Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Information Security Awareness Training 2013 Abridged

advertisement 
Information Security Awareness Training 2013
Abridged version for employees who don’t regularly use computer systems and
who don’t regularly access University data.
Everyone’s Responsibility. Throughout the University of Maine System, we handle a great deal of information
that requires protection. Students and others entrust the University with their information and it is our
commitment to them that we protect that information against unauthorized access, use, disclosure, and
distribution.
What type of information needs protection? Compliant Data, which includes personally identifiable
information and confidential research information, requires protection under law. Such information includes
financial records, bank account numbers, health records, driver’s license numbers, student educational
records, and any information which could permit a person to attempt to harm or assume the identity of an
individual. Exposure of such information can lead to identity theft and financial loss to those that are
concerned.
Breach Examples. In addition to hacking, breaches can occur from stolen laptops and mishandled paper
documents:
-
In November of 2012, an employee laptop was stolen that belonged to a hospital. The medical records
of 29,000 patients were on the laptop.
-
In January of 2013, 2,600 paper medical appointment records scheduled for shredding went missing.
The records, printed from an electronic database included patient names, dates and times, and the
reason for their visit.
What can you do?
1. Report problems. If you come across misplaced electronic devices or paper documents containing
Compliant Information, take action. Don't share the information, power down the device if applicable
and secure it, to protect it from further loss. Report it to your supervisor to involve campus security
and campus IT so they can report it to the Office of Information Security.
2.
Don’t be fooled by criminal social engineers. A criminal social engineer is an attacker that attempts
to gain access to protected information by tricking or misleading people. Attackers use social
engineering techniques to "con" you into revealing information or letting them into facilities they don’t
belong, as in the case above where someone gained access to documents awaiting to be shredded.
3. Protect your own information. Beware of criminal social engineers. Phishing emails impersonate the
sender of an email and direct you to a seemingly legitimate site that may steal your information.
Likewise, caller ID can be masked to appear as it is coming from someone else. Keep home computer
systems up-to-date with antivirus software. Use passwords that are not easily cracked – at least eight
digits with special characters are recommended.
I understand and will comply with the information contained in this training.
___________________________________________
_________________________________
Signature
Print Name
Related documents
To review and check your knowledge of this material, print
To review and check your knowledge of this material, print
Exam One (Preliminary Exam) Review
Exam One (Preliminary Exam) Review
Legal Rights and Responsibilities
Legal Rights and Responsibilities
Master's Comprehensive Exam Study
Master's Comprehensive Exam Study
CRIMINAL PROCEDURE CODE, Cap. 7
CRIMINAL PROCEDURE CODE, Cap. 7
CRJU1101/04 - Kennesaw State University
CRJU1101/04 - Kennesaw State University
BASIC ENGLISH FOR COMPUTING
BASIC ENGLISH FOR COMPUTING
application for employment
application for employment
HANDOUT 6: Criminal and Civil Law: Review
HANDOUT 6: Criminal and Civil Law: Review
International Criminal Justice Sources
International Criminal Justice Sources
Application Addendum PLEASE READ BEFORE SIGNING If you
Application Addendum PLEASE READ BEFORE SIGNING If you
It - Laptop Computer Assignment Form
It - Laptop Computer Assignment Form
Download
advertisement