Information Security PowerPoint PPT Presentation

presentation player overlay
1 / 22
About This Presentation
Transcript and Presenter's Notes

Title: Information Security


1
Information Security
Georgios Mousouros Support Systems Analyst,
Sr Information Security Liaison College of Social
and Behavioral Sciences University of
Arizona georgios_at_email.arizona.edu
http//www.sbs.arizona.edu/security
2
Agenda
  • Introduction
  • Goals
  • Security Cycle of Life
  • The Numbers
  • Identity Theft
  • Examples and Incidents
  • Internet and System Security
  • Social Engineering
  • Social Networking and Privacy
  • Physical Security
  • Backups
  • Data classification
  • Where the data is stored
  • Personal Information
  • Retention Schedule
  • Tools
  • Questions?

3
Information Security
  • Information Security means protecting information
    and systems from unauthorized access, use,
    disclosure, disruption, modification, or
    destruction.
  • Information Security includes
  • - Physical (environment and facilities)
  • - Logical (passwords, firewalls etc)
  • - Data (classification)
  • - User access (browsing, entering sensitive
    data)

4
Goals
  • Education and awareness
  • Prevent the compromise of Information Security
  • Increase Level of Security
  • Prevent unauthorized users from accessing our
    information
  • Prevent loss of information

5
Security Cycle of Life
  • Audit and Assessment
  • Get an accurate picture of the colleges
    security risks
  • Solution Design
  • Select the right tools for the protection we
    need and tailor them to our environment
  • Solution Implementation
  • Implement the solution according to needs and
    availability
  • Testing
  • Test the solution and make sure it works the way
    it is intended to
  • Operation and Maintenance
  • Enforce security standards by continuously
    measuring and tracking for new security gaps

6
The Numbers
  • 98 of users say that sending and receiving
    emails is their top priority
  • 14 of users read spam and 4 buy products
    advertised in spam
  • 71 of all emails in the second half of 2007 was
    spam
  • 63 of all phishing hosts identified, were in the
    United States

7
The Numbers
  • 55 of online users have been infected with
    spyware
  • 83 of users use an anti-virus protection and 73
    of them update their definitions regularly
  • 42 of all complaints in the Federal Trade
    Commissions database, accounted for Identity
    Theft
  • Arizona has the worst per-capita trouble with
    identity theft
  • Why is your information important?

8
Identity Theft
9
How much is your stolen Identity worth?
  • In the second half of 2007
  • 500 stolen credit cards 200 (40cents per card,
    50 less than 1st half of 2007)
  • 50 full Identities 100 (2 per Identity)
  • EU Identities 30 per Identity (it can be used
    in multiple countries)
  • 1 bank account 10
  • The cost to you Priceless

10
Phishing Example
  • From "EMAIL.UC.EDU SUPPORT" ltsupport_at_email.uc.edu
    gt
  • Date January 24, 2008 93614 AM EST
  • To undisclosed-recipients       
  • Subject Confirm Your E-mail Address
  • Reply-To youfidnet_at_yahoo.com
  •  
  •         Dear Email.uc.edu Subscriber,  
  •         To complete your email.uc.edu account,
    you must reply to this email 
  •         immediately and enter your password here
    ()  
  •         Failure to do this will immediately
    render your email address 
  •         deactivated from our database.
  •  
  •         You can also confirm your email address
    by logging into your 
  •         email.uc.edu account at
    https//email.uc.edu
  •  
  •  
  •         Thank you for using EMAIL.UC.EDU ! 
  •         EMAIL.UC.EDU TEAM

11
Incidents
  • Library, Student Union
  • Stolen Laptops
  • Identity Theft
  • Instant Messenger (FBI)
  • Homeland Security Department telephone system
  • Phishing
  • USB Flash drives in parking lot
  • 11 hackers stole 41 million credit card numbers
  • Chile 6 million IDs online
  • Virginia Tech

12
Internet and System Security
  • Email
  • - Email is the electronic equivalent of a
    postcard
  • Public Wireless Networks
  • Web browsing
  • Instant Messaging
  • Anti-virus/Firewall
  • Sharing Passwords
  • System Lock or Logoff

13
Social Engineering
  • Collection of techniques used to manipulate
    people into giving confidential information
  • - Pretexting the act of creating a scenario
    to persuade a target to release information
  • - Phishing a technique to obtain private
    information
  • - Phone phishing a system that recreates a
    legitimate sounding copy of a bank or other legit
    organizations
  • - Trojan Horse and virus this technique
    usually uses attachments in emails or websites,
    small files that take and send private information

14
Social Networking and Privacy
  • 350 sites and growing
  • Face book, MySpace

15
Physical Security
  • Lock doors
  • Secure any media
  • Intrusion detection
  • Levels of access and authorization

16
Data Classification
  • Confidential
  • SSNs and Student IDs
  • Driver Licenses
  • Student Financial Information
  • Birth dates
  • Account Numbers
  • P-cards
  • Insurance Information
  • Grades
  • Counseling/Mental Health Records
  • Medical Records
  • Disability Records
  • Non-disclosure Agreements
  • Sensitive
  • Actions pertaining to renewal/termination of
    employment
  • Library Patron Records

17
Where the data is stored
  • Websites
  • Email
  • Personal documents
  • Homework assignments
  • Grade books
  • Purchase forms
  • Which computers in our college have sensitive
    data?

18
Personal Information
  • Personal information includes first name or
    initial and last name accompanied by
  • Social Security Numbers
  • Arizona drivers license numbers
  • State ID card
  • Credit or debit card number
  • http//www.security.arizona.edu/pi

19
Retention Schedule
  • Email
  • Electronic and paper files
  • Applications
  • Grades
  • All records have expiration dates
  • If you delete it you dont need to secure it!
  • If you cant delete the file, secure the personal
    information.
  • Option 1 Transfer files with personal
    information to a server or media
  • Option 2 Separate the number from the associated
    name
  • Option 3 Truncate the number to the last four
    digits
  • Option 4 Encrypt personal information

20
Backups
  • Backups should be conducted daily on users end
  • Secure any media you have files on
  • - hard drives
  • - cd/dvd
  • - flash drives

21
Tools
  • Password Safe, Password Gorilla
  • Spider (Personal Information Sweep)
  • Encryption for portable media (Truecrypt)
  • Secunia
  • Central patching and updating (OCS)

22
Georgios Mousouros Support Systems Analyst,
Sr Information Security Liaison College of Social
and Behavioral Sciences University of
Arizona georgios_at_email.arizona.edu
  • Questions?

http//www.sbs.arizona.edu/security
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Information Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!