Upload
hoangdieu
View
215
Download
2
Embed Size (px)
Citation preview
Information Security
Steven Hall 21st Jan 2009
Today’s Presentation• Why do this now?• What is information?• The effects of lost information• Newcastle University Policies• Techniques to prevent ‘Data Loss’• Q & A
Why do this now!• High Profile Cases from 2007:-• Nationwide Building Society fined £1m following
the theft of a laptop containing details of 11 million customer.
• Halifax apologises after 13,000 mortgage details went missing along with a stolen briefcase.
• Parliament revealed that the personal details of 25 million Britons sent by standard delivery on un-encrypted discs had been "lost in the post".
• Newcastle University: “No reported loss of confidential data”.
YET
Information Policy
• A major loss of confidential information will be very damaging to the University.
• Management wish to avoid this happening.
• New Information Policy approved by Executive Board.
• Formal presentation of an ‘Information Policy’ to be announced shortly.
What is InformationElectronic Data on
computers, disks and tapes
Paper based records, notes, exam papers
and memos
E-mails, passwords, bank details, exam
details
Types: Confidential and Non-Confidential
Confidential InformationAny record which contains personal information about a living individual :•Questionnaire or other data collected under an understanding of confidentiality.•Correspondence or other documents that reveal the contact details or any financial details of a named living individual. •Correspondence or other documents which reveal personal details or pass comments on a named living person.•Staff personnel records•Staff or student discipline or appeal records•Student records•Grant applications•Job applications•Interview notes•Admissions records•Redundancy records•Sick pay records•Maternity pay records•Income tax and National Insurance returns•Wages and salary records•Accident books and records
Non-Confidential Information
•Mission statements•Regulations•Published directories•Internet websites•Published minutes•Published reports•Press releases•Prospectuses•Timetables•Presentation materials•Course guides and outlines•Publicity material•Blank examination papers (post exam)•Theses (accepted)•Data which has been wholly anonymised•Published surveys•Published circulars
Generally any record or copy of a record that is already in the public domain e.g.
The Effect to You!• Possible Financial Implications• Embarrassment• Repeated work for you• Repeated work for others (ME!)• Legal Problems• Employment Problems• SPAM
HASSLE
The Effect on the University
• Legal Requirements(Data Protection Act 1998)
• Reputation• “Bad Headlines”
(An organisation like Newcastle University would make a national story)
How is Information Lost?
McAfee Survey Results 2007McAfee Survey Results 2007
•Only 23% malicious (65% of this, an inside job!)
•Only 8% of total loss due to Hacking, Phishing etc
•77% an ‘accident’ or ‘only doing my job?’
Worst Culprits?•Malicious Act
•Accidents
•‘Doing my Job’
•Not informed of regulations
•Sharing passwords
•Publishing personal e-mails
Staff Guidance
• Communication at start of employment.• Communication at end of employment.• Think before you disclose personal
details.• Ask if you are not sure.
Passwords!Treat you passwords like a pair of knickers:
•Have different ones for different purposes.
•Make them a BIG as possible
•Change them often
•Never lend them to your friends
E-Mail• Phishing the easiest way to get
information.• You haven’t won a laptop!• You won’t get a share in $32 Billion!• You haven’t won the Dutch Lottery!• You didn’t place that order!• Your username and password will
never be asked for in an e-mail, no matter who it says it is from!
Worst Culprits?
•Lost
•Infected Easily
•Used as ‘Backup’
•Lent to others
•Data Corruptions more common
Worst Culprits?
•Stolen
•Left at airports, on trains etc
•Hard disk corruption common
•Connected to many networks
What can we do about it?• Laptops and Memory sticks should
never have a unique copy of important information.
• All confidential information should be encrypted.
• Staff informed of good working practises.
• Make Sure Laptops are ‘Patched’ (windows update)
Hot from the Press!!!!
Demonstration of TruCrypt
Security Policy
• Full Policy to be announced soon
• Information at:http://www.staff.ncl.ac.uk/steven.hall/users.php
Q&A
Thank You.
Steven Hall (xt 6881)