Information Security Liaison Awareness Training Kelley Bogart, CISSPSenior Information Security SpecialistUniversity Information Security Office
What is Information Security? Program Process (not a Project) Never 100% Risk Management Improve Security Posture Changing Security Landscape Threats (motives) Countermeasures
Goal of Information SecurityTo ensure theconfidentiality,integrity and Protected Confidentialavailability Information Information(CIA) of critical &systems and Critical Systemsconfidentialinformation
CIA Triad transmission To ensure To ensure the dis e rag protection accuracy and po sto s against completeness of al unauthorized information toaccess to or use protect university of confidential business information processes To ensure that information and vital services are assessible for use when required
Information Security Domains1. Access Control2. Application Security3. Business Continuity and Disaster Recovery Planning4. Cryptography5. Information Security and Risk Management6. Legal, Regulations, Compliance and Investigations7. Operations Security8. Physical (Environmental) Security9. Security Architecture and Design10. Telecommunications and Network Security
90/10 Rule90% People Process Technology10%
What is Security Awareness?Security awareness is the knowledge, skill and attitude an individualpossesses regarding the protection of information assets.Being Security Aware means you understand that there is the potentialfor some people to deliberately or accidentally steal, damage, ormisuse your account, computer or the data stored on your computer.Awareness of the risks and available safeguards is the first line ofdefense for the security of information, systems and networks.
Security AwarenessIncludes: Information about how to Protect Detect React Knowledge, Skill and Attitude The What The How The Why Include WIIFM What’s in it for me? Culture Change
State of the Internet
Defense in Depth Anti-Virus Network Anti-Spyware Host Encrypted Session ControlsCommunication Application Limit Use of “Privileged” Strong Passwords Accounts OS and App Physical Patches Security
Account Access Controls Passwords Strong Not Shared Storage Accounts Limit use of Privileged Accounts Session Controls Password protected screensaver Ctrl-Alt Delete (enter) or Windows L
Wireless – On Campus Use only UAWifi (not public) Security (WPA2 & PEAP) No Rate or Port limitationhttp://uawifi.arizona.edu
Use of Other Wireless Home Change default admin username and password Configure to use encryption (avoid WEP, use WPA or WPA2) Do not Broadcast SSID Ask your computer savvy friend to help you configure your home wireless to use encryption Wireless Security Page (on Computer security resource hand out) Other Airports, Hotels, Conferences “Free” WiFi Hotspots
Surf Safely You know there are bad parts of town that you don’t go to The Internet is the same way – be wary!