Too often faculty and staff fail to realize how important individual actions are to the security of computing systems. What each person does (or doesn't do) makes a significant difference with regards to both their individual privacy and the greater security of the institution.
To reinforce the idea that everyone must work together to ensure a secure computing environment, an Information Security Day was held within our College. This session will relate the concept behind the day and how it was held.
Information security and security awareness topics were discussed via short, "bite-sized" Adobe Connect sessions and included:
• Dangers of Social Networking
• Computer Best Practices to Prevent Malware
• How to Respond to an ‘Antivirus’ Pop-Up Ad
• Better Passwords and Pass Phrases
• Protecting Your Data
There's a positive side to each of these negative principles: Design security controls that account for human behavior. Study cognitive science and practical psychology to support your decisions. This is also critical for gaining support for security initiatives, not just design of individual controls. Engage in intelligence and counter-threat operations to the best of your ability. Once an attack has started, your first line of security has already failed. Use checklists to remember the simple stuff, but any real security must be designed using a risk-based approach. As a corollary, you can't implement risk-based security if you don't really understand the risks; and most people don't understand the risks. Be the expert. Adopt anti-exploitation wherever possible. Vulnerability-driven security is always behind the threat. React faster and better . Incident response is more important than any other single security control.
Usually admin and admin
A USB drive belonging to the Army was found for sale at a bazaar just outside of Afghanistan. According to an email from Lt. Col. Thomas Collins, the Army does not know how the flash drive was lost in the first place. 120,000 patients of Wilcox Memorial Hospital in Lihue, Hawaii are still looking for a USB drive containing sensitive information such as their names, addresses, Social Security numbers and medical record numbers. Since its disappearance, the use of USB drives has been banned in the hospital. 6,500 former and current students at the University of Kentucky are waiting for a professor’s USB drive, which contained Social Security numbers and grades, to be recovered. The university is reportedly "reevaluating" the use of these drives.
Encryption software when properly installed, configured and used can help protect sensitive information at rest and greatly limit the number of reportable data breaches requiring victim notification. Once encrypted with a strong passphrase, if your computer does get stolen, the thieves can access only the meaningless encrypted data, and not your sensitive files.