Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Transcript of Security Awareness
it is increasingly expected (by auditors, Department of Education, etc.)
compliant organizations experience fewer data breaches than non-compliant organizations Why talk about Security Awareness? 1. Your Badge -
never share your badge or access card with anyone and follow all "badging" and escorting procedures with visitors. Physical Security 3. Your Computer - Always log-off or lock your computer when away from your desk. Simply press the Ctrl+Alt+Del keys and select "Lock." 5. Portable storage - According to reformed, well-known computer hacker Kevin Mitnick, it is much easier to get a password from a person than it is to hack into a system to obtain it. Social Engineering A data
breach or data leakage can happen through many means such as: Use different passwords for different accounts. By limiting admin rights granted, most exploits and threats can be avoided. Principle of Least Privilege Basic rules to follow 2. Your Desk -
do not leave monitor, or any paper, displaying confidential data unattended
always clear your workspace and turn your computer off when you leave each day
shred, or place in secured bins, all materials with confidential data
collect all documents from printers immediately after printing PII When an employee changes departments/workstations or leaves the agency, IT must be notified and will take posession of the desktop or laptop computer. 4. Portable computing devices - Laptops must be physically secured at all times. If one does not have a cable lock, forward an equipment request to the Helpdesk. Only ISAC-issued smartphones or cell phones may be connected to ISAC’s network. Lost or stolen laptops
Corporate and Web-based email
Flash drives or external hard drives
Smart phones or cell phones
CDs and DVDs
Instant messaging and FTP
Social networking Always encrypt data before saving or copying it to a CD, DVD, USB storage, etc. Make sure the device itself is also encrypted and password-protected. Always keep it physically secured. Requires "each subject in a system be granted the most restrictive set of privileges needed for the performance of authorized tasks" and is central to compliance regulations Admin Privileges may be required by some software packages for proper functioning
allow users to change desktop settings
allow installation of software Privileges Passwords Make it as strong as possible, such as: using at least 8 characters, upper and lower-case letters, numbers & special characters. Change regularly - ISAC requires this. Never share your password with ANYone, not even Helpdesk or supervisors. This is against ISAC policy. You should never write down passwords, but if you absolutely must, keep it on your person at all times. Never keep it under your keyboard or other typical places. Don't use easy-to-guess passwords like your name, "1234," the current year, the word "password," etc. PLEASE, NEVER: publicly post, display, communicate, or otherwise make available anyone's SSN to the public
print someone's SSN on any card that an individual would need to access anything within ISAC
request someone to submit their SSN through the internet unless it is encrypted or the connection is secure
print a SSN on anything mailed unless state/federal law requires it Also:
Use secure printing with any documents containing PII Protect student's PII as if it were your own! In the event that that data is leaked or breached, please notify any of the following: Your Manager or Supervisor
Greg Bilobran the process of deceiving people by preying on their emotions, usually empathy or fear, to obtain information. Usually small amounts of information here and there lead to larger pieces. Be aware of:
quid pro quo He states that social engineering was his single most-effective tool Phishing & Email Safety Phishing is the attempt to gather PII through fraudulent emails that appear legitimate. Never open attachments, click on links, or reply to requests for PII from people you do not know. Go directly to a site, or look up phone numbers directly instead of clicking on links or calling numbers in an email. And lastly, a few general online tips for personal use if you absolutely must enter PII online, make sure it is secure (address begins with https://) As always, if you think of any questions later about the content in this presentation or just in general, please contact: ISAC Helpdesk
Greg Bilobran ext. 2444 or
firstname.lastname@example.org IT will purge any residual data, emails, etc. that you thought were deleted but may still be accessible.
IT also keeps track of and ensures validity of software licenses. These must be protected from damage, loss, or theft. They must be secured with a PIN or password and have automatic lockout enabled for inactivity of a maximum of 5 minutes.
Don't reply to spam or forward chain emails. avoid browsing with administrator privileges on a PC update security patches on you PC regularly install antivirus software and keep it updated install a web browser toolbar that detects possible phishing and fraudulent websites check to make sure the site has a certificate and that it matches the site Records
Officer ENSURES THAT ALL ISAC BUSINESS RECORDS ARE KEPT, STORED AND PROPERLY DESTROYED BY:
Working with divisions to identify and inventory documents divisionally
purging documents securely and legally per destruction timetable
training staff about the Records Retention Policy
Educating and updating Double-check the number and ensure someone is standing by to receive when faxing Keep PII documents secure at all times Shred PII documents not needed Only print documents with PII if absolutely necessary Personally Identifiable