Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | lily-clark |
View: | 217 times |
Download: | 2 times |
Information Systems Security for the Special Educator
MGMT 636 – Information Systems Security
Overview
• Awareness of information systems security in work and at home.
• Basic understanding of security techniques that can be implemented in both the work environment and at home.
Legal Environment
• FERPA– Family Educational Rights and Privacy Act
L.S. v. Mount Olive Board of Education (New Jersey)
– 11th grade English class studying The Catcher in the Rye.• An assignment required students to create a psychological
profile of the main character.• The teacher obtained a real psychological profile from the
school’s psychologist to use as an example.• Even though the profile was redacted, a student deduced
that the profile was his friend’s psychological profile.
Legal Environment
• FERPA– L.S. v. Mount Olive Board of Education (New
Jersey)
• The court ruled that the teacher and the school’s psychologist could be personally sued under 42 U.S.C. § 1983: Civil action for deprivation of rights.
• Extreme case due to negligence.
Work Computing Environment
• District and school policies concerning information systems security.– Know your data.
• Schools provide protection infrastructure.– Firewalls to protect networked computers.
• School assumes risk in case of a security breach, unless negligence is found.
Protecting Your Computer
• Password protect your computer.• Lock computer when away.• Use username and password to login.
– Do not share password or accounts.– Do not allow others use your computer while
you are logged in.• Someone could e-mail parents, students, your
boss.
Protect Your Files
• MS Office: 2010 offers AES 128-bit advanced encryption.
• iWork offers encryption.• File encryption software.
– Third party software.• Requires being able to add
software to computer.
Encryption
• Benefits– “Scrambles data” making
it unusable in it’s encrypted
state.
• Downfalls– Forgotten password.– Business continuity.
Password Construction
• In order to understand solid password creation, it is important to understand the three basic techniques to “crack” a password.
Three Basic File Hacking Techniques
• Shoulder surfing and social engineering.• Brute force attack.
– A properly designed password can make this technique take a million years to crack.
• Dictionary attack.– Avoid common words and combinations.– Avoid common password security techniques.
• i=!, i=1, a=@, and etcetera.
Password Construction
• The longer the better.• What is a bit and what does it mean?• Using a passphrase.
“and she's climbing the stairway to heaven”
Password Construction
The Next Level• Multi-Factor Authentication
– Goes beyond username and password.• Requires additional information that only the user
would know (knowledge factor).
• Increases security. Used by banks and credit reporting agencies.
– Questions such as “Name of your first pet” or “Name of company that holds your home mortgage”.
Taking Work Home• Risk transference.
– You are now responsible for data security.• Does this violate security policies?• Transportation of data.
– Flash Drive• SanDisk Cruzer offers software to encrypt the
entire flash drive (SanDisk Secure Access).
– E-Mail: Not highly secure on its own.– Laptop: Whole device could be stolen.
Home Networking Security
The firewall is the first line of defense.• Decent router with firewall.• Wi-Fi with good encryption protocols and a
strong password.
Personal Devices
Risks• Text messaging.• E-mail.• Loss of device or laptop.
– Password protect entire device.– Google’s pattern lock.
Questions?
Questions?