Add to collection(s) Add to saved
  1. Science
  2. Health Science

itsecurity - UCSF School of Nursing

advertisement 
IT Security is Everyone’s
Responsibility
Presented by
Hooman Moayyed
hooman@ucsf.edu
IT Security Awareness Program Manager
Why is IT Security Everyone’s
Responsibility?
•
Technology isn’t enough
You are the best defense against breaches.
•
Regulatory
HIPAA
• Fines to the University and you.
• Fine ceilings have recently been raised.
•
Ethical
Patient’s deserve privacy.
•
Press
We do not want to put the University in a negative spotlight.
HIPAA
• Can fines to the University and you.
• Fine ceilings have recently been raised.
•
Financial loss
Average breach costs $2,000,000 to handle.
2
Leon Rodriguez,
HIPAA’s new
enforcement officer
Patient Privacy
• PHI – Protected Health Information
Patient health status, provision of health care or
payment for health care that can be linked to a
specific individual.
• PII – Personally Identifiable Information
Names, social security numbers, addresses,
phone numbers, MRNs, email addresses
For more details see Wikipedia
3
Top Issues On Campus
1.
2.
3.
4.
5.
Phishing
Theft & Loss
Malware
Insider Misconduct
Illegal File Sharing
4
Phishing
• Definition:
The act of sending
deceptive emails in order
to steal your personal
information.
• Emails are designed
to evoke an
emotional response.
5
Phishing Example
• Phishers pose as
official organizations.
• Stop, think, connect.
Delete email when in
doubt or forward to
security@ucsf.edu
6
Theft & Loss
•
#1 cause of breaches
Passwords are not a deterrent
•
Devices affected
Laptops
•
•
•
•
Public places
Cars
Hotel rooms
Unlocked rooms
Mobile devices, tablets and portable devices
•
•
•
•
•
Cars
Pickpocketing
Purse snatching
Grab & run
What do to if it happens to you
1.
2.
3.
Immediate call the UCSF police department
Contact the help desk
Send us an email
7
Malware
Types
Viruses
Spyware
Adware
Causes
File sharing programs
Illegally downloaded files
Opening email
attachments
Visiting questionable
websites
8
Insider Misconduct
• Unauthorized queries
UCLA
• Sharing of PHI
• Improper disposal
Free disposal service
available
9
Illegal File Sharing
•
How it’s done
File sharing programs
• Bitorrent
• Limewire
Pirate websites
Emailing
•
Consequences
•
•
•
•
•
•
•
Puts you and UCSF systems at
risk
Malware
May compromise your machine
Can attack other UCSF
systems
Fines
Lawsuits
Jail time
10
Maintaining IT Security
1.
2.
3.
4.
5.
6.
Prevent theft & loss
Encryption
Antivirus
Proper password use
General good practice
Be Aware
11
Prevent Theft & Loss
•
•
•
•
Never leave devices
in your car. Take
them with you.
Be aware of your
surroundings
Use cable locks.
Immediately report
any theft or loss to
the UCSF PD and
the IT help desk.
12
Encryption
•
Install our free software: PGP
1.
2.
3.
•
Install PGP on
1.
2.
3.
•
Scrambles data on your
machine
Adds a layer of protection in
the event of a theft or loss of
device
Requires external backup
drive or backup solution such
as CrashPlan
Computers
External drives
Flash drives
Setup UCSF email on mobile
devices
Enables remote wipe & pin lock
•
Use secure flash drives
13
Antivirus
•
Free antivirus software
UCSF Symantec Endpoint
Protection
•
•
No system is perfect
Be wary of file attachments
such as
1.
2.
3.
4.
•
•
•
.exe
.bat
.com
.zip
Don’t install file sharing
programs
Don’t illegally download files
Don’t visit questionable
websites
14
Proper Password Use
•
Use passphrases
Minimum length is 7 characters
•
Use strong passwords
Substitute at least 1 letter with
numbers or symbols
Use upper and lower case letters
•
•
•
•
Never use your UCSF
password on other websites
Never give out your password
to anyone including UCSF
staff.
Never write down your
password
Never use dictionary words
For more details see Unified UCSF
Enterprise Password Standard
15
General Good Practice
•
•
•
•
•
•
Install SEP antivirus
software.
Use encryption.
Properly use passwords.
Never illegally share
files.
Don’t react to an email
as it could be a phishing
scam. Stop, think,
connect.
Properly dispose of old
hardware and
documents.
16
Be Aware
Security Awareness Site
http://awareness.ucsf.edu
Everyone wins a prize
Monthly grand prize
drawing
Formal Security
Awareness Training
UC Learning Center
Everyone who passes
earns a badge holder
lanyard
Monthly $50 gift card
drawing
17
Resources
IT Help Desk
Request services at http://help.ucsf.edu or call 415514-4100
IT Security Site
Your total IT security information resource
http://security.ucsf.edu
Email: security@ucsf.edu
UCSF Police Department
From campus phones 9+911
All other phones 415-476-6911
18
Questions?
19
Related documents
2013-08-26-UCSF2.0
2013-08-26-UCSF2.0
The Cost Effectiveness and Efficiency of Using a CaseView
The Cost Effectiveness and Efficiency of Using a CaseView
i2b2 grid interoperability with Health Ontology Mapper
i2b2 grid interoperability with Health Ontology Mapper
UCSF OIF Project Summary Form
UCSF OIF Project Summary Form
Next Gen Communication Sharecase
Next Gen Communication Sharecase
The Future of Nursing: IOM`s Call to Action
The Future of Nursing: IOM`s Call to Action
UCSF IT Consolidation Overview
UCSF IT Consolidation Overview
Previous Cancer Center SRA is looking for Bay Area positions this
Previous Cancer Center SRA is looking for Bay Area positions this
Functional IT Organization
Functional IT Organization
UCSF_Travel_Overview - UCSF Controller`s Office
UCSF_Travel_Overview - UCSF Controller`s Office
UCSF EDW - Sharecase 2013
UCSF EDW - Sharecase 2013
Drupal-Sharecase
Drupal-Sharecase
Santa Rosa Community Health Center Pediatric Resource List:
Santa Rosa Community Health Center Pediatric Resource List:
Lab Safety Orientation:
Lab Safety Orientation:
Listeria - UCSF Occupational Health Program
Listeria - UCSF Occupational Health Program
What is still lacking in refractive surgery is the role of neuroprocessing
What is still lacking in refractive surgery is the role of neuroprocessing
Tetrodotoxin - UCSF Occupational Health Program
Tetrodotoxin - UCSF Occupational Health Program
+ Evolutionary game theory for biologists
+ Evolutionary game theory for biologists
Download
advertisement