Introduction to Information Security
Office of the Vice President for Information TechnologyMr. Ron Brown, IT Security Analyst
Mr. Corbett Consolvo, Sr. IT Security AnalystMs. Lori McElroy, IT Security Officer
http://security.vpit.txstate.edu [email protected]
Agenda
Security & Appropriate Use UPPSsConfidential InformationSecuring your…
– Workstation– Internet connection– Browser– Information
Best practices
http://security.vpit.txstate.edu [email protected]
Security-Related UPPS
Security of Information Resources 04.01.01– Risk and asset management– Owner and custodian roles– Data classification– Sensitive information handling (including
encryption requirements)
Appropriate Use 04.01.07– Email usage– Personal use– Prohibited activities
http://security.vpit.txstate.edu [email protected]://security.vpit.txstate.edu [email protected]
Data Classification
• e.g., job postings, service offerings, published research, directory information, degree programs.
Public information
• e.g., performance appraisals, dates of birth, and email addresses), donor information.
Sensitive information
• e.g., SSN, credit card info, personal health info.
Restricted information
http://security.vpit.txstate.edu/policies/data_classification
http://security.vpit.txstate.edu [email protected]
Release ofConfidential Information
IMPORTANT NOTE: If you receive a request for information from any external party, and you aren’t certain that the information can be released, consult the Office of the University Attorney before releasing the information.
FACT 1Texas State is a
public institution
FACT 2Texas State is subject to the Texas Public
Information Act
FACT 3TPIA does not make all Texas
State information freely available to
the public
http://security.vpit.txstate.edu [email protected]
Confidential InformationProtections
Technical– Perimeter and local firewall– Anti-virus– Automatic updates– Encryption solutions
What you can do– Treat data like it’s your personal information– Secure unattended workstations, monitors, and desks– Protect confidential conversations– Contact IT Security if you have a business need to
store Restricted data
http://security.vpit.txstate.edu [email protected]
Disposing of Confidential Information
Computer disposal– www.tr.txstate.edu/itac/repair/hardware-disposal– Use Material Management Request Pickup of Surplus
Equipment www.materialsmgt.txstate.edu/Resources---Forms/surplus
Record disposal– Check the Records Retention schedule at
www.library.txstate.edu/about/departments/records/records-management
– Shredding hard copies and electronic copies– Identity Finder
http://security.vpit.txstate.edu [email protected]
Securing Your Workstation
Updating your computer– the “Big Three” 1. Apply operating system patches2. Update the anti-virus/malware software3. Use an operating system firewall
NOTE: If you use a university-configured computer, these updates are enabled
http://security.vpit.txstate.edu [email protected]
Anti-Virus Updates
Automatic or regularly scheduled updates
http://security.vpit.txstate.edu [email protected]
Operating System Updates
Windows– www.updates.microsoft.com– Check to be sure you are on most recent patch level
Macintosh (Mac OS X v10.3 or later)
http://security.vpit.txstate.edu [email protected]
Operating System Firewall
Windows– XP -
www.microsoft.com/windowsxp/using/networking/security/winfirewall
– Win 7 - http://windows.microsoft.com/en-US/windows7/Understanding-Windows-Firewall-settings
Macintosh (Mac OS X v10.2 or later)– www.macinstruct.com/node/165
http://security.vpit.txstate.edu [email protected]
Malware
Malware–what is it and how do I protect myself from it?– Protections: Do not download or install untrusted
or unknown programs– Use anti-spyware software, such as Ad-Aware
(www.lavasoftusa.com) or Windows Defender www.microsoft.com/windows/products/winfamily/defender/default
http://security.vpit.txstate.edu [email protected]
Malware Risks
EDUCAUSE Computer Security Awareness Video Contest 2006 honorable mention, Act Now -Know Your Sources by Stephen Hockman, Christina Manikus, John Sease, & Erin Shulsinger, James Madison University
http://www.educause.edu/SecurityVideoContest2006/7103
http://security.vpit.txstate.edu [email protected]
Securing Mobile Devices
Mobile computing and portable media– Use Passwords, preferably “power on” passwords– Use an additional authentication factor if
possible, such as a fingerprint reader on a laptop– Remove or “shred” all data before disposing or
transferring– Always keep the device with you when you are
away from the office (e.g. do not leave it unattended in a hotel room, conference, or your vehicle
http://security.vpit.txstate.edu [email protected]
Securing Your Internet Connection
Wireless network security– Texas State University's wireless networks
• Open network• Encrypted wireless network setup:
www.tr.txstate.edu/get-connected/computerservices– Wireless security at home
• Change the router’s default password• Use strongest available encryption• Use MAC address restrictions
– Use public wireless networks only for risk-free activities
http://security.vpit.txstate.edu [email protected]
Securing Your BrowserFirefox (3.6.6)Tools -> Options -> Privacy
http://security.vpit.txstate.edu [email protected]
Firefox (Version 3.6.6)Tools -> Options -> Security
http://security.vpit.txstate.edu [email protected]
Internet Explorer (IE 8)Tools ->Internet Options -> Privacy
http://security.vpit.txstate.edu [email protected]
Internet Explorer (IE 8)Tools ->Internet Options -> Content
http://security.vpit.txstate.edu [email protected]
Protecting Your Information
Phishing –what is it and how do I protect myself from it?– IT Security website phishing information:
http://security.vpit.txstate.edu/awareness/phishing– Protections:
• Do not submit personal information in response to an email
• Verify the authenticity and security of web sites before entering your personal information (https, certificates)
http://security.vpit.txstate.edu [email protected]
Data Backup
Regular or automatic backups Protect backup media Protect sensitive information stored on
backup media Critical data should be backed up
frequently Test your recovery
http://security.vpit.txstate.edu [email protected]
Accounts and User IDs
Use separate user accounts– Administrator and normal user
Use separate IDs/passwords by function– Email– Banking– Online purchasing
http://security.vpit.txstate.edu [email protected]
Passwords
Use strong passwords– Mix upper case, lower case, and numeric characters– The longer the better, but a minimum of 8
characters– Use passphrases– Avoid valid dictionary words and proper names
Password Checker Website– www.microsoft.com/protect/yourself/password/checker
http://security.vpit.txstate.edu [email protected]
Social Networking
Use caution when posting personal information
Facebook settings - “friends and friends of friends”
Talk about social networking protections with your family and friends
Limit access to your personal site Remember that pages are cached http://security.vpit.txstate.edu/awareness/s
ocial_networking
http://security.vpit.txstate.edu [email protected]
Applicable Policies and Laws
Texas State University Policies– Security of Texas State Information Resources (UPPS 04.01.01)
• http://www.txstate.edu/effective/upps/upps-04-01-01– Appropriate Use of Information Resources (UPPS 04.01.07)
• http://www.txstate.edu/effective/upps/upps-04-01-07– University Income Recognition and Associated Cash-Handling
Procedures (UPPS No. 03.01.05)• http://www.txstate.edu/effective/upps/upps-03-01-05
Other Federal and State Laws– Texas Administrative Code, Chapter 202 (TAC 202)– TPIA –Texas Public Information Act– FERPA -Federal Educational Rights & Privacy Act– HIPPA -Health Insurance Portability & Accountability Act– GLBA -Gramm-Leach-Bliley Act