1 / 18

SECURITY IS A STATE OF MIND

SECURITY IS A STATE OF MIND. United States Agency For International Development M/IRM/ISS William R. Cleveland <wcleveland@usaid.gov> June 99. SO WHAT???. Some consequences of a lack of proper and effective Information Systems Security Program include...

glora
Télécharger la présentation

SECURITY IS A STATE OF MIND

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY IS A STATE OF MIND United States Agency For International Development M/IRM/ISS William R. Cleveland <wcleveland@usaid.gov> June 99 UNCLASSIFIED

  2. SO WHAT??? Some consequences of a lack of proper and effective Information Systems Security Program include... • The inability of both you and USAID to perform assigned responsibilities and provide needed services to the Department of State and client nations. • The waste, loss, or abuse of USAID resources. • The loss of credibility or embarrassment to USAID. UNCLASSIFIED

  3. Information System Security Contacts USAID Information Systems Security Officer: Jim Craft <jcraft@usaid.gov> (202) 712-4559 Senior Security Consultant: Mike Fuksa <mfuksa@usaid.gov> (202) 712-1096 Ante Penaso <apenaso@usaid.gov> (703)-465-7008 Security Training and Awareness Bill Cleveland <wcleveland@usaid.gov> (703) 465-7067 UNCLASSIFIED

  4. User Responsibilities • Use Government software and services for official business only as authorized • Protect sensitive information • Protect passwords/tokens and report suspected compromise to supervisor or ISSO. • Maintain a “Security Mindset” • Comply with USAID ISSDirectives UNCLASSIFIED

  5. Employee Accountability • Accountability -- insures that the actions of any person may be traced back to that person. • Requirements include: • Identification and authentication • Audit Trails Remember: YOU are accountable for ALL activity that occurs under YOUR system user identification! UNCLASSIFIED

  6. Workstation Protection • Comply with the physical security requirements of your office. • Other area protection responsibilities limited • Ensure secure work habits • Don’t try to bypass security • Make security a habit UNCLASSIFIED

  7. Workstation Protection (2) • Never leave your computer unattended • use password protected screen saver • for short periods of time (lunch, etc) • log off at the end of the day • Protect sensitive information • store it in a private area • encrypt it UNCLASSIFIED

  8. Password Protection • Personal passwords must remain private • Follow prescribed user ID/password guidelines • Don’t let anyone else use it • Don’t write it down • Don’t type a password while others watch • Don’t record password on-line or e-mail it • Don’t use easily guessed words • Change it regularly UNCLASSIFIED

  9. Password Requirements • NEVER disclose your password! • Passwords must be at least six characters (alphanumeric) • e.g., I8NY2x Dog&Man3 • Passwords must be changed periodically • USAID requires every 90 days • Reminders will be sent to all users • Treat Your Password Like A Toothbrush… Don’t Share It, and Change It Often! UNCLASSIFIED

  10. Virus Protection • Protection: • Use media from trusted sources • Check all files and programs before use • Make backup copies of known clean media • Do not boot from diskette if possible • Install USAID Antivirus software programs • Make sure virus programs are current UNCLASSIFIED

  11. Data and File Backups • Backup your data regularly • Verify your backups • Protect your backups • Disposition • Sensitivity • Disclosure Potential UNCLASSIFIED

  12. Human Security Factors • Be proactive and question strange things • report abnormalities to supervisor or ISSO • NEVER assume ANYTHING • “Trust But Verify” -- NEVER assume someone or something is what he/it appears to be • NEVER blindly trust unconfirmed rumors • Above all…USE COMMON SENSE UNCLASSIFIED

  13. SBU INFORMATION • Official Information That Warrants Protection • Financial, Medical, Contract, Personnel • Is legally exempt from public disclosure • SBU access is on a Need-To-Know Basis • Use Common Sense in handling SBU info. • Must take reasonable safeguards to prevent unauthorized access/disclosure/modification • USAID Policy Letter 2/1997 UNCLASSIFIED

  14. Classified Computing • Only done at authorized, MARKED terminals. • Not INTERNET-reachable • In accordance with USAID/IG and DoD regulations • Contact supervisor, IG, or ISSO for Agency guidance UNCLASSIFIED

  15. SMARTGATE Security software administered by the IRM/ISS Group that provides a secure method for employees and contractors to connect into the USAID global network (AIDNET) from a dial-in modem or internet service provider. Allows IRM/ISS to monitor authorized dial-up connections to AIDNET UNCLASSIFIED

  16. E-Mail Security • Unsecured and Easy to Intercept • Do not transmit NSI (classified data) over E-Mail • SBU can be e-mailed ONLY as required • Subject to Agency monitoring for compliance • Do NOT pass on Chain Letters or Rumors!! • Remember that E-Mail is NOT PRIVATE!!! Think of e-mail as a postcard … would you send sensitive business material on a card anyone can read? UNCLASSIFIED

  17. INTERNET Security • E-mail registration on external WWW sites can lead to unwanted e-mail, ads, or SPAM • Java and JavaScript applets look nice but can threaten confidentiality of your data • Remote WWW sites can see where you are coming from (e.g., usaid.gov) • They can monitor your activity • Reflects on the Agency if abused UNCLASSIFIED

  18. CONTACT INFORMATION William R. Cleveland (Training and Awareness) M/IRM/ISS (703) 465-7054 <wcleveland@usaid.gov> SECURITY IS A STATE OF MIND! UNCLASSIFIED

More Related