ANNUAL SECURITY AWARENESS TRAINING 2012

Similar documents
Identity Theft Prevention Policy

Protecting Your Gear, Your Work & Cal Poly

Information Technology Standards

UTAH VALLEY UNIVERSITY Policies and Procedures

PCI Compliance. What is it? Who uses it? Why is it important?

Red Flags Program. Purpose

CCC Data Management Procedures DCL3 Data Access

Security Awareness Training June 2016

Data Compromise Notice Procedure Summary and Guide

Employee Security Awareness Training

Red Flags/Identity Theft Prevention Policy: Purpose

Sensitive Data Security Primer

Employee Security Awareness Training Program

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft

IDENTITY THEFT PREVENTION Policy Statement

Ouachita Baptist University. Identity Theft Policy and Program

Six Steps to Protect Your Clients and Protect Yourself from Identity Theft. Ley Mills IRS Stakeholder Liaison December 20, 2017

Data Protection Policy

Target Breach Overview

University of North Texas System Administration Identity Theft Prevention Program

HELPFUL TIPS: MOBILE DEVICE SECURITY

Southern Adventist University Information Security Policy. Version 1 Revised Apr

Subject: University Information Technology Resource Security Policy: OUTDATED

COMPUTER PASSWORDS POLICY

Data protection policy

Keep the Door Open for Users and Closed to Hackers

Table of Contents. PCI Information Security Policy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Donor Credit Card Security Policy

Best Practices Guide to Electronic Banking

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Security Awareness. Chapter 2 Personal Security

NMHC HIPAA Security Training Version

Enviro Technology Services Ltd Data Protection Policy

Virtual Product Fair. Protect your agency data protect your business

TABLE OF CONTENTS. Lakehead University Password Maintenance Standard Operating Procedure

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Standard for Security of Information Technology Resources

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

A practical guide to IT security

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Data protection. 3 April 2018

Retail/Consumer Client Internet Banking Awareness and Education Program

Cyber Security Program

Prevention of Identity Theft in Student Financial Transactions AP 5800

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

STEAM Clown Production. Passwords. STEAM Clown & Productions Copyright 2016 STEAM Clown. Page 1 - Cyber Security Class

FAQ: Privacy, Security, and Data Protection at Libraries

Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security

Checklist: Credit Union Information Security and Privacy Policies

FAQ. Usually appear to be sent from official address

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Create strong passwords

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

INFORMATION ASSET MANAGEMENT POLICY

Who We Are! Natalie Timpone

Credentials Policy. Document Summary

Train employees to avoid inadvertent cyber security breaches

How to Build a Culture of Security

Media Protection Program

Red Flag Policy and Identity Theft Prevention Program

DATA STEWARDSHIP STANDARDS

SHS Annual Information Privacy and Security Training

IMPORTANT SECURITY CHANGES LOGGING ON. We are replacing the existing enhanced authentication.

Company Policy Documents. Information Security Incident Management Policy

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

IAM Security & Privacy Policies Scott Bradner

UKIP needs to gather and use certain information about individuals.

STAYING SAFE FROM SOCIAL ENGINEERING SCHEMES

Acceptable Use Policy

Web Cash Fraud Prevention Best Practices

Rob Foster, Department of the Navy Chief Information Officer

Information Classification & Protection Policy

Protect Yourself From. Identify Theft

INTERNET SAFETY IS IMPORTANT

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

PII Policies and Procedures

Computer Instructions

Regulation P & GLBA Training

What is a Breach? 8/28/2017

Data Security Policy for Research Projects

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

KuppingerCole Whitepaper. by Dave Kearns February 2013

PS 176 Removable Media Policy

How to Keep Your Personal Information Secure

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Access to University Data Policy

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

Canadian Access Federation: Trust Assertion Document (TAD)

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

PCA Staff guide: Information Security Code of Practice (ISCoP)

Transcription:

UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012

NETWORK AND COMPUTER USE POLICY Users of information technology resources at the University of Mary Washington must use these resources responsibly and in compliance with the Network and Computer Use Policy. Using Universityowned computers, networks, or other information technology resources constitutes acknowledgment that the user understands and commits to compliance with the University's Network and Computer Use Policy and related policies and procedures.

NETWORK AND COMPUTER USE POLICY The complete policy and user responsibilities may be viewed on the Policies Section of the UMW website.

OTHER INFORMATION SECURITY RELATED POLICIES There are a number of other Information Security policies that users should be aware of. Links to important policies that you should be aware of are on this slide. Information Technology Security Program Policy Administrative Data Access Policy Electronic Storage of Highly Sensitive Data Policy Identity Management Credentials Policy Other important information security policies, standards and procedures

ENCRYPTION PROTECTION AND DATA DISPOSAL For encryption protection, reference the following standard: http://technology.umw.edu/it-policies/dataencryption-standard/ For electronic data disposal, reference the following policy: http://technology.umw.edu/it-policies/electronic-dataremoval-procedure/

UMW DATA CLASSIFICATION STANDARD The university has defined three levels of data classification for enterprise data. All enterprise data fall into one of these categories: Public Data Protected Data Highly Sensitive Data

UMW DATA CLASSIFICATION STANDARD: PUBLIC DATA General administrative data that are intentionally made public are classified as not sensitive and defined as Public Data. This includes all general administrative data that are not legally restricted or judged by data stewards to be limited access data. Examples of UMW public data include digital editions of such publications as the institution s Statistical Profile and the President s Annual Report of Gifts. The Schedule of Course Offerings, published each semester, along with the university s online PeopleSearch Directory serve as other examples of public data.

UMW DATA CLASSIFICATION STANDARD: PUBLIC DATA Public data access does not require personal authentication credentials.

UMW DATA CLASSIFICATION STANDARD: HIGHLY SENSITIVE DATA The following data is classified as Highly Sensitive Data: Personally identifiable information including: SSNs, Passport Numbers, Drivers License Numbers, financial account numbers (credit card numbers, debit card numbers, banking account numbers), and full name in conjunction with corresponding full date of birth.

UMW DATA CLASSIFICATION STANDARD: HIGHLY SENSITIVE DATA Access to Highly Sensitive Data may only be authorized by Data Stewards and Data Security Contacts, as defined in the Administrative Data Access Policy, and requires the completion of the University of Mary Washington Administrative Data User Account Request Form.

SECURING HIGHLY SENSITIVE DATA Highly Sensitive Data must not be stored or kept on any non-network storage device or media. Prohibited storage media includes storage on desktop computers, laptop computers, PDAs, cell phones, USB drives, thumb drives, memory cards, CDs, DVDs, local external hard drives and other USB devices. Highly Sensitive Data should not be distributed via reports, spreadsheets, emails or email attachments.

UMW DATA CLASSIFICATION STANDARD: PROTECTED DATA By default, all administrative data that is not explicitly defined as Highly Sensitive Data, or is not intended to be made publicly available, is classified as Protected Data. For example, FERPA protected data not covered under the definition of Highly Sensitive is classified as Protected. Access to Protected Data is authorized by data stewards and data security contacts as described in the Administrative Data Access Policy and requires the completion of the University of Mary Washington Administrative Data User Account Request Form.

UMW DATA CLASSIFICATION STANDARD: PROTECTED DATA Secure credentials are required to access protected university data. Standards or guidelines governing the release, distribution and dissemination of protected data by individuals authorized to access it is controlled and administered by the designated Data Stewards.

UMW DATA CLASSIFICATION STANDARD Public Definition General administrative data Access Secure Credentials Example Other Unrestricted No Report of Annual Gifts Highly Sensitive Personally identifiable information. Restricted Yes SSNs, credit card numbers May only be stored on a network drive. Protected Data Data that isn t publically available, but that isn t highly sensitive. Restricted Yes Student addresses

PHISHING Phishing is a cyber crime where well designed and legitimate looking emails and pop up messages lure victims into revealing their username, password, credit card number, Social Security number, or other sensitive information. Even though the problem is not new, there never seems to be a shortage of victims.

PHISHING Phishing messages appear to be authentic and often mimic the type of communication you would expect to receive from trusted organizations, such as banks, merchants, or university system administrators. You should never trust email or pop up messages that ask you to confirm, validate, or update your information by responding to the email or by following a link.

PHISHING The UMW IT Help Desk and system administrators will never send you an email requesting you to validate, confirm or update your account passwords or other personal information.

REPORTING A SECURITY INCIDENT If you fall victim to a phishing scam, believe that your UMW account credentials have been compromised, or have reason to believe that UMW IT system protocols, policies or procedures have been violated, you should immediately: 1. Change your password, and 2. Report the incident by sending an email to itabuse@umw.edu or contacting UMW s ISO at rusler@umw.edu.

REPORTING A SECURITY INCIDENT Additional information about reporting security incidents, or about information security in general, may be found at the IT Information Security website.

PROTECT YOUR PASSWORDS There are a number of steps that you can take to protect your passwords. These tips apply to the passwords that you have for the UMW systems, as well as for other systems. Some of these tips are: Never share your passwords with anyone. Your password verifies your identity as an authorized user. You will be held responsible for misuse of your account if your password is shared with others.

PROTECT YOUR PASSWORDS Choose a strong password that is hard to guess. Passwords should never be dictionary words or names. More secure passwords are those which are based on pass phrases.

PROTECT YOUR PASSWORDS Don t record or leave passwords where others can find them. Remembering multiple passwords can be challenging, especially if they have to be changed regularly. This often results in passwords being written down, often in inappropriate locations, like under a keyboard or taped to a computer screen. Password Safe is free open-source software you can use to securely store your passwords.

PROTECT YOUR PASSWORDS Never provide your password in an email or in a response to an email request. Please know that UMW IT personnel will never ask for your password. Use different passwords for different websites and services. Do not use your UMW account credentials on other, non-umw, systems and applications. Use passwords that are easy for you to remember and difficult for others to guess. Again, passwords should not be dictionary words or names, more secure passwords are those which are based on pass phrases.

PROTECT YOUR PASSWORDS Change passwords immediately if they have been compromised. Contact it-abuse@umw.edu or the University s ISO if it has been compromised. Change passwords frequently. UMW requires that passwords be changed every 90 days. Be careful about where passwords are saved on computers. Some software dialog boxes present an option to save or remember a password. Selecting this option poses a potential security risk. It is best to never save passwords in dialog boxes.

IDENTITY THEFT Don't give out UMW or personal information on the phone, through the mail or over the Internet (through email or online forms, or any other manner) unless you have initiated the contact or are sure you know who you're dealing with. Identity thieves may pose as representatives of banks, credit card companies and even government agencies to get you to reveal your SSN, mother's maiden name, account numbers and other identifying information.

IDENTITY THEFT Before you share any highly sensitive or protected information, confirm that you are dealing with a legitimate organization.

LOCK YOUR COMPUTER To help protect the information accessible from your computer, you should lock it when you are away from your desk. Manually locking your computer (Ctrl-Alt- Del on a Windows computer) or setting a passwordprotected screen saver, offer a layer of protection by preventing others from seeing your screen or using your computer when you are away from your desk.

SECURITY AWARENESS Most breaches and compromises of sensitive data can be prevented by security awareness and good security habits. All UMW employees are required to complete security awareness training.

SECURITY AWARENESS Employees responsible for administering or supporting central UMW IT systems, or for authorizing access to sensitive data, will be required to attend additional security awareness training. University employee security awareness training requirements are outlined in the Security Awareness Education Standard.

RESPONSIBILITY Our Shared Responsibility means each of us must do our part. If each of us does, together we will be more resistant and resilient, protecting ourselves and our university.

Now that you have completed the 2012 Annual Security Awareness Training, please click on the Quiz button and complete the 4-item quiz that is located in Canvas. You must score 100% on the quiz to satisfy this requirement. ANNUAL SECURITY AWARENESS TRAINING 2012

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback