• No results found

Electronic Security is defined d as:

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Electronic Security is defined d as:"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)
(2)

El t

i S

it i d fi d

Electronic Security is defined as:

• Protection resulting from all measures

d i d d h i d

designed to deny to unauthorized persons information of value.

Preca tions taken to g ard against crime

• Precautions taken to guard against crime,

(3)

A

t f

i ti

Assets of an organization

Employees

Employees

Equipment

Records

Records

Business information

Information systems

y

Raw data

Facilities

(4)

H ke

ke

i t kiddie ( t

Hackers, crackers, script-kiddies (not

the geeky teenager)

Uneducated staff

Uneducated staff

Litigation response

Disgruntled employees

Disgruntled employees

E-mail

Portable Devices

Physical location

Virus attacks

E i

t l th

t t

t

(5)
(6)

 Fall prey to social engineering

 Open any and all emails - phishing  Exchange files via portable devices  Leave passwords on sticky notes

around the office

 Use “Mom” for a password… use

(7)

N

ll t

t d t ff

b ff t d

Normally trusted staff can be affected

by issues that make them take

h

f l ti

harmful actions.

St

d

t

l it ti

Stress due to personal situations

Frustration with management/policy

O

k d

d

i t d

Overworked and unappreciated

Office politics gone awry

U d

id

(8)

Vi

li i f i

Virus -

malicious software written

intentionally to enter a computer without the user’s permission or knowledge

the user s permission or knowledge •

Types of common viruses:

Resident Direct Action Overwrite Boot

• Resident, Direct Action, Overwrite, Boot,

Macro, Directory, Polymorphic, File Infectors, Companion, FAT

(9)

• Worm a segment of self replicating code • Worm - a segment of self-replicating code • Trojan Horse – backdoor opening into a PC

• Logic Bomb - remains hidden until it is triggered

when certain conditions are met when certain conditions are met

• Vulnerability Scanner - a tool to quickly check for

networked computer weaknesses

S fi i l b i

• Spoofing – involves a program, system, or website

successfully masquerading as another by falsifying data

P k t S iff li ti th t t d t

• Packet Sniffer- an application that captures data • Key Logger (hardware & software) - is a tool

designed to record every keystroke on an affected machine for later retrieval

(10)
(11)

Easy mass distribution of corrupted files

• Easy mass distribution of corrupted files

• Simple way to steal confidential and

f

proprietary information

• Opening attachments withOpening attachments with

viruses/Trojan horses

Re directional / Referential pixels

• Re-directional / Referential pixels

imbedded into e-mails as a means of verifying e-mail addresses

(12)

It’s 2 AM do you know where your

• It’s 2 AM do you know where your

electronic records are? On the cloud?

In India?

In the server in the back room that is 2 feet above sea level?

On a disk in Bob’s desk? On a disk in Bob s desk?

On a laptop that was stolen while Bob was at a conference?

(13)

Welcome to central Florida... SLOSH Central!!!

Have you talked to IT about disaster recovery of records?

(14)

VA will pay $20 million to settle

lawsuit over stolen laptop's data

lawsuit over stolen laptop s data

Class action law suit - names, dates

Class action law suit names, dates

of birth and Social Security numbers

of about 26.5 million active duty

of about 26.5 million active duty

troops and veterans

(15)

The 2008 Data Breach Investigations

• The 2008 Data Breach Investigations

Report released by the Verizon Business Risk Team compiled data from more

h f h

than 500 forensics cases the team

handled from 2004 to 2007, comprising more than 230 million breached records. more than 230 million breached records. Although some of the breaches were

attributed to malicious activity, human error contributed to 62 percent of the error contributed to 62 percent of the cases.

G h 09

(16)

Risk analysis is the key to security

• Risk analysis is the key to security

• Understand your organization’s mission

• Know where the records & data &

information live, and their formats information live, and their formats

• Have content owners been trained?

• Who has what responsibility for the

(17)

Determine the following and develop a

• Determine the following and develop a

plan of action:

h b d

• What is being created?

• How is it being treated?How is it being treated?

• Where are your vital records and who has

access to them? access to them?

(18)

Know what records exist within your

• Know what records exist within your

organization

• What medium is being used to store

h

them?

• What production applications

create/maintain them? create/maintain them?

• Where they live physically?

• What formats are being used?

Who owns the content?

• Who owns the content?

• Who has access to what data/records?

(19)

Kid t t d NARA

d!

Kid tested, NARA approved!

C t l

t d

t

Controls access to documents

Tracks internal access attempts to

i f

ti

information

Provides document revision control

R b t

diti

biliti

Robust auditing capabilities

Encrypts source data to eliminate

b k

d d t b

(20)

Technology cannot prevent an employee

• Technology cannot prevent an employee

from faxing off something inappropriate.

• No form of technology can keep employees

from either inadvertently or maliciously destroying physical records

destroying physical records

• Technology can be used to encrypt

i f ti d d

information and records.

• People need to be trained, this is a people p , p p problem, not a technology problem.

(21)

D

M

t

d

t d th

Does Management understand the

issues surrounding e-records

it ?

security?

H

th

l

h

k ith

Have the people who work with

records been trained?

Does IT understand the risks

i t d ith l

it ?

associated with lax security?

(22)

C

t

i ti

l id

li

Create an organizational wide policy

on the security of electronic records

Build a strong partnership with your IT

t ff

staff

L

b t

d f lif d t

it

(23)

Who really has the responsibility for the

• Who really has the responsibility for the

security of the data, records, and

information within your organization?

• Is it a shared responsibility?

• Do the people understand they also have

a responsibility for the security of e-records?

records?

• Does IT understand their role in the

i f d ?

(24)

H d d i

• Hard drive erasure

• CD/Optical media destruction – beyond • CD/Optical media destruction beyond

forensic recovery

• Use of NAID certified destruction

technology

National Association for Information Destruction National Association for Information Destruction http://www.naidonline.org/

(25)

Y

t it b k

d d

thi

t

You cannot sit back and do nothing to

secure electronic records

• Requires proactive steps • Risk analysis

• Data mapping

• Responsibility mapping

• Training for creators, recipients, and

(26)

E l C Ri h CRM

Earl C. Rich, CRM

SWFWMD – Document Services Manager

Offi

352 796 7211

t 4052

Office: 352-796-7211 ext. 4052

Cell: 352-279-2472

References

Download now ( PDF - 26 Page - 1.53 MB )

Related documents

Preanalytical quality improvement. In pursuit of harmony, on behalf of European Federation for Clinical Chemistry and Laboratory Medicine (EFLM) Working group for Preanalytical Phase (WG-PRE)

The adoption of clinical practice guidelines is affected by several issues, including the way they are implemented. Important factors for improving guide- lines adoption include

COSTA CARIBE CORAL 4* BARCELO CAPELLA 4*

It includes daily cleaning service; two 4-passenger touring carts for transportation within the resort; selection of fresh fruits and a Dominican Bar (3 differents rums plus 6

Implementation and Evaluation of Consistent Online Backup in Transactional File Systems

Thus, under MS enabled (heuristics) on diversion of the backup transaction on detection of a conflict, the backup transaction avoids conflicting with all other concurrent

1. What is the Threat to Drinking Water? NOTE TO THE READER

There are no potential significant threats associated with operation of a waste disposal site with regards to the storage, treatment and discharge of tailings from mines in the

The Treasury of Ancient Egypt - ARTHUR E. P. B. WEIGALL

In some directions the imputation is unanswerable; and when the interests of modern times clash with those of the past, as, for example, in Egypt where a beneficial

Effect of Short Term Cold Storage on the Quality of \u3ci\u3eTrichogramma Brassicae, T. Cacoeciae\u3c/i\u3e, and \u3ci\u3eT. Evanescens\u3c/i\u3e (Hymenoptera: Trichogrammatidae)

The effect of different periods of cold storage on the quality of the stored parasitoids was evaluated by measuring the following variables: adult emergence time, adult

APPLICATION FOR POLICE OFFICER

Military Service To receive military service credit of 5 points you must present proof of your honorable discharge and dates of active duty and/or proof of a military

A plain linear rule for fatigue analysis under natural loading considering the sequence effect

This result is summarized in equation (36). 3, which presents six cases with segments of the non-linear cumulative damage curves, depending on the relative cycles of the