IT Security Awarenesss by Northern Virginia Community College
IT Security Awareness:
Information Security is
A Guide to Information Technology Security at
Goals of IT Security
To assist faculty and staff in using safe,
secure computer practice to safeguard
College computing systems and data they
store or access.
To answer any questions about information
security requirements and procedures
To promote Computer Security Awareness
What Is IT Security
Information Technology Security Awareness
means understanding various information
technology threats that exist in one's
computing environment and taking reasonable
steps to guard against them.
Who Is Responsible for
Everyone who uses a computer needs to know
how to keep his or her computer and data
secure to ensure a safe working
NOTE: Security Awareness is one of the thirteen
security components required in the COV ITRM
Who Must Have Security
All new employees who use information
technology or have access to areas where
information resources reside, must receive
formal training within 30 days
Refresher training must be provided to all
personnel annually at a minimum
What Are User Personal
Report security violations
Develop “end-of-day” security procedures
Practice proper telephone and e-mail security
Clear physical area in office of sensitive data
when not in office
Do not leave your portable unattended
Lock your office, if possible
What Are the
Risk to security and integrity of personal or
Los of employee and public trust resulting in
embarrassment and bad publicity
Costly reporting requirements in case of compromise
of sensitive information
Internal disciplinary action(s) up to and including
termination of employment, possible penalties,
prosecution, & potential for sanctions/lawsuits
What Must Be Included in
the Security Awareness
Provide both general and position
appropriate security awareness content
Specify timeframes for receiving initial,
ongoing and refresher training
Be documented on an auditable medium
Be approved by the Information Systems
How Is Security
Receipt of training must be documented in
employee’s personnel file with employee’s
acknowledgement of receipt and understanding
All training must be documented and filed with
Information Systems Security Officer and
available for audit
How Can Training Be
New employee orientation
Web delivery via Web Pages, PowerPoint or video
Tip of the month via email to distribution lists
How Can Training Be
Brown bag lunch sessions
How Do I Secure My
Use a firewall
Use strong passwords
Use antivirus software
Install security patches
Share files correctly
Back up files regularly
Don’t store sensitive information on hard
How Can I Prevent
Spyware on my
Avoid free tool bars for your browser since
they may come with spyware
Regularly use spam cleaners to remove
How Do I Use USB Flash
Back up files on USB flash drive
Do not store sensitive data, such as SSNs or
student grades, on USB flash drive
If possible, use password to protect data on
USB flash drive
Remember to remove drive from your
computer before walking away
What Is Safe Email
Don’t open email attachments unless you
know what they are.
Don’t open, forward or reply to spam or
suspicious emails; delete them.
Be aware of sure signs of scam email.
• Not addressed to you by name
• Asks for personal or financial information
• Asks you for password
• Asks you to forward it to lots of other people
Safe Email Practice
Don’t click on website addresses in emails
unless you know what you are opening.
Use official VCCS student email to
communicate with students about grades or to
provide feedback on assignments.
Report email security concerns to IT Help Desk.
How Do I Recognize
Phishing is type of email or instant message
scam designed to steal your identity.
Phishing is the act of attempting to
fraudulently acquire sensitive information,
such as usernames, passwords, and credit
card details, by masquerading as trustworthy
entity in electronic communication using
email or instant message.
How Can I Safeguard
Don’t reply to email or pop-up messages that ask
for personal or financial information.
Don’t click on links in email or instant message.
Don’t cut and paste link from questionable
message into your Web browser.
Use antivirus and firewalls and update them
Don’t email personal or financial information.
If you are scammed, visit Federal Trade
Commission’s Identity Theft website –
How Do I Protect Sensitive
Protect sensitive information on lists and
reports with social security numbers (SSNs).
Limit access to lists and reports with SSNs to
those who specifically need SSNs for official
Never store SSNs or lists with SSNs on
laptops or home computers.
Save and store sensitive information on server
managed by campus or college IT staff.
Protection of Sensitive
Never copy sensitive data to CDs, disks, or
portable storage devices.
Do not sore lists with sensitive information on
Lock printed materials with sensitive data in
drawers or cabinets when you leave at night.
When done with printed sensitive material,
Protection of Sensitive
Remove sensitive materials from printer right
If problem with printer, turn off printer to remove
sensitive material from printer’s memory.
Personally deliver sensitive materials to recipient
or distribute information electronically using
College’s email system.
Arrange for shared electronic file that requires
user ID and password.
What Are the Password
Passwords must be treated as sensitive and
Never share your password with anyone for
Passwords should not be written down, stored
electronically, or published.
Be sure to change initial passwords, password
resets and default passwords first time you log in.
Use different passwords for your different
Create passwords that are
• not common,
• avoid common keyboard sequences,
• contain personal information, such as pets & birthdays.
What Are the Steps to
Take to Ensure Safe
Use cryptic passwords that can’t be easily
guessed and protect your passwords.
Secure your area, files and portable equipment
before leaving them unattended.
Make sure your computer is protected with
anti-virus and all security patches and updates.
Steps to Ensure Safe
Make backup copies of data you do not want to
lose and store the copies very securely.
Don’t save sensitive information on portable
devises, such as laptops, memory sticks, PDAs
data phones, CDs/DVDs.
Practice safe emailing.
Be responsible when using the Internet.
Steps to Ensure Safe
Don’t install unknown or suspicious programs
on your computer.
Prevent illegal duplication of proprietary
Protect against sypware/adware.
How Should I Report
Immediately report suspected security
incidents & breaches to your supervisor and
the IT Help Desk.
Use the handout found on the IT Security
Awareness Training website as easy
reference for steps to follow to ensure
College and Campus
Contact the IT HelpDesk
Contact the Office of Instructional & Information
Technology Support Services
Contact your campus Information Technology
Campus IT Staff
Dave Babel (AL) email@example.com
Bruce Ghofrany (AN) firstname.lastname@example.org
Jeff Howlett (MEC) email@example.com
Kevin Kelley (LO) firstname.lastname@example.org
Lynn Bowers (MA) email@example.com
Lynn Feist (WO) firstname.lastname@example.org
Peter Tharp (CS) email@example.com
Tom Pyron (ELI) firstname.lastname@example.org