identity theft (Personal Information)
- Criminal use of computer (SPAM - botnets)
9So How Do We Start?
- Be aware or beware
- Know how to identify a potential issue (healthy
vs. sick) - Use sound judgment (When in doubt throw it
out) - Spam, Phishing, Spyware, File sharing (careful
what you eat) - Learn and practice good security habits
- Incorporate secure practices into your everyday
routine - Encourage others to do so as well
- Antivirus Software, Firewalls and
Patches/updates - Report anything unusual
- Notify the appropriate contacts if you become
aware of a suspected security incident
10Useful Information Security sites
- Hoax Busters - How to recognize hoaxes, what to
do about them, and some of the history of hoaxes
on the Internet http//hoaxbusters.ciac.org/ - Ad-Aware Spyware detection and removal
toolhttp//www.lavasoft.com/products/ad-aware_se_
personal.php - Microsoft Updates http//update.microsoft.com/mic
rosoftupdate/v6/default.aspx?lnen-us - Apple Periodically, Apple releases free updates
to your computers software. Software updates
include important security updates that eliminate
threats to your computer. http//docs.info.apple
.com/article.html?pathMac/10.5/en/8514.html - Shields Up Checks for vulnerabilities on home
systems connected to the internet by Broadband or
DSL https//www.grc.com/x/ne.dll?bh0bkyd2 - Symantec Anti-virus checker http//security.syma
ntec.com/sscv6/default.asp?productidsymhomelangi
dievenidsym
11Protecting Your Children While On-line
- Family PC should be in a common area, not in
child's bedroom - Spend time online with your child, whether at
home, at the library, or at a computer center in
your community. - Keep yourself informed about the parental control
tools that can help you keep your child safe
online.
12Protecting Your Children While On-line continued
- How to be safe on-line
- http//www.safekids.com/
- Parental Control Software
- http//www.cybersitter.com/
- ISP Parental Controls
- http//www.aol.com/info/parentcontrol.html
- AtT, Comcast and Cox also have instructions on
Parental Controls on their web sites.
13Final Thoughts
Would you recognize an Information Security
Incident? Would you know how to and where to
report it? Would you choose to do so?
14QU Information Security Contacts
Information Security Officer Brian.Kelly_at_quinnipia
c.edu 582-3625 or 507- 9348 IS-Security_at_quin
nipiac.edu Computer Help Desk 582-Help
(4357) Https//myq.quinnipiac.edu/IT2020Librarie
s/Information20Security/Pages/default.aspx