This document outlines an information security roadshow covering topics like recognizing secure websites, avoiding phishing scams, understanding privacy laws and best practices for secure computing. It discusses why security is important to protect individuals and institutions from identity theft, data loss, and legal liability. Recommendations are provided for identifying spoofed sites, spotting phishing attempts, and social engineering as well as complying with regulations like FERPA, HIPAA, and PCI.
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
The “Privacy Today” presentation was written for the IAPP by Professor Peter Swire of the Moritz College of Law of the Ohio State University. The materials cover the definition of privacy, ways to protect privacy, privacy harms, and fair information practices. The “Privacy Today” presentation is designed for college and university students.
Licensed under Creative Commons Attribution 3.0 Unported
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
The “Privacy Today” presentation was written for the IAPP by Professor Peter Swire of the Moritz College of Law of the Ohio State University. The materials cover the definition of privacy, ways to protect privacy, privacy harms, and fair information practices. The “Privacy Today” presentation is designed for college and university students.
Licensed under Creative Commons Attribution 3.0 Unported
Managing Data Breach Communication on The Social WebBoyd Neil
This is an update on a presentation I made a year ago on data breaches. It includes a couple of slides on social web comment on the Heartbleed bug, in particular the role of Twitter as the key platform for comment.
This is a copy of my presentation at the 2013 VT Family Law Conference. This lecture discusses the growing importance of electronic evidence in divorce litigation, and provides suggestions on how to locate, recover, and preserve emails, social media posts, pictures, and computer files. It also covers the legal risks that attorneys and their clients face if they are too aggressive in pursuing electronic evidence.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Who owns your data ans why should you careDerek Keats
This is a video that was made from a webinar I did for Living in a connected world: Who owns my data, and why should I care? that was held by Nedbank, JCSE and EE Business Intelligence. My focus was on what ownership means.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Managing Data Breach Communication on The Social WebBoyd Neil
This is an update on a presentation I made a year ago on data breaches. It includes a couple of slides on social web comment on the Heartbleed bug, in particular the role of Twitter as the key platform for comment.
This is a copy of my presentation at the 2013 VT Family Law Conference. This lecture discusses the growing importance of electronic evidence in divorce litigation, and provides suggestions on how to locate, recover, and preserve emails, social media posts, pictures, and computer files. It also covers the legal risks that attorneys and their clients face if they are too aggressive in pursuing electronic evidence.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Who owns your data ans why should you careDerek Keats
This is a video that was made from a webinar I did for Living in a connected world: Who owns my data, and why should I care? that was held by Nedbank, JCSE and EE Business Intelligence. My focus was on what ownership means.
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
With all the things that go "bump" in the night, nothing worries administrators and even end users more than a security incident. This webinar will focus on building an understanding of IT Security and the tools that can help mitigate risk. Moreover, attendees will leave with a clear understanding of general informational security terms and processes that they can implement in their library same day to help safeguard and better protect their infrastructure and data. Brian Pichman of the Evolve Project will lead us through putting together components for a Security and Risk Plan and how to properly respond to threats and attacks.
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
Step right into a realm where cyber security meets the enchanting world of Harry Potter! Join Brian Pichman, our fearless Defense Against the Dark Arts wizard, as he unveils the secrets to safeguarding our digital realms. Prepare to be captivated as Brian illuminates the spellbinding techniques of encryption, firewalls, and intrusion detection, equipping us to fortify our cherished data against the sinister forces of the digital realm.
But beware! Just like in the magical world, treacherous adversaries prowl the shadows. Brian will expose the dark arts of phishing, ransomware, and social engineering, empowering us to defend our digital castles. Engrossed in tales of peril and armed with ancient cyber security spells, this captivating presentation promises to leave you spellbound and ready to protect yourself in this ever-evolving landscape. So grab your wands and brace yourselves as Brian Pichman conjures a shield of protection, ensuring the safety of our digital realms against the forces of darkness. Together, we shall prevail in this journey of cyber security and magic.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
CyberSecurity - Computers In Libraries 2024Brian Pichman
Protecting privacy and security while leveraging technology to accomplish positive change is becoming a serious challenge for individuals, communities, and businesses. This workshop, led by expert leaders and practitioners, covers personal and organizational privacy as well as top security issues for libraries and their communities, especially the implications of AI. If you don’t have a security plan in place, are unsure of where to even start to make sure your library is secure, or have an existing plan in place but want to cross your T’s and dot your I’s, come to this interactive workshop.
Presentation on personal digital security for the Overseas Security Advisory Council (OSAC) Bureau of Diplomatic Security - United States Department of State.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
Protecting Yourself From Data and Identity TheftMary Lou Roberts
With some data on the prevalence of identity theft, this presentation offers tools and advice from experts as well as personal experience and advice from the author.
The Masterclass on Safeguarding Your Digital World, Outsmart Scammers and Protect Your Online Identity was presented by Richard Mawa Michael an awardee of the Ingressive 4 Good Cybersecurity Scholarship. He presented to South Sudanese audience on Saturday 02 September 2023 from 1 PM to 3 PM Central African Time in a session convened by the Excellence Foundation for South Sudan
2. Roadshow Outline
Why We Care About Information Security
Safe Computing
• Recognize a Secure Web Site (HTTPS)
• How to Spot a Spoofed Web Site
• Recognize a Phishing Attempt
• What is Social Engineering
Privacy and Compliance
• PCI/HIPAA/FERPA
• Policy
• Privacy and Best Practice
3. Why We Care About Information Security
Personal Reasons:
Identity Theft
Loss of Data
Financial Loss
Poor Computer Performance
Institutional Reasons:
Protect Middlebury College and The Monterey Institute of International Studies
Compliance with Laws and Standards
Prevent Reputational Damage
Reduce Legal Liability for the College
As Well As the Personal Reasons Listed Above
4. How do I Know a Web Site is Secure?
• HTTPS in the Address bar
is an indicator of a secure
web site.
• A web site encrypted with
SSL should display a near the
address bar.
• Not all devices or
browsers
display the
same.
5. What is a Spoofed Web Site
• Just because the site
looks like MIIS
does not mean it is
• Check the address or URL
• Never enter login information unless the site is secure and you have checked the URL
6. How to Spot Phishing
• Forward all suspected Phishing messages to phishing@miis.edu before deleting the
message.
• If you fall victim to a phishing attack RESET your password immediately and then call the
Helpdesk.
7. What is FakeAV
• Tries to look like regular AV
• Clicking on the warning will download a virus
• Often the best bet is a hard shutdown of the
system
• Know what your AV warnings look like
• Sophos anti-virus does offer some web
protections which help to prevent the download
activity of FakeAV.
8. Social Engineering
• Social engineering, in the context of security, is understood to mean the art of manipulating people
into performing actions or divulging confidential information. While it is similar to a confidence trick or
simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or
computer system access; in most cases the attacker never comes face-to-face with the victims.
(From Wikipedia)
Examples:
• You are in a hotel and receive a call from the front desk to confirm your credit card details.
• You receive a call at work from support services asking for your password to fix a problem on your
computer.
• You are at home and get a call from the help desk asking for your login information to reset your email
account.
9. What Laws Protect Information Here at Monterey
• Family Education Rights and Privacy Act (FERPA) = Student Data
• Health Information Portability and Accountability Act (HIPAA) = Health Data
• Sarbanes – Oxley Act (SOX) = Financial Data for Businesses
• Gramm Leach Bliley Act (GLBA) = Financial Data for Lending Institutions
• California Law SB 1386 / VT Act 162 = State Breach Notification laws
• Payment Card Industry Standards (PCI-DSS) = Credit/Debit Card Data
10. What Policies Protect Information Here at Monterey
• Privacy Policy = Confidentiality of Data
http://go.miis.edu/privacy
• Network Monitoring Policy = Protection of College Technology Resources
http://go.miis.edu/netmon
• Technical Incident Response Policy = Response to Information Security Events
http://go.miis.edu/tirp
• Data Classification Policy = Defines Data Types
Not in handbook as of yet
• Red Flags Policy = Identity Theft Protection
Not presently in hand book
• PCI Policy = Payment Card Data Handling
http://go.miis.edu/policy?pci
Other Policies Live Here:
http://www.miis.edu/media/view/30606/original/employee_handbook_rev_02.01.2013.pdf
11. What are Some Best Practices
Do• Look for HTTPS and other key address
indicators when you are going to different web
sites.
• Use a strong challenge question in Banner SSB
• Redaction – remove or mask (block out)
personally identifiable information when sharing
data
• Be suspicious of unsolicited email or phone calls.
•Lock your computer or secure information when
you leave your work space.
•Use Anti-Virus on both your work and home
systems
•Use secure passwords which you change often.
This also applies to mobile devices.
Do
12. What are Some Best Practices
Do Not• DO NOT write down or share your passwords
- tools such as eWallet or 1Password work
well as secure password storage alternatives.
• DO NOT store confidential data on unencrypted
thumb drives or other unsecured media
-if you need to transfer the data encrypt the
file or password protect the file and keep a
master copy on the server.
Do Not
• DO NOT place confidential data in email
-email a link to where the file is stored.
This may add complexity but increases
security. Windows Explorer can show
you the path to the location of the file.
• DO NOT record sensitive data on the College
web site, blog or Wiki
13. Discussion and Links
Please share your thoughts!
Information Security Resources:
http://go.middlebury.edu/infosec
http://go.miis.edu/infosec
Report Information Security Events To: infosec@middlebury.edu
Editor's Notes
What is HTTPS and how does HTTPS/SSL protect you. What is the significance of the Lock and how can one use the lock to help themself.
I am on an HTTPS site why is that not enough. The site looks like Middlebury how can I tell it is not. What is an address bar in the first place. What if I am on my phone. How do I check the URLL in an email link?
What is phishing? Why do people do this stuff in the first place? What is the risk of a phishing attack or those spoofed web sites