Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame –...
Transcript of Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame –...
![Page 1: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/1.jpg)
Management and Storage of Sensitive Information
UH Information Security Team (InfoSec)
![Page 2: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/2.jpg)
Who Are We?
• UH Information Security Team
– Jodi Ito - Information Security Officer
– Deanna Pasternak & Taylor Summers Information Security Specialists
2
![Page 3: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/3.jpg)
What Do We Do?
• Support the system-wide information security program– Provide oversight of IT security issues and concerns– Ensure compliance with policies– Perform security audits and risk assessments– Initiate and monitor the protection of sensitive
information– Review and revise Security Policies– Implement mandatory Information Security Training– Support the automatic monitoring of network and
technology resources
3
![Page 4: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/4.jpg)
National Cyber Security Awareness Month (NCSAM) History
• Started in 2004
• Sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the National Cyber Security Alliance (NCSA)
4
![Page 5: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/5.jpg)
Cyber Security Awareness Month
• The National Cyber Security Alliance (NCSA) Initiated Cyber Security Month To:– Raise awareness about cyber security
and online safety precautions– Protect our national digital
infrastructure– Help prevent fraud and identity theft
5
![Page 6: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/6.jpg)
Examples of Cyber Attacks
• Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran. Has the ability to steal audio, screen capture, transmit visual data, data behind input boxes (passwords), scan local Bluetooth devices.
• Stuxnet – A computer worm that destroyed centrifuges at the heart of Iran’s nuclear program.
• Slammer/Sapphire – Worm infected 200,000+ Microsoft SQL servers world wide with a denial of service attack. Infecting 75,000 in the first 10 minutes. Disrupting Internet services and some business processes. January 24, 2003
6
![Page 7: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/7.jpg)
Yet Another Variant
7http://mashable.com/2012/08/09/gauss-virus/
![Page 8: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/8.jpg)
STOP | THINK | CONNECT
8
![Page 9: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/9.jpg)
Be Cyber Smart
• In conjunction with the STOP.THINK.CONNECT campaign
• InfoSec brings you
R U Cyber S.M.A.R.T.
9
![Page 10: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/10.jpg)
UH Awareness Campaign for Cyber Security Month
• What’s in it for the UH community?– Prevent future breaches– Safeguard sensitive information– Educate the UH community on safe
personal computing practices
Be Cyber S.M.A.R.T
10
![Page 11: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/11.jpg)
R U - S.M.A.R.T.
• Identified five topics for the five weeks in October– Secure Information Destruction– Management and Storage of Sensitive
Information – Avoid Identity Theft– Responsible Computing Practices– Think Before You Click
11
![Page 12: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/12.jpg)
What Will We Cover?• Laws related to sensitive information
• Storage of sensitive information– Where to keep it– Where not to keep it
• Management of sensitive information– How to safely transfer to others– Encryption– Sensitive information best practices– Posting sensitive information online
12
![Page 13: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/13.jpg)
Secure Information Destruction Review
• Keep paper locked up until you shred it
• Shred sensitive information on paper, DVD’s
• Physically destroy media• Securely delete both internal and
external hard drivesSlides available at http://www.hawaii.edu/infosec/ncsam.html. Rebroadcastavailable soon
13
![Page 14: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/14.jpg)
Document Retention
• University of Hawai‘i – A8.450 Records Management Policy
• www.hawaii.edu/svpa/apm/recmgmt/a8450.pdf
One Objective: To eliminate the maintenance of unnecessary copies of records
• Personal records retention• www.shredit.com
14
![Page 15: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/15.jpg)
UH is sponsoring another eWaste Disposal Days in October
Check the website for days and times
15
![Page 16: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/16.jpg)
What is Sensitive Information?
• Information is considered sensitive if it can be used to cause an adverse effect on the organization or individual if disclosed to unauthorized individuals
• Some examples are:– Social Security Numbers, Student records, Health information, Drivers
license numbers, credit card numbers, dates of birth, job applicant records, etc.
• State, Federal and Regulatory requirements provide standards for protecting sensitive information
• UH Policy E2.214 has a detailed description of Sensitive information http://www.hawaii.edu/apis/ep/e2/e2214.pdf
16
![Page 17: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/17.jpg)
Know What to Protect
• A partial list of data considered sensitive as outlined in UH Policy E2.214
• Student records (FERPA)• Health information (HIPAA)• Personal financial information • Social Security Numbers• Dates of birth• Access codes, passwords and PINs • Answers to "security questions" • Confidential salary information
17
![Page 18: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/18.jpg)
Many Laws - Similar Requirements
FERPA, HIPAA, PCI-DSS, HRS-487, ITAR
Protect the Confidentiality, Integrity, and Availability of Sensitive Information
•Safeguards include– Access controls to limit access to persons with a need
to know– Encrypt data at rest & in transit– Auditing/Logging access & modifications– Develop Policies and Procedures – Conduct Training
•ITAR restrictions on the export of research data 18
![Page 19: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/19.jpg)
19
![Page 20: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/20.jpg)
Where is Data Stored?
20
![Page 21: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/21.jpg)
Protect Sensitive Information
• The best way is to:– Be aware– Know what to protect– Know how to protect it– Know how it is being used
21
![Page 22: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/22.jpg)
Be Aware
• Know where your information is stored
• Know what others are using your information for – privacy rights
• Know the laws protecting information
22
![Page 23: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/23.jpg)
Your Privacy Rights
• There are several Federal and State laws that require businesses to provide their clients with an annual notice on what personal information is collected and how it is used
• Notices are also posted on websites and require you to acknowledge you agree before you are given access to their product
23
![Page 24: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/24.jpg)
Read the Privacy Statement
24
![Page 25: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/25.jpg)
The Allegations Against Google Are:
• Those litigants claim Google violated its previous policies that promised information provided by a user for one service would not be used by another service without the consumer's consent.
• The company is accused not only of combining the information but also of not providing an easy and efficient way for consumers to opt out.
• It allegedly violated the American Federal Wiretap Act (for willfully intercepting communications and aggregating personal information for financial benefit), breached the Stored Electronic Communications Act (for the way it accessed consumer communications stored on its systems), violated the Computer Fraud Abuse Act, and transgressed other statutes and state laws.
• http://www.vancouversun.com/technology/Google+legal+troubles+underscore+vulnerability+privacy+rights/7348685/story.html#ixzz28epyJdFT
25
![Page 26: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/26.jpg)
Read Before You Click
Before you click Accept Terms of Agreement•Read what you are agreeing to•They may be sharing your information
26http://news.cnet.com/8301-1023_3-57524073-93/facebook-wants-like-button-to-be-exempt-from-child-privacy-laws/
![Page 27: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/27.jpg)
How to Protect Information
• Know where it is stored• Safeguard it with physical security• Encrypt it• Use programs to store passwords
securely• Use password protection• Redact it• Delete it – securely wipe it
27
![Page 28: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/28.jpg)
Scan Your Computer• Identity Finder – Windows and Macs
– Download at www.hawaii.edu/software– How to use: www.hawaii.edu/askus/1297
• Find SSN – Linux, Solaris and Legacy OS– www.hawaii.edu/askus/1323
• Scan for vulnerabilities– Scan a single machine:
http://openvas.hawaii.edu/cgi-bin/myopenvas– Batch scan:
http://openvas.hawaii.edu/batchopenvas/index.php
28
![Page 29: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/29.jpg)
Register Any Servers Containing Sensitive Information
• All public file, web, and ftp servers must be registered & scanned for sensitive, personal information and vulnerabilities.– http://www.hawaii.edu/its/server/registration/
• The UH Personal Information System survey is designed to identify ALL personal information systems in the University of Hawaii as required by Hawaii State Law.– http://www.hawaii.edu/its/information/survey/
29
![Page 30: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/30.jpg)
What Does An Encrypted File Look Like?
30
![Page 31: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/31.jpg)
Encryption
• Encrypting a Windows file, folder, and entire disk– http://www.hawaii.edu/askus/1285
• Encrypted disk images and full disk encryption for a Mac– http://www.hawaii.edu/askus/676
31
![Page 32: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/32.jpg)
DO NOT LOSE YOUR ENCRYPTION KEY
• When using encryption be careful to safeguard your encryption key. If lost ITS may not even be able to help you recover your data.
32
![Page 33: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/33.jpg)
Ways To Securely Transfer Sensitive Information
33
![Page 34: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/34.jpg)
Secure File Transfer
• www.hawaii.edu/filedrop– Secure file transfer up to 800MB– Can share with people not part of UH
community– Secure URL is available for five days
• Security ends at transmission, you will still need to secure information on your computer.
34
![Page 35: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/35.jpg)
Secure Shell (SSH)
• What is SSH?– Secure channel that encrypts
information such as passwords over the internet
• Do not use telnet– Passwords are sent in the clear making
them vulnerable to cyber crime
35
![Page 36: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/36.jpg)
Secure Socket Layer (SSL)
• What is SSL?– A protocol that establishes an
encrypted link between a web server and a browser ensuring all data passed between the web server and browsers remain private
• In other words:– “keeps your data safe”
36
![Page 37: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/37.jpg)
How do I Know the Link is Secure?
Why is it important?•The S or the padlock means:
– That you have a secure (encrypted) link with this web site – That this web site is a valid and legitimate organization or an
accountable legal entity
Look for the httpS:// (the S means it is encrypted)
And/Or a padlock
37
![Page 38: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/38.jpg)
Do Not Use The Following To Transfer Sensitive Information
• Unencrypted Email• Third party cloud applications such as
Dropbox• Google Drive• Unsecured USB drives or other
external devices
38
![Page 39: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/39.jpg)
Where Should Sensitive Info Be Stored?
• Encrypted folders, partitions, or drives
• Secured servers• Encrypted external drives• Secure applications• Locked file cabinets
39
![Page 40: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/40.jpg)
Where Not To Store Sensitive Information
• Your email• Unsecured paper files• Your hard drive unencrypted• Social networking sites
40
![Page 41: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/41.jpg)
Know How it is Being Used
• Who has your information and how are they using it?– The Bank– Credit Card Companies– The University– Social Media– Health Care– Malicious Information Gathering
41
![Page 42: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/42.jpg)
PenaltyMinimum 10 years in jail, $250,000 fine or BOTH
42
![Page 43: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/43.jpg)
35,000 e-mail addresses, thousands of user names, and
other information compromised.
http://www.vancouversun.com/technology/Googles+legal+troubles+underscore+vulnerability+privacy+rights/7348685/story.html43
![Page 44: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/44.jpg)
So What?
• Following policies and laws to protect sensitive information will not only protect the consumer, but it protects you from possible disciplinary action as stated in the University of Hawai‘i General Confidentiality Notice UH Form 92
44
![Page 45: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/45.jpg)
Securing Your Password
• Password keepers– http://keepass.info/
• Do not store on your monitor or under keyboard• Use something easy to remember but hard to
guess• Follow password generation guidelines
– CAPITALS– lowercase– Numb3r5– $ymbols
45
![Page 46: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/46.jpg)
46
![Page 47: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/47.jpg)
The Cloud
• The Cloud is not secure• Do not store information in the
cloud unless it is encrypted
47
![Page 48: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/48.jpg)
Keep Sensitive Information Secure From Social Engineers
• Verify callers
• Do not respond to email scams, phishing, or suspicious phone calls requesting confidential UH information or your own personal information.– Remember ITS will NEVER ask for your
password over email.
48
![Page 49: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/49.jpg)
Don’t Fall For This
More on Phishing on Week 5 49
![Page 50: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/50.jpg)
50
![Page 51: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/51.jpg)
Back-Up?
• Regularly backing up your data is critical in case of a computer problem
BUT– Store your backup in a safe place– Preferably in a different location than the
host data– And secure it - lock it up, encrypt it– Regularly verify the backup can be restored
51
![Page 52: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/52.jpg)
52
![Page 53: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/53.jpg)
Key Points to Remember
• Handle sensitive information responsibly
• Protect sensitive information in paper form, electronic data at rest and in transit
• Follow policy – if in doubt ask• Bad things can happen if you do not
Think Before You Click
53
![Page 54: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/54.jpg)
How Do I Get iTunes?• To be eligible for the weekly $15 iTunes cards drawing you must:
– Attend or watch a rebroadcast of this presentation– Have a Facebook Account– Like our page at www.facebook.com/uhinfosec– Answer the Security Question of the Week for October correctly (will be
posted after this session ends)– You will then be added to the drawing for an iTunes card
• I will contact you directly if you are the winner for delivery
• To be entered to win the $25 gift card at the end of October, you must sign up for a session at www.hawaii.edu/training
(no Facebook account required)
54
![Page 55: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/55.jpg)
More PrizesRegister or sign in on-line (www.hawaii.edu/training)
to be eligible for a drawing each week for a UH Manoa Bookstore donated prize. Prizes will be mailed to outer island winners.
55
![Page 56: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/56.jpg)
For More Information
• Visit the Cyber Security Month (NSCAM) website
– Link to all presentations (posted soon)– Link to FTC materials– Posters– Cyber security brochure– Think. Stop. Connect. brochures
56
![Page 57: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/57.jpg)
http://www.hawaii.edu/infosec/ncsam.html
57
![Page 58: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/58.jpg)
http://www.hawaii.edu/infosec
58
![Page 59: Management and Storage of Sensitive Information …...Examples of Cyber Attacks • Flame – Kaspersky dubbed it the most powerful computer virus in history. Primary target was Iran.](https://reader033.fdocuments.us/reader033/viewer/2022042121/5e9af7a2a7454c1bbf2ab3c7/html5/thumbnails/59.jpg)
Email us at: [email protected]
Visit us at: www.hawaii.edu/infosec
Like us on Facebook: www.facebook.com/uhinfosec
Follow us on Twitter:www.twitter.com/ITSecurityUH
59