Title: Security Awareness By ITSEIS SATE Program For additional information, contact Tiki Maxwell, SATE Man
1Security Awareness By ITS-EIS SATE ProgramFor
additional information, contact Tiki Maxwell,
SATE Manager at tmaxwell_at_its.ucsf.edu or 514-1364
- Laptops/ Mobile Device Security Overview
- Palm Pilots / PDAs / Cell Phones/ Blackberries,
memory Sticks - Laptops, Cameras, etc
2What do mobile devices look like? Do You Have
one?
3What is the issue?
- Mobile devices are increasingly being used to
store, - transmit and receive information at UCSF.
-
- A laptop is stolen at UCSF every week
- May 2005 May 2006 - Approximately 57 Mobile
devices (e.g., laptops, memory - sticks, PDAs, cameras etc) were reported lost
or stolen. 31 of the 57 incidents occurred - at the Parnassus campus. Most common ways
- Locked offices
- Unlocked unattended offices, labs
- In vehicles
-
4Some Laptop and other Mobile Device Security
Issues
- Laptops and mobile devices, being small, portable
devices, are easily lost or stolen. About 250K
PDAs were lost in US airports during
2005.(Gartner report) - Laptops/mobile devices are frequently used in
hostile environments like hotspots, customer
sites, business partner offices, and industry
conferences. - Attackers are drawn to locations where business
travelers gather, because targets are more
plentiful and it is easier to go unnoticed. - Mobile phones can download games, ring tones, and
other software have opened a new avenue for
hackers to exploit. - Compact flash/ memory sticks/ PCMCIA cards
supported by handhelds can store a lot of data on
them. These removable cards (and their contents)
are easily lost, borrowed or stolen. - Traveling with your laptop may help you stay
connected, but it will also increase your risk of
being a target for theft. - There are many more risk
5What is at Risk?What information on mobile
devices can be compromised?
- Everything
- UCSF and Your Confidential or Restricted
information - Information about patients/ appointments/
meetings - Passwords
- Email Addresses
- Contacts/ clients
- Legal and Financial information
- Personal information for online accounts
6How Data Is Stored
- Digitally as tiny magnetized regions, called bits
- Hard drives store this on a platter, like a CD
- Data can be extracted from ANY electronic/digital
source (floppy, cd, dvd, zip disks, removable
media, hard drives, flash memory, thumb drive,
usb drives, printer memory, blackberry, pda,
XBOX, tivo, etc.) - Once data is written, it remains until disk is
wiped or overwritten by other information
7What Can You Do?How can you protect your laptop
or other mobile devices (PDAs, Blackberries,
memory sticks, etc)
- Password protect your device
- According to Gartner, the biggest risk associated
with Pocket PCs is that no power-on password is
required by default. - Limit the information stored on the device not
needed delete it - Connect to UCSF Securely Use VPN
- Keep your laptop or PDA with you at all times
- Downplay your laptop or PDA when traveling
- Purchase a laptop Lock
- Back-up your files regularly
- Store confidential or secure data on secure
servers - Enable all security features the device may have
8What Can You Do?How can you protect your laptop
or other mobile devices (PDAs, Blackberries,
memory sticks, etc
- If credentials must be saved on a handheld,
encrypt them. - Detect and eradicate viruses.
- Encrypt sensitive values, database records, key
files and folders, or entire compact flash cards - Consider encrypted, authenticated VPN tunnels to
ensure the privacy and integrity of communication
between handhelds and connected networks. -
- Visits Enterprise Information Security website
and download Information Sheets - - Where to lock your laptop
- Tips for Car Smart travel with laptop
- Security checklist for teleworkers
- Good security practices and many more tip sheets
- Stay up-to-date with monthly security awareness
briefings/trainings
9Real story in the news
- 15 May 2006 26.5 million veterans personal
- information was stolen from VA employee stolen
laptop - An employee who had taken the information without
authorization - the laptop contained a database of over 26.5
million Veterans names, - Social security numbers and birth date
- Data on veterans discharged before 1975 who
submitted claims to agency might be included - As a result VA had to notify everyone
10Security Awareness
For additional Security Awareness Information,
visit http//isecurity.ucsf.edu Wireless Security
Standards http//its.ucsf.edu/about/standard
s/wireless_lan.jsp
11The key to security awareness is embedded in the
word security.
SEC- -Y
U - R - IT
If not you, who? If not now, when?
12Additional Resources
- Software - Sophos Anti-Virus, VPN etc
- http//its.ucsf.edu/information/software/
- Policies, Procedures and Guidelines
- http//its.ucsf.edu/about/policy/
- HIPAA Policies, Procedures, and Guidelines
- http//www.ucsf.edu/hipaa/mc_procedures/
- Information Security and Confidentiality 650-16
- http//policies.ucsf.edu/650/65016.htm
- Enterprise Information Security
- http//isecurity.ucsf.edu