Security Awareness Presentation

Florida International University Cheryl Lyn Granto, IT Security Officer http://security.fiu.edu

We will never ask you for your Password or personal information in person, on the phone or in email!

IT SECURITY?
What is it?

It is Maintaining:
Confidentiality Availability Integrity

Confidentiality

Keeping your information:

Hidden Safe Private

Availability Making sure IT resources are:

Present Ready for immediate use!

Integrity Knowing and using information that is Sound and Unchanged by Anyone who is not authorized

So what does this mean for FIU?

President Maidiques Objectives FY 05-06

Execute a communications program that increases knowledge regarding laws, rules and regulations addressing student record confidentiality and University security requirements

Higher Education Implication

Mark Luker, VP Educause, said at SURA/Critical Infrastructure Protection Project Conference:
Higher Education must address their IT Security problems or they are going to find themselves subject to Mandatory Federal Security Requirements. We have to show we are moving in the right direction with regards to IT Security

A Legal Perspective for Higher Education

FIU is subject to Local, State and Federal Laws. For more information refer to the Laws and Policy page at the end of the FIU General Policy
SECPA Electronic Communications Privacy Act FERPA Family Educational Rights and Privacy Act HIPAA Health Insurance Portability and Accountability Act CFAA Computer Fraud and Abuse Act USA Patriot Act GLBA Gramm Leach Bliley Act

At FIU we have Compliance Issues & Safety Issues

The Problems are Real!

Information Security Awareness Defined

Security awareness is being cognizant of:
The variety of information security situations that may take place How to protect oneself from such situations The necessary steps to take should a security infringement situation arise

Play your partBe aware!

Security Infrastructure, Policy and Technology
WILL NOT WORK WITHOUT YOU!

Ignorance is not bliss!

Nothing of great importance is stored on my computer. NOT TRUE-your access is very valuable The network is protected and the techies can handle security issues. NOT TRUE-we cannot watch everything all of the time. Who would want to steal my identity? Everyone

Are people really that malicious?

Unfortunately, YES!

The numbers speak for themselves

Over 300 million users with access to Internet Over 1000 new viruses created each month Every 80 seconds someones identity is stolen 40% of laptop theft happens in offices and meeting rooms 100s of FIU computers are compromised on the FIU network each year

Your PC is protected! Your computer is now part of the campus Active Directory We take care of:
Your anti-virus System Patches Locking your screen

But you need to:

 Make regular back-ups of critical data Turn your computers off when you leave for the day Do not keep any critical information (Social Security numbers, birthdates, credit card numbers, etc.) on your computer or on network file shares (M, N Drive etc.). You should never send such critical information via instant messenger or other chat tools

E-mail Security
Never open e-mail attachments from strangers Make sure that the message references the attachment Be cautious even when opening attachments from your peers Never hesitate to contact the sender to verify if he/she actually sent an attachment Never send personal information (name, account numbers, address, phone numbers, passwords to strangers When in doubt, contact UTS 7-2284 Spread the word, not the virus! Trust your instincts it probably is a virus.

Password Management
The longer the better Should be changed every 3 months Should not be found in any dictionary in any language Never share them with anyone Never write them down Be careful when entering your password on a strange computer

Making a Strong Password

Use at least 6 characters 1 numeric Misspell woords & add speshul ch@ract3rs Easy to remember phrases can equal complicated passwords
I finally got my Masters degree at 28! ifgmmd@28!

I signed up for Drop in 1998!

1su4din1998!

Physical Security
Keep confidential documents off your desk Dont share your access Take note of strangers in your area Use laptop locking devices Keep a record of make, model, serial number Be careful of piggybacking and tailgating
This is when someone follows you through a locked door

Be careful of bump and run! especially in airports

Social Engineering Defined

When one is deceived or conned into divulging information that would not be shared under normal circumstances
Please ask questions, never assume authority!

Cyber Victims
Cyber Crime is as Serious as any other crime! Contact
FIU Victim Advocacy Center 305-348-1215

Handling Sensitive Information

DONT Gossip or share with others sensitive information you have access to. Look up confidential information for co-workers who do not have the access without supervisor approval. Store your confidential files on public or unsecured network file servers. Throw confidential reports in the trash without shredding them first.

FERPA Violations
Its so Easy

FERPA Violationhow does it happen?

Here sits Jane at her desk:

Jane works for the Registrar

Jane needs a break and walks over to the Graham Center

Lindsey, an OPS student walks by and Sees that Jane has Left her computer logged on and Lindsey knows Jane has access to Look at any students records And wants to see her boyfriends Information

When Jane returns she sees a record open that she knows she did not access.

This must be reported and the student must be notified that his information was possibly compromised.

An afternoon at FIU Can you see the FERPA Violations?

Lets look closer.

Terminals Left Logged in

Weak Passwords and Password Sharing

Files left out On desk

Instant Messaging Social Security Numbers

Copyright, Fair Use and Piracy

DO
Use excerpts with appropriate attribution (fair use). Install and use the software licensed for everyone at the University (site-licensed). Install and use software purchased by your department for your use

Copyright, Fair Use and Piracy

DONT Use your co-workers computer disks to install software programs unless you have a license. Copy or share free music or video files that you would reasonably expect to pay for (e.g., feature films, music CDs, e-books). Copy software to take home with you.

Most Common Security Mistakes

Poor password management Leaving your computer on, unattended Opening email attachments from strangers Not installing anti-virus software Laptops on the loose Sharing information (passwords and machines) Not reporting security violations Always behind the times (software patches) Keeping an eye out inside the organization

Protect Yourself
Never give out your password, billing information or other personal information to strangers online Be mindful of who you're talking with before you give out personal information

Protect Yourself
Don't click on hyperlinks or download attachments from people/web sites you don't know Be skeptical of any company that doesn't clearly state its name, physical address and telephone number

We will never ask you for your Password or personal information in person, on the phone or in email!

You are responsible for the information you handle!

Before releasing any information, it is essential to at least establish: the sensitivity of the information your authority to exchange or release the information the real identity of the third party (proper authentication) the purpose of the exchange

Some parting words

Protect yourself; Protect FIU Be aware and beware Trust your instincts Take proactive steps Ask questions and report incidents at

http://security.fiu.edu

Security.fiu.edu

Visit us online at http://security.fiu.edu