Information Security and Document Protection

1
Information Security and Document Protection

• California State University, Dominguez Hills
• I.T. Help Desk

2
Why is Information Security and Document
Protection important?

• Data on over 600,000 students and employees was
  lost or stolen in 2004 by California
  Universities. http//www.msnbc.msn.com/id/5905423
  /
• In March 2005, University of California, Berkeley
  had 100,000 student records losthttp//www.msnbc.
  msn.com/id/7320552/

3
Why is Information Security and Document
Protection important?

• In May, 2005 CitiBank had 3.9 million current and
  former credit card holders financial data
  stolen.http//www.msnbc.msn.com/id/8119720/
• In 2005, Bank of America has had at least 1.9
  million financial records lost or
  stolen.http//www.msnbc.msn.com/id/7954620/ and
  http//www.msnbc.msn.com/id/7032779/

4
Why is Information Security and Document
Protection important?

• California State University, Dominguez Hills has
  a responsibility both under state and federal law
  to take steps to ensure private information is
  kept confidential.

5
Why is Information Security and Document
Protection important?

• State and Federal Laws include the following
• All necessary means must be taken to ensure and
  protect the confidentiality of personal
  information.
• California Statute 1798.29 (e) states For
  purposes of this section, "personal information"
  means an individual's first name or first initial
  and last name in combination with any one or more
  of the following data elements, when either the
  name or the data elements are not encrypted
• (1) Social security number.
• (2) Driver's license number or California ID Card
  number.
• (3) Account number, credit or debit card number,
  in combination with any required security code,
  access code, or password that would permit access
  to an individual's financial account.

6
Why is Information Security and Document
Protection important?

• State and Federal Laws include the following
• When confidential information is lost, the
  persons who are affected must be informed as soon
  as possible.
• When confidential information is stolen, it must
  be reported to law enforcement and the persons
  affected notified as soon as possible.
• The collection and maintaining of confidential
  information should only be done when absolutely
  needed and only kept for as long as absolutely
  needed.
• It is a crime to knowingly conceal the loss or
  theft of confidential information.
• Confidential information must be destroyed in a
  way that it cannot be recovered.

7
What are some of the ways information is stolen
or lost?

• Storing information in an insecure location or
  careless handling of information
• Open access to computer systems
• Insecure file shares
• Spyware or peer-to-peer file sharing software can
  leave information vulnerable
• Computer systems can be hacked or broken into

8
What kinds of information need to be protected?

• Social Security Numbers and Campus IDs.
• Financial information, including but not limited
  to bank account numbers, insurance policy
  numbers, and credit or debit card numbers.
• Drivers license or state ID numbers.

9
What kinds of information need to be protected?

• Medical information, including but not limited to
  doctors reports, prescriptions, and medical
  history.
• Private student information including but not
  limited to grades and performance measures.
• Employee and Student records containing personal
  information.

10
What kinds of information need to be protected?

• Employee performance information including but
  not limited to performance evaluations and
  discipline letters.
• Dates of birth.
• Login information, passwords, pin numbers, and
  account numbers.
• Any information that if published could damage
  the university, its employees or students.

11
How is information secured?

• Four Areas of concern for Information Security

12
Creation and Access Control both print and
electronic media.

• Is it needed?
• Unnecessary copies?
• Who is receiving the data?
• Permissions?
• Is it CONFIDENTIAL?

13
Workstation Security

• Is your PC locked?
• Free or bundled software
• Peer-to-Peer sharing

14
Workstation Security

• Attachments
• Virus protection and spyware protection
• Patches
• Complex passwords
• Proper disposal of information
• Proper disposal of confidential information

15
Special Thanks

• California State University, Fullerton
• Employee Training Development
• Timothy Benbow

16
Okay, so what do I do now!

• Protect Yourself Change your password
• Its as simple as Ctrl Alt Del!
• Must be at least 8 characters
• Use at least 3 of the 4 types of keys
• Uppercase/ Lowercase/ 1,2,3.../ and Any Symbol
  !_at_( )
• You can change your password in Outlook Web
  Access (OWA) too!

17
Extra Password Security

• Login with an account that does not have admin
  rights
• Admin passwords should be extremely complex

18
Avoid Lockouts

• Lockouts are activated after 3 incorrect login
  tries
• If you are locked out your account will be
  reset automatically after 30 minutes / Otherwise
  call 2500 for a quicker reset

19
LOCK YOUR WORK STATION
20
Norton Anti Virus

• Latest Version 9.0 DHAVS01

21
Schedule Automatic Scans
22
Keep your system up to datewith Window Automatic
Updates
23
Outlook SPAMID Rule
24
How to Protect Yourself _at_ Home

• Microsoft Work At Home Software
• CSUDH Virtual Private Network is designed to
  allow Faculty and Staff to securely "tunnel" into
  the campus over other networks, such as DSL
  Internet access services as if they were on
  campus.
• Visit http//network.csudh.edu for more
  information

25
(No Transcript)
26
If you have any questions

• Please call the CSUDH I.T. Help Desk
• _at_
• 310-243-2500
• Ext. 2500
• helpdesk_at_csudh.edu