Transcript Document

Information Security
2014 Roadshow
Roadshow Outline
 Threats Facing Us Today
Social Engineering
 What We Can Do
 Information Security’s Efforts
 Efforts You Can Make
 Data Classification
 Data Collection
 Risks
 Resources
What to Watch Out For
Web Scams:
 Always check the Address of the site
 Check to verify HTTPS if appropriate
 Check links for spoofed destinations
 Miss directed URLs – Bad download sites
Do NOT click links or attachments when you do not know the sender
Read the message to verify the language and content
Check the address of the sender to see if spoofed
Check any links to see if spoofed
Make sure the signature is from a valid person
If victim of phishing, RESET PASSWORD,
call Helpdesk
Forward suspect phishing messages to
[email protected]
What to Watch Out For
Ensure you are running anti-virus software at all times
Verify download sites before downloading any software.
Always pull from the vendor and only install necessary
 Watch for Adware
 Look for browser plugins and software add-ons
during installs.
 Ensure you are downloading the correct software
 Ensure you are at the correct download site
 Don’t install software you do not need
With Fake-AV, power down the system. Do not try to save
or perform a safe Shutdown.
What to do if Infected with Malware
What is Information Security Doing
 Monitoring:
• Through network equipment we watch
for potential threats and will notify if we
suspect a threat.
 Support:
• User Services will help to restore your
system and if possible protect your data.
 Education:
• Through programs like this and new
CBTs we work to inform users of threats
and safeguards.
 Endpoint protections:
• Through tools such as anti-virus we work
to protect users computers against
malware threats and attacks.
What can you do if you suspect you have been
 Remove your computer from the network:
• If you suspect you have a virus power
down your computer and unplug the
network connection immediately.
 Change all of your passwords:
• From a different computer, reset all of
your passwords (Network, Banner, etc.).
 Contact the Helpdesk:
• The helpdesk is your first line of support.
They have a protocol for managing
malware infected systems.
 Inventory your data:
• LIS makes no promises of being able to
recover locally stored data. Begin an
inventory off all data and where you have
it stored. This will aid in the recovery
process as well as assessing where we
need to look for potential corruption.
What Can be Done to Prevent an Attack
What is Information Security Doing
What can you do around Information Security
 Education:
• CBT: New CBT being developed
• RoadShow: Updated InfoSec presentation
• Web:
• Working with the Helpdesk to improve
response time for security issues.
 Architecting a More Secure Infrastructure
• Working with CSNS to improve edge
• PCI Enclave
 Technology improvements
• Auditing tools
• Multi-Factor authentication
• Secure communication and messaging
 Governance enhancements
• New Policies: PCI, DCP
• Better Auditing through automation
• Better Monitoring through automation
and more coverage
 Always maintain your anti-virus
 Stay educated and aware on information
security issues
 Employ best and safe computing practices
 Stay aware of current security policies
 Verify all software before instillation
 Only download applications or data from
known sources.
Data Classification – What to Collect and How
What is the Risk
• Loss of Data
Exposure of Data
Corruption of Data
• Reputational Damage
Fines and Loss of Revenue
Legal Repercussions
PCI-DSS: How Schools Compare
PCI-DSS: What Does it Mean to Middlebury and You
Compliance with PCI determines our
ability to process credit cards
A data breach could include your data.
A breach could result in penalties and
fines as well as reputational damage.
As a data processor or an MDRP you are
partially responsible for the protection of
the card holder data.
Middlebury has committed to PCI
through policy and practice.
Middlebury will not accept payment cards
by email or fax and does not store card
data in written form.
A part of PCI-DSS includes education
which will help you better understand the
security concerns
Resources on Information Security
• Privacy Policy =Confidentiality of Data
Web Sites:
• Middlebury’s Information Security
Network Monitoring Policy = Protection
of College Technology Resources
Phishing Information
Technical Incident Response Policy =
Response to Information Security Events
Protect Yourself On-line
Parents Resource for Kids On-line
Best Practices for Home and Work
Data Classification Policy = Defines Data
Red Flags Policy = Identity Theft
Not presently in hand book
PCI Policy = Payment Card Data
Discussion and Links
Please share your thoughts!
Information Security Resources:
Report Information Security Events To: [email protected]