information security training for users with elevated privileges to university systems
DESCRIPTION
Information Security Training for Users with Elevated Privileges to University Systems . Brought to you by: University Information Security Office. The Need For Training……. Statistics show many breaches are caused by insiders: Intentional Disgruntled Inquisitive Unintentional - PowerPoint PPT PresentationTRANSCRIPT
INFORMATION SECURITY TRAINING
FOR USERS WITH ELEVATED PRIVILEGES
TO UNIVERSITY SYSTEMS
Brought to you by:University Information Security Office
THE NEED FOR TRAINING…….
Statistics show many breaches are caused by insiders: Intentional
Disgruntled Inquisitive
Unintentional Action
Sharing your NetID password Inaction
Not locking your workstation when away
2
IS IT EVER OKAY TO SHARE YOUR NETID PASSWORD?
New employee with no access yet? Student worker to help you with data
entry during crunch period? With your supervisor? With a co-worker that needs to access
something you normally do, but you’re out on medical leave?
WATCH THE FOLLOWING VIDEO. . . . http://security.arizona.edu/sites/default/
files/UA_Password_Video_Final_1.flv
IT’S NEVER OKAY TO SHARE YOUR NETID PASSWORD
Passwords authenticate a person’s identity
Your roles and permissions can now be accessed by someone else Anyone authenticating as you = access to
anything your access allows (including your personal information)
YOU are responsible for activity (legitimate or illegitimate) occurring while logged into your account!
A SHARED PASSWORD CAN BE MISUSED!
Can be misused by students workers, co-workers, consultants, vendors, or ANYONE
How well do you REALLY know them? Curiosity + Opportunity can lead to
misuse and compromise“What can I access?”“This could solve all my problems!”
MORE ON THE WHY. . . .
NetID Password sharing
Curiosity
Opportunity
Motive or circumstances
Unintended consequences
Stress?
Right and wrong?
Justifying
actions?
personal. .
. . financia
l. .
. .
THE OPPORTUNITY TO COMPROMISE. . . .
Integrity - Add, Update or Delete Records Change grades Admit or deny admittance for someone Enter a degree exception requirement Change Enrollment Deposit Status Update Lawful Presence Status
Confidentiality and Integrity – View or update Social Security Numbers Direct deposit information Tax information Benefits information
ADDITIONAL NETID PASSWORD SECURITY DO NOT
Use your NetID password for any other account
Store online (unless encrypted) Password Manager Programs
KeePass and Password Safe (Windows) Password Gorilla (Macs)http://www.security.arizona.edu/topten3
If you must write it down Store securely - Locked file cabinet
Not filed under “P” for passwords
LOCK COMPUTER WHEN AWAY FROM DESKInaction = Not locking your computerHow long might you be gone? Did you leave access to:
An application with sensitive data? Could someone install a keylogger?
Windows: Windows + L Or Ctrl-Alt-Delete and select “lock this computer”
Macs: Shift ( ) + Command ( ) + Q⇧ ⌘
CONSEQUENCES
Financial and/or reputational loss Employee may be held responsible for
any action or inaction that led to the incident Disciplinary action up to and including
termination Arizona’s Breach Notification Statute (44-
7501) = if the compromise involves SSNsCould have significant financial and
reputational impact
END OF AWARENESS MODULE
https://request.uaccess.arizona.edu/privilegeduseragreement/
Please follow the link below to sign the privileged user agreement.