17 nov 19
play

17Nov19 Information Security Essentials Recognizing Threats in Your - PDF document

Oct 22, 2022 •332 likes •406 views

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

  1. 17‐Nov‐19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction What you will learn? 2 Introduction What you will learn? What to Expect?  You’ll visit multiple locations and view scenarios that are commonly experienced by employees  You’ll learn best practices that will help you maintain the security of information, devices, networks, and workplace areas 3 1

  2. 17‐Nov‐19 Definition of Information Security  Information security is the protection of information and systems from unauthorised access, disclosure, modification, destruction or disruption.  The three objectives of information security are:  Confidentiality  Integrity  Availability 4 Definition of Information Security Confidentiality  Confidentiality refers to the protection of information from unauthorised access or disclosure. Ensuring confidentiality is ensuring that those who are authorized to access information are able to do so and those who are not authorized are prevented from doing so. 5 Definition of Information Security Integrity  Integrity refers to the protection of information from unauthorized modification or destruction. Ensuring integrity is ensuring that information and information systems are accurate, complete and uncorrupted 6 2

  3. 17‐Nov‐19 Definition of Information Security Availability Availability refers to the protection of information and information systems from unauthorised disruption. Ensuring availability is ensuring timely and reliable access to and use of information and information systems. 7 Information Security Policy  Our practice has adopted an Information Security Policy as a measure to protect the confidentiality, integrity and availability of personal information data as well as any information systems that store, process or transmit personal information.  Personal information includes all information that can identify an individual, for example, patient information, employee information, etc.  Information system is defined as any electronic system that stores, processes or transmits information, for example your computer workstation, facsimile machine, portable hard drives, usb sticks, etc. 8 Information Security Policy Policies  Throughout its lifecycle, all peronal informationshall be protected in a manner that is considered reasonable and appropriate given the level of sensitivity, value and criticality that the personal information has to the practice.  Any Information System that stores, processes or transmits personal information shall be secured in a manner that is considered reasonable and appropriate given the level of sensitivity value and criticality that the personal information has to the practice.  All individuals who are authorised to access personal information shall adhere to the appropriate Roles and Responsibilities 9 3

  4. 17‐Nov‐19 Your Role in Information Security  Three primary roles have been defined in the context of information security:  Responsible person  Operator  User  A User is any employee, contractor or third-party affiliate of our practice who is authorised to access personal information or information systems.  Users are responsible for:  Adhering to information security policies, guidelines and procedures.  Reporting suspected vulnerabilities, breaches and/or misuse of personal information to a manager, IT support staff or the Information Officer. 10 Your Role in Information Security Users  Safeguard all personal information  Safeguard electronic communications  Avoid risky behavior online  Report suspected security breaches 11 Your Role in Information Security Safeguarding Personal Information Know Your Information Be mindful of what type of information you handle:  Public  Private  Restricted Examples of Restricted information include account passwords, medical records, financial account information. 12 4

  5. 17‐Nov‐19 Your Role in Information Security Safeguarding Personal Information: Protecting Electronic Information  Avoid storing Restricted information on mobile computing devices  Don't store practice information on personally owned computing devices  Don't store Restricted information on CDs, DVDs, USB thumb drives, etc.  Don't transmit Restricted information via email and other insecure messaging solutions without the consent of the patient  Don't use personal email for business communications  Use strong passwords or passphrases  Secure your computing devices 13 Your Role in Information Security Safeguarding Personal Information: Safeguard Your Password  Use a strong password or passphrase  Change your password periodically  Avoid using the same password for multiple accounts  Don’t write your password down or store it in an insecure manner  Don’t share your password with anyone for any reason  Never let anyone use your password to log into a system  Never share your passwords with co-workers while on vacation  Don’t use automatic login functionality 14 Your Role in Information Security Safeguarding Personal Information: Secure Your Computer  Do not automatically connect to public wireless networks  Disconnect your computer from the wireless network when it is not in use  Use caution when enabling browser pop-ups  Use caution when downloading and installing software  Lock your computer when it is unattended 15 5

  6. 17‐Nov‐19 Your Role in Information Security Safeguarding Personal Information: Protecting Physical Data  Close and lock your door when leaving your office unattended  Lock file cabinets that store personal information  Don't leave Restricted information in plain view at your desk or on a whiteboard  Don't leave Restricted information sitting on a printer, copier, fax machine or other peripheral device 16 Your Role in Information Security Safeguarding Personal Information: Protecting Verbal Communication  Be mindful of your surroundings when discussing Restricted information  Don't discuss Restricted information with individuals who do not have a need to know 17 Your Role in Information Security Safeguarding Personal Information: Disposing of Data  Dispose of information when it is no longer needed for business purposes  Use the Computer Recycling Program to dispose of electronic media  Use a cross shredder to dispose of paper-based and written media 18 6

  7. 17‐Nov‐19 Your Role in Information Security Safeguarding Electronic Communications Electronic communications can be in the form of email, instant messaging, text messaging, social network, etc.  Avoid opening attachments from an untrusted source  Avoid clicking on links in electronic communications from an untrusted source  Be wary of phishing scams  Avoid sending Restricted information through email and other electronic communications 19 Your Role in Information Security Avoid Risky Behavior Online  Be cautious when using file sharing applications  Be cautious when browsing the web  Be cautious when clicking on shortened URLs  Avoid responding to questions or clicking on links in pop-up windows 20 Your Role in Information Security Remember:  Information security is the responsibility of everyone in our practice.  Good security begins with you! 21 7

Recommend

More recommend