1 / 8

Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security. Information Security Awareness Training. UMMS Information Security CWM Office of Compliance & Review. What is Information Security?. Info Sec is the protection of data in all forms. Electronic files Static files

zorion
Télécharger la présentation

Welcome to New Hire Orientation Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to New Hire Orientation Information Security

  2. Information Security Awareness Training UMMS Information Security CWM Office of Compliance & Review

  3. What is Information Security? Info Sec is the protection of data in all forms • Electronic files • Static files • Database files • Paper documents • Printed materials • Hand written notes • Photographs • Recordings • Video recordings • Audio recordings • Conversations • Telephone • Cell phone • Face to face • Messages • Email • Fax • Video • Instant messages • Paper messages

  4. Why is this Important? • A data breach could result in: • Requirement to report the loss • HIPAA, FERPA, MGL c.93H, PCI, SOX, others • Civil and criminal penalties • Damage to organizational reputation • Loss of revenue • Individual accountability

  5. Isn’t this just a technical problem? • Technology defenses comprise roughly 15% of our controls • Technical controls often cannot compensate for user’s behavior • Cyber-criminals focus on users as a weak link in security • Having a security-aware workforce is a requirement in today’s threat landscape

  6. What are the risks? Evolving “Threat Landscape” • Older attacks targeted infrastructure • Modern attacks target users Nature of threat landscape • Over 90% of Cyber thieves are affiliated with organized crime • Their sophistication rivals those of commercial software vendors Methods of infection • Cyber thieves attack high-volume web sites • Computers that visit the site become infected • Email-borne ‘malware’ • Infected machine “phones home” to say I’m infected • Use the infected computer to strengthen their hold on the organization Amateurs target systems, Professionals target users --Kevin Mitnick

  7. What can I do? • Become aware of cyber threats • Understand that YOU are often the front line of defense against cyber threats • Understand data sensitivity and how to manage data appropriately • Safeguard information that is entrusted to you • Report suspected InfoSec incidents

  8. Security Resources • On-line security awareness course: http://onlinetraining.umassmed.edu/infosecreg/event/event_info.html • UMMS IS Help Desk 508-856-8643 • CWM Office of Compliance and Review 508-856-6547

More Related