This presentation was given on April 1st, 2011 as part of Wharton Computing's Techfast series. More information about Techfast can be found: http://technology.wharton.upenn.edu/techfast
3. Two quotes from experts 3 As head of security it is my duty to be... concerned. - Worf, USS Enterprise By failing to prepare, you are preparing to fail. - B. Franklin, local celebrity Wharton Computing 4/1/11
4. The Internet is out to get you (only a little) 4 Wharton Computing 4/1/11
73. Home computers: Ideal Dedicated computer: Only you use your computer. Password protected. 73 Wharton Computing 4/1/11
74. Home computers: Practical Multiple accounts: Each user has their own individual account. VPN. Don’t store work files on home computer. 74 Wharton Computing 4/1/11
85. Legally Protected As defined by the government. SSNs Credit Card Data Bank Account information Medical data Student enrollment data (anything defined in FERPA) 85 Wharton Computing 4/1/11
86.
87. University Policy “This policy establishes expectations around the use of SSNs - sensitive data whose misuse poses privacy risks to individuals, and compliance and reputational risks to the University. It calls on staff, faculty, contractors, and agents of the above to inventory their online and offline SSNs and reduce the above risks by, in priority order: (1) eliminating this data altogether, (2) converting it to PennID, (3) truncating the data to capture and display only the last four digits, (4) when the complete SSN is clearly necessary, ensuring strict security controls to protect the full data.” 87 Wharton Computing 4/1/11
88. University Policy - Summary Four easy things to do: Eliminate Convert (to PennID) Truncate Secure 88 Wharton Computing 4/1/11
95. IMPORTANT None of your data is transmitted/stored on the Identity Finder Management server Only location/general type of found data is transmitted (securely) No data will be deleted from your computer by Wharton Computing without your consent 4/1/11 WHARTON COMPUTING 95
96. How “dangerous” is your confidential data? 3 questions to help gauge your risk How much do you have? Who does it include? What else is stored with it? 96 Wharton Computing 4/1/11
97. How do youmanageit? Know what you have Keep it separated Make sure it is secure 97 Wharton Computing 4/1/11
99. Securingyourconfidential data Never let anyone log in as you. Don’t allow workstudies to use a computer that contains confidential data 99 Wharton Computing 4/1/11
104. Contact us 104 Barry Wilson Chief Security Officer wilsonbf@wharton.upenn.edu Scott McNulty Sr. IT Project Leader smcnulty@wharton.upenn.edu security@wharton.upenn.edu http://beacon.wharton.upenn.edu/security Wharton Computing 4/1/11
105. Tell us what you think! Tech-fast@wharton.upenn.edu 4/1/11 WHARTON COMPUTING 105
Editor's Notes
phishing |ˈfi sh i ng |nounthe activity of defrauding an online account holder of financial information by posing as a legitimate company