Information Security Its your responsibility to protect our
Information Security It’s your responsibility to protect our Network
Employee and Visitor Access • • • Wear your employee badge at all times Do not permit entry to someone without an employee badge or escort Challenge strangers without an access badge or escort Protect your employee badge and never loan it to anyone Report unusual activity to your supervisor
Workspace Protection • • • Lock your computer before you step away (CLRL+ALT+DEL) or remove your PIV card Secure your computer with a password Protected Screensaver (10 Min time out) Restrict visitor’s view of information on your desk and computer monitor Protect Removable Media and portable resources (Blackberries, USB Flash Drives) Log Off or Restart your computer at the end of the day
Password Protection Ensure your password … • • Is a minimum of 8 characters Contains at least one uppercase, one lowercase, one number, and one special character P@s$w 0 rd No sequentially repeated characters Is not a dictionary word Is not a term associated with you (nickname, user ID) Is not written down Is changed at least every 60 days Is never shared
Social Engineering • • • DO NOT give out your username and password Dispose of sensitive information properly (Shred your paper document waste) Do not give out personal information over the telephone, email, or internet to personal claiming to be administrators' or network tester’s
Email Usage • • • Do not open unknown emails and attachments Use discretion when sending emails as they are considered official departmental documents Do not send email messages/attachments that are obscene, pornographic, harassing, and/or threatening Do Not circulate virus warnings not issued by your ISSO (hoax) Report SPAM to your ISSO (Do Not Forward) Do not expect privacy
Internet Usage • • Ensure your usage of the internet does not harm IHS and does not conflict with laws, regulations, and policies Do not use internet games and chat rooms Do not participate in internet gambling Do not use peer to peer internet file sharing (downloading MP 3’s)
Resource Usage • • • Do not use another person’s account or identity (log on, email) Do not access or attempt to break into another computer (hacking) Do not introduce malicious code (Virus, worm, Trojan) Do not send, retrieve, view, display, or print offensive/obscene material Do not use government owned computers, printers, copiers, ect. for private business, clubs, affiliates
Information and data protection • • • Ensure printed material is appropriately stored when not in use Ensure sensitive data is handled properly Do not discuss sensitive material in public places Dispose of documents properly (shredding) Dispose of media properly (USB flash drives, CDROMS)
Hardware and Software Usage • • Protect Handheld devices (Blackberries, Cell Phones, Laptops) Do not leave unattended, secure the devices when not in use Do not copy software Do not connect un-authorized hardware to the network Report lost or stolen equipment immediately
Incident response If You Think Your Systems Is Infected with a Virus: • • STOP- do NOT turn off your computer or answer any prompts Take notes- include what happened, the program used, file name, symptoms, and messages or warnings received Get Help, contact your ISSO and/or Help Desk Be Patient do not try to fix the problem yourself
Quiz? n What would you do?
![n From: Yuan Weixing [mailto: WXYUAN@ntu. edu. sg] Sent: Friday, August 26, 2011 7:](http://slidetodoc.com/presentation_image_h2/6f5f6cbc8980ceafd088bc73bc19e5b5/image-13.jpg "n From: Yuan Weixing [mailto: WXYUAN@ntu. edu. sg] Sent: Friday, August 26, 2011 7:")
n From: Yuan Weixing [mailto: WXYUAN@ntu. edu. sg] Sent: Friday, August 26, 2011 7: 48 AM To: upgrade@webmaster. org Subject: Mail Box Quota Exceeded n n Your web mail quota has exceeded the set quota which is 3 GB. you are currently running on 3. 9 GB. To re-activate and increase your web mail quota please click the link below. https: //docs. google. com/spreadsheet/viewform? formkey=d. EVn. VHVv. Qm. Fq YWJCV 3 BITWto. NENEMUE 6 MQ. . Failure to do so may result in the cancellation of your web mail account. Thanks, and sorry for the inconvenience Local-host.
![n From: Steele, Juanita [mailto: steele@rowan. edu] Sent: Wednesday, February 08, 2012 12: 24](http://slidetodoc.com/presentation_image_h2/6f5f6cbc8980ceafd088bc73bc19e5b5/image-14.jpg "n From: Steele, Juanita [mailto: steele@rowan. edu] Sent: Wednesday, February 08, 2012 12: 24")
n From: Steele, Juanita [mailto: steele@rowan. edu] Sent: Wednesday, February 08, 2012 12: 24 PM Subject: Webmail Quota Warnning!!! n n Your Web Mailbox size is 164899 KB. This warning is automatically sent when your mailbox is over Quota 160000 KB Account Would be disabled only if you do not upgrade your account within 48 hours of receiving this warning. For upgrade CLICK HERE: n n Thank you. Help Desk (@)2012. All Rights Reserved
Information Systems Security Awareness Training • • • This training is mandatory and must be completed at the time network access is granted and then on an annual basis thereafter. Ensure you log on to www. ihs. gov/issa and complete the Information Systems Security Awareness Training Failure to comply will result in a loss of computer network access
Telephone Usage
Information Systems Security Officer (ISSO) • • • ISSO: email Alfred. Pablo@ihs. gov Tel (520) 295 -2522 Help. Desk: email 'Help. Desk' Help. Desk@tonationnsn. gov Tel (520) 295 -2500 Questions?
- Slides: 17