Computer Security and Awareness at UT - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Computer Security and Awareness at UT

Description:

... and Awareness at UT ... care about Information Security at UT? Breaches happen here! ... on faculty homepage - 150 UT students affected and notified ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 8
Provided by: Mcra5
Category:

less

Transcript and Presenter's Notes

Title: Computer Security and Awareness at UT


1
Computer Security and Awareness at UT
  • Presented to the Professional Development for
    Academic Administrators (PDAA) committee

2
Why should you care about Information Security at
UT?
  • Breaches happen here!
  • 2007 Dept Administrator had hard drive stolen
    from her desktop computer in office
  • 2006 Professor responds to phishing email
    hacker gains access to his mailbox within 1 hr
  • 2005 Faculty posts an Excel file with student
    grades on faculty homepage - 150 UT students
    affected and notified (googled)
  • 2005 4 university owned laptops are stolen from
    Registrars office, over 2200 students notified

3
Why should you care about Information Security at
UT?
  • Federal and State Laws
  • FERPA
  • HIPAA
  • GLBA
  • Ohio Notification Law (HB104 - ORC 1347.12)
  • University Policy

4
Why should you care about Information Security at
UT?
  • Associated cost to UT
  • Time and money to investigate
  • Notification Process
  • Impact to reputation
  • Possible penalties if not reported timely
  • Internal depts affected (IT, police, compliance,
    legal, communications, administration, offended
    dept)

5
What is Management responsible for?
  • Communicate importance of information security
  • Make information security training mandatory for
    staff
  • Regular communication of security practices
  • Standing agenda item
  • Be a Security Aware role-model
  • Departmental knowledge of information security
  • Know physical and information assets
  • Review users permissions
  • Implementation of information security
  • Implementation of security best practices
  • Initiate departmental self-assessments
  • Follow separation/transfer guidelines established
    by HR
  • Discipline of breaches
  • Insure proper security practices are implemented
    over departmentally controlled / hosted systems
    data
  • Assign individuals in the department to be the
    information security police

6
What are employees responsible for?
  • Know and follow Federal / State Laws and
    University policy
  • Employees themselves are personally liable for
    the data that they use
  • Prevention
  • Perform regular self-assessments
  • Inventory of sensitive information
  • Audit
  • Find and move local data
  • Take Information security training
  • Regular review of information security best
    practices
  • Report all computer security concerns
  • Ask questions!
  • Help others follow security best practices

7
Breach Response Procedures
  • Talk to your supervisor (recommended as first
    step)
  • Report incident to the Compliance Office (Lynn
    Hutt)
  • Anonymous Reporting is always available!!
  • Identify possible data that may have been
    compromised
  • Respond to requests of the Response Team
  • Establish corrective actions for future
    prevention
  • Refer to preventive actions described previously!
Write a Comment
User Comments (0)
About PowerShow.com