17Nov19 Information Security Essentials Recognizing Threats in Your - - PDF document

17 nov 19
SMART_READER_LITE
LIVE PREVIEW

17Nov19 Information Security Essentials Recognizing Threats in Your - - PDF document

Oct 22, 2022 332 likes •408 views

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

slide-1
SLIDE 1

17‐Nov‐19 1

Information Security Essentials

Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond.

Introduction

What you will learn?

Introduction

What you will learn? What to Expect?

  • You’ll visit multiple locations and view scenarios that

are commonly experienced by employees

  • You’ll learn best practices that will help you maintain

the security of information, devices, networks, and workplace areas

1 2 3

slide-2
SLIDE 2

17‐Nov‐19 2

Definition of Information Security

  • Information security is the protection of information

and systems from unauthorised access, disclosure, modification, destruction or disruption.

  • The three objectives of information security are:
  • Confidentiality
  • Integrity
  • Availability

Definition of Information Security

Confidentiality

  • Confidentiality refers to the protection of information

from unauthorised access or disclosure. Ensuring confidentiality is ensuring that those who are authorized to access information are able to do so and those who are not authorized are prevented from doing so.

Definition of Information Security

Integrity

  • Integrity refers to the protection of information from

unauthorized modification or destruction. Ensuring integrity is ensuring that information and information systems are accurate, complete and uncorrupted

4 5 6

slide-3
SLIDE 3

17‐Nov‐19 3

Definition of Information Security

Availability Availability refers to the protection of information and information systems from unauthorised disruption. Ensuring availability is ensuring timely and reliable access to and use of information and information systems.

Information Security Policy

  • Our practice has adopted an Information Security Policy as a measure to

protect the confidentiality, integrity and availability of personal information data as well as any information systems that store, process or transmit personal information.

  • Personal information includes all information that can identify an individual,

for example, patient information, employee information, etc.

  • Information system is defined as any electronic system that stores,

processes or transmits information, for example your computer workstation, facsimile machine, portable hard drives, usb sticks, etc.

Information Security Policy

Policies

  • Throughout its lifecycle, all peronal informationshall be protected in a manner

that is considered reasonable and appropriate given the level of sensitivity, value and criticality that the personal information has to the practice.

  • Any Information System that stores, processes or transmits personal information

shall be secured in a manner that is considered reasonable and appropriate given the level of sensitivity value and criticality that the personal information has to the practice.

  • All individuals who are authorised to access personal information shall adhere to

the appropriate Roles and Responsibilities

7 8 9

slide-4
SLIDE 4

17‐Nov‐19 4

Your Role in Information Security

  • Three primary roles have been defined in the context of information security:
  • Responsible person
  • Operator
  • User
  • A User is any employee, contractor or third-party affiliate of our practice who is authorised

to access personal information or information systems.

  • Users are responsible for:
  • Adhering to information security policies, guidelines and procedures.
  • Reporting suspected vulnerabilities, breaches and/or misuse of personal information to

a manager, IT support staff or the Information Officer.

Your Role in Information Security

Users

  • Safeguard all personal information
  • Safeguard electronic communications
  • Avoid risky behavior online
  • Report suspected security breaches

Your Role in Information Security

Safeguarding Personal Information

Know Your Information Be mindful of what type of information you handle:

  • Public
  • Private
  • Restricted

Examples of Restricted information include account passwords, medical records, financial account information.

10 11 12

slide-5
SLIDE 5

17‐Nov‐19 5

Your Role in Information Security

Safeguarding Personal Information: Protecting Electronic Information

  • Avoid storing Restricted information on mobile computing devices
  • Don't store practice information on personally owned computing devices
  • Don't store Restricted information on CDs, DVDs, USB thumb drives, etc.
  • Don't transmit Restricted information via email and other insecure

messaging solutions without the consent of the patient

  • Don't use personal email for business communications
  • Use strong passwords or passphrases
  • Secure your computing devices

Your Role in Information Security

Safeguarding Personal Information: Safeguard Your Password

  • Use a strong password or passphrase
  • Change your password periodically
  • Avoid using the same password for multiple accounts
  • Don’t write your password down or store it in an insecure manner
  • Don’t share your password with anyone for any reason
  • Never let anyone use your password to log into a system
  • Never share your passwords with co-workers while on vacation
  • Don’t use automatic login functionality

Your Role in Information Security

Safeguarding Personal Information: Secure Your Computer

  • Do not automatically connect to public wireless networks
  • Disconnect your computer from the wireless network when it is not in use
  • Use caution when enabling browser pop-ups
  • Use caution when downloading and installing software
  • Lock your computer when it is unattended

13 14 15

slide-6
SLIDE 6

17‐Nov‐19 6

Your Role in Information Security

Safeguarding Personal Information: Protecting Physical Data

  • Close and lock your door when leaving your office unattended
  • Lock file cabinets that store personal information
  • Don't leave Restricted information in plain view at your desk or on a

whiteboard

  • Don't leave Restricted information sitting on a printer, copier, fax machine or
  • ther peripheral device

Your Role in Information Security

Safeguarding Personal Information: Protecting Verbal Communication

  • Be mindful of your surroundings when discussing Restricted information
  • Don't discuss Restricted information with individuals who do not have a

need to know

Your Role in Information Security

Safeguarding Personal Information: Disposing of Data

  • Dispose of information when it is no longer needed for business purposes
  • Use the Computer Recycling Program to dispose of electronic media
  • Use a cross shredder to dispose of paper-based and written media

16 17 18

slide-7
SLIDE 7

17‐Nov‐19 7

Your Role in Information Security

Safeguarding Electronic Communications Electronic communications can be in the form of email, instant messaging, text messaging, social network, etc.

  • Avoid opening attachments from an untrusted source
  • Avoid clicking on links in electronic communications from an untrusted

source

  • Be wary of phishing scams
  • Avoid sending Restricted information through email and other electronic

communications

Your Role in Information Security

Avoid Risky Behavior Online

  • Be cautious when using file sharing applications
  • Be cautious when browsing the web
  • Be cautious when clicking on shortened URLs
  • Avoid responding to questions or clicking on links in pop-up windows

Your Role in Information Security

Remember:

  • Information security is the responsibility of everyone in our practice.
  • Good security begins with you!

19 20 21