welcome to new hire orientation information security
DESCRIPTION
Welcome to New Hire Orientation Information Security. Information Security Awareness Training. UMMS Information Security CWM Office of Compliance & Review. What is Information Security?. Info Sec is the protection of data in all forms. Electronic files Static files - PowerPoint PPT PresentationTRANSCRIPT
Welcome to New Hire Orientation
Information Security
Confidential
Information Services
UMMS Information SecurityCWM Office of Compliance &
Review
Information Security Awareness Training
Confidential
Information Services
What is Information Security?Info Sec is the protection of data in all forms• Electronic files • Static files • Database files
• Paper documents • Printed materials • Hand written notes • Photographs
• Recordings • Video recordings • Audio recordings
• Conversations • Telephone• Cell phone• Face to face
• Messages • Email• Fax• Video• Instant messages• Paper messages
Confidential
Information Services
Why is this Important?• A data breach could result in:
– Requirement to report the loss• HIPAA, FERPA, MGL c.93H, PCI, SOX, others
– Civil and criminal penalties– Damage to organizational reputation– Loss of revenue– Individual accountability
Confidential
Information Services
Isn’t this just a technical problem?• Technology defenses comprise roughly
15% of our controls• Technical controls often cannot
compensate for user’s behavior• Cyber-criminals focus on users as a weak
link in security• Having a security-aware workforce is a
requirement in today’s threat landscape
Confidential
Information Services
What are the risks?Evolving “Threat Landscape”• Older attacks targeted infrastructure• Modern attacks target users
Nature of threat landscape• Over 90% of Cyber thieves are affiliated with organized
crime• Their sophistication rivals those of commercial software
vendorsMethods of infection• Cyber thieves attack high-volume web sites• Computers that visit the site become infected• Email-borne ‘malware’• Infected machine “phones home” to say I’m infected • Use the infected computer to strengthen their hold on the
organizationAmateurs target systems,
Professionals target users --Kevin Mitnick
Confidential
Information Services
What can I do?
• Become aware of cyber threats• Understand that YOU are often the front
line of defense against cyber threats• Understand data sensitivity and how to
manage data appropriately• Safeguard information that is entrusted to
you• Report suspected InfoSec incidents
Confidential
Information Services
Security Resources
• On-line security awareness course:http://onlinetraining.umassmed.edu/infosecreg/event/event_info.html
• UMMS IS Help Desk 508-856-8643
• CWM Office of Compliance and Review 508-856-6547