migrant student information exchange msix security
play

Migrant Student Information Exchange (MSIX) Security, Privacy and - PowerPoint PPT Presentation

Jul 01, 2023 •395 likes •692 views

Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security 0 Introductions This

  1. Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa – MSIX Technical Lead Sarah Storms – MSIX Contractor Security 0

  2. Introductions This Webinar is being recorded. • Agenda: – MSIX Account Management Improvements/Changes – Part 1: Security and Privacy Awareness Training for All MSIX Users – Part 2: User Administration Role-Based Training for User Administrators and State Migrant Education Program (MEP) Directors You are invited to attend the Part(s) that pertains to your role within MSIX . 1

  3. Account Management Improvements/Changes • Shorter-Term – Updated Account Application with Intended Use section – Automatic disabling of unused accounts • Longer-Term – Streamlined new user application and registration – Self-service account/password management – Enhanced user login experience – Enhanced security for privileged users 2

  4. Part 1: 2018 Security and Privacy Awareness Training Objectives: • MSIX Users will: – Understand laws, policies and procedures that govern MSIX Accounts Management – Understand current cyber security threats – Understand accounts management terminology – Understand Do’s and Don’ts of accounts management – Identify suspicious email messages – Understand proper handling of Privacy information and Personal Identifiable Information (PII) while using MSIX 3

  5. Federal and ED Cybersecurity References Federal Government Wide • Federal Information System Modernization Act of 2014 (FISMA) • National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A Revision 4 US Department of Education • US Department of Education (ED) Office of Chief Information Officer (OCIO) OCIO-01 Information Assurance / Cybersecurity Policy (Jan. 2017) MSIX Specific • MSIX System Security Plan • MSIX Privacy Impact Assessment 4

  6. Cyber Security Threats in the News • EQUIFAX Breach • YAHOO Accounts Stolen • OPM Hacked • ANTHEM PII Stolen In 2016: Real Threats to MSIX • 81% of breaches leveraged stolen or weak passwords • Key Logger • 43% were social engineering attacks • Email Phishing • 75% perpetrated by outsiders • 25% involved internal actors • 27% of breaches were discovered by third parties 5

  7. Cybersecurity Terminology • Identification - a user claims or professes an identity with a username, a process ID, a smart card, or anything else that can uniquely identify a subject • Authentication – a user provides appropriate credentials to prove an identity – Something you have: smartcard or RSA key – Something you know: password – Something you are: biometric (fingerprint) • Authorization – a user is granted access to a system • Role-Based Access Control – a user is granted access to resources based on his role • Separation of Duties –more than one person is responsible for a task • Least Privilege – user’s role matches assigned job functions 6

  8. Account Management Do’s and Don’ts • DON’T share your user ID and password with anyone else. • DON’T write your password down or keep it in an area where it can be easily discovered. • DON’T use the “ remember password ” feature. • DO remember that user accounts are disabled after three (3) consecutive invalid attempts. • DO register with official work email ; not unofficial/free email accounts. • DO follow the MSIX Password Policy – A password must: – Be changed upon initial login to MSIX; – Contain at least eight (8) characters; – Contain a mix of letters (upper and lower case), numbers, and special characters (#, @, etc.); – Be changed at least every ninety (90) days; – Not be one of user’s previous six (6) passwords. 7

  9. POP-Quiz #1: Password Rules Q&A Beth is trying to log into MSIX but isn’t sure of her password. Q1: Should she try to guess the password to sign-in? Q2: She is embarrassed to ask her user administrator to reset the password. Should she ask her teammate to share their password with her? Q3: Who should Beth contact to have her password reset? Q4: Should Beth be embarrassed? 8

  10. POP-Quiz #1: Password Rules Q&A Beth is trying to log into MSIX but isn’t sure of her password. Q1: Should she try to guess the password to sign-in? A1: Yes, she can make up to 3 attempts before her account gets locked. Q2: She is embarrassed to ask her user administrator to reset the password. Should she ask her teammate to share their password with her? A2: No, never log in with another person’s password. Q3: Who should Beth contact to have her password reset? A3: Beth should contact her User Administrator. They can be contacted through the MSIX login page. The MSIX Help Desk cannot assist with password resets. Q4: Should Beth be embarrassed? A3: No. Resetting passwords frequently is a very good practice. 9

  11. Email Best Practices • Do not open unexpected attachments • Do not click on suspicious links within emails • Install and update anti-virus software on all devices • Learn how to recognize phishing – Messages that contain threats to shutdown accounts or devices – Requests for personal information (passwords or Social Security Numbers) – Words like “Urgent” – Forged email addresses – Poor writing or bad grammar • Don’t give your email address to sites you don’t trust • Suspicious emails must be reported as an incident to your IT office and to MSIX Help Desk 10

  12. POP-Quiz #2: Email Phishing David receives the email message below. Is this legitimate? From: IT Support Help Desk mvivisel@xcvb.com To: David.Smith@ed.state.gov Subject: Password Security Check Attachment: passwordhack.exe URGENT! REQUIRED! You’re IT support desk is providing a service to all users so you have good passwrods. click on attachment to check your passsword. OR you can click on this link: http://passwordcollector.hax.com Your account will be locked if you do not act now. Password Team 11

  13. POP-Quiz #2: Email Phishing David receives the email message below. Is this legitimate? From: IT Support Help Desk mvivisel@xcvb.com Answer 1: Address doesn’t match name To: David.Smith@ed.state.gov Subject: Password Security Check Answer 2: Suspicious attachment Attachment: passwordhack.exe URGENT! REQUIRED! Answer 4: Poor grammar Answer 3: False sense of and misspellings urgency You’re IT support desk is providing a service to all users so you have good passwrods. click on attachment to check your passsword. OR you can click on this link: http://passwordcollector.hax.com Your account will be locked if you do not act now. Answer 5: Suspicious hyperlink Answer 6: Threat of account Password Team lock-out encourages action 12

  14. MSIX Privacy Protections • Lock your computer when leaving computer unattended • Media (including reports) containing MSIX information should be stored in locked container during non-business hours • Do not leave paper media with MSIX information in public areas • Store digital information in an encrypted format where technically possible • Media containing MSIX information should be properly cleansed or destroyed • If the access which you have been granted within MSIX is more than required to fulfill your job duties, it should be reported to your MSIX User Administrator • Do not disclose MSIX information to individuals without a “need-to- know” of the information in the course of their business 13

  15. POP-Quiz #3: TRUE or FALSE - Privacy and PII 1. Comment fields in MSIX can be used to share information that we collect through MDEs, like address or phone number. 2. MSIX IDs can be shared through email since only MSIX users can get more personal information on that student. 3. Comment fields are inside MSIX so it’s safe to write-in SSN, medical conditions and disciplinary records. 4. Screenshots from MSIX can be emailed to MSIX Help Desk since they already have access to the data. 14

  16. POP-Quiz #3: TRUE or FALSE - Privacy and PII 1. Comment fields in MSIX can be used to share information that we collect through MDEs, like address or phone number. TRUE : MDE lists are approved list of data collected within MSIX. – 2. MSIX IDs can be shared through email since only MSIX users can get more personal information on that student. TRUE : MSIX IDs are only accessible by authorized MSIX users. – 3. Comment fields are inside MSIX so it’s safe to write-in SSN, medical conditions and disciplinary records. FALSE : Only MDE lists are approved. If it’s not an approved data – element, MSIX is not authorized to collect the data anywhere. 4. Screenshots from MSIX can be emailed to MSIX Help Desk since they already have access to data. FALSE: Emails can be intercepted by hackers. – 15

  17. Certificate of Completion 2018 MSIX Security and Privacy Awareness Training (0.5 hour) Completed on _________________ (date) I certify attendance and completion for this I have verified completion of the training training. by the attendee. _______________ _______________ Attendee Name Printed Supervisor Name Printed _______________ _______________ Attendee Signature Supervisor Signature Certificate is valid only when completed by both the attendee and their supervisor. 16

  18. BREAK Part 2: User Administrator Role-Based Training Non-User Administrators may drop off at this time. 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

2014 ID&R Forum How to Become a Better Recruiter with MSIX October 29, 2014 Jacksonville,

2014 ID&R Forum How to Become a Better Recruiter with MSIX October 29, 2014 Jacksonville,

2014 ID&R Forum How to Become a Better Recruiter with MSIX October 29, 2014 Jacksonville, FL Presenters Lisa Gillette OME Acting Group Leader Wahid Sadek MSIX Team Annie Babcock MSIX Team 2 Agenda Records Exchange Background

751 views • 48 slides
Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011

1 Information Exchange Policy Automation Information Exchange Framework (IEF) December 5 th, 2011 Presented by: Mike Abramson President, Advanced Systems Management Group Special Adviser on public safety/security Open Interoperability

525 views • 26 slides
International Student Exchange Programme Information Meeting Why go on exchange? Types of

International Student Exchange Programme Information Meeting Why go on exchange? Types of

International Student Exchange Programme Information Meeting Why go on exchange? Types of Exchange Opportunity Erasmus + European - apply through Department Departmental apply through Department International

413 views • 10 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
6 th ASEAN Forum on Migrant Labour Enhancing Policy and Protection of Migrant Workers through Data

6 th ASEAN Forum on Migrant Labour Enhancing Policy and Protection of Migrant Workers through Data

6 th ASEAN Forum on Migrant Labour Enhancing Policy and Protection of Migrant Workers through Data Sharing, Adequate Access to the Legal and Judicial system during Employment, including Effective Complaints Mechanisms. Session 2: Information

378 views • 10 slides
Dra. Elvira Mndez. General Director Asociacin Salud y Familia Research Exchange Workshop on

Dra. Elvira Mndez. General Director Asociacin Salud y Familia Research Exchange Workshop on

CONTRACEPTION AND ABORTION PATTERNS IN MIGRANT PAKISTANI MIGRANT WOMEN IN BARCELONA Dra. Elvira Mndez. General Director Asociacin Salud y Familia Research Exchange Workshop on Social Determinants of Migrants Health across Asia and

429 views • 26 slides
Completing 2020-2021 Title I-C Migrant CFSGA Get Your Migrant Application Approved the First

Completing 2020-2021 Title I-C Migrant CFSGA Get Your Migrant Application Approved the First

Completing 2020-2021 Title I-C Migrant CFSGA Get Your Migrant Application Approved the First Time! Sarah Seamount Migrant Education Program Coordinator Updated 2019-2020 Supporting Schools and Students to Achieve SHERRI YBARRA, ED.S.,

811 views • 55 slides
MIGRANT EDUCATION PROGRAM (MEP) SUBGRANTING Office of Migrant Education (OME) The mission of the

MIGRANT EDUCATION PROGRAM (MEP) SUBGRANTING Office of Migrant Education (OME) The mission of the

MIGRANT EDUCATION PROGRAM (MEP) SUBGRANTING Office of Migrant Education (OME) The mission of the Office of Migrant Education is to provide excellent leadership, technical assistance, and financial support to improve the educational opportunities

450 views • 28 slides
Kick-off for exchange studies in spring 2020 Congratulations on your nomination! Agenda for

Kick-off for exchange studies in spring 2020 Congratulations on your nomination! Agenda for

Kick-off for exchange studies in spring 2020 Congratulations on your nomination! Agenda for this afternoon 15:45 The Student Health Service and the International Office gives you practical information. The student exchange experience

447 views • 32 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Government-Sponsored Exchange of Information Frdric Puel Information exchange in Competition

Government-Sponsored Exchange of Information Frdric Puel Information exchange in Competition

Government-Sponsored Exchange of Information Frdric Puel Information exchange in Competition law FEB-BSC 22 June 2011 Plan State Action Defence 1. Situations where exchange of information between 2. undertakings may be prompted by a

267 views • 13 slides
Insecurities and vulnerabilities of migrant and posted workers: the need for information

Insecurities and vulnerabilities of migrant and posted workers: the need for information

Insecurities and vulnerabilities of migrant and posted workers: the need for information provision Sanja Cukut Krili , PhD, Research Centre of the Slovenian Academy of Sciences and Arts Sociomedical Institute, Ljubljana, Slovenia Mojca Vah

173 views • 15 slides
International student exchange in an era of internationalisation: sustainability of the current

International student exchange in an era of internationalisation: sustainability of the current

International student exchange in an era of internationalisation: sustainability of the current state of practice @GoingPlacesEdu www.goingplaces.edu.au Our ur foc ocus us to today Why we are researching student exchange? The Going

635 views • 21 slides
Kick-off for exchange studies spring 2019 Congratulations on your nomination! Agenda for today

Kick-off for exchange studies spring 2019 Congratulations on your nomination! Agenda for today

Kick-off for exchange studies spring 2019 Congratulations on your nomination! Agenda for today 15:30 The Student Health Center and the International Office gives you practical information The exchange experience student Vappu Vuori,

682 views • 40 slides
6th ASEAN Forum on Migrant Labour TRADE UNION PERSPECTIVE: MIGRANT WORKERS AND ACCESS TO THE

6th ASEAN Forum on Migrant Labour TRADE UNION PERSPECTIVE: MIGRANT WORKERS AND ACCESS TO THE

6th ASEAN Forum on Migrant Labour TRADE UNION PERSPECTIVE: MIGRANT WORKERS AND ACCESS TO THE JUDICIAL SYSTEM AND COMPLAINTS MECHANISM Abuses of migrant workers may come mainly from three parties. Namely, the government of the sending country,

86 views • 4 slides
Welcome day International & Exchange students Programme 09:00 Start 09:30 General

Welcome day International & Exchange students Programme 09:00 Start 09:30 General

Welcome day International & Exchange students Programme 09:00 Start 09:30 General welcome / Student facilities / student associations / Buildings / ICT / Calendar / Safety 10:30 Programme-specific information sessions

718 views • 28 slides
LPL Financial Investor Presentation Q2 2020 July 30, 2020 Member FINRA/SIPC Notice to

LPL Financial Investor Presentation Q2 2020 July 30, 2020 Member FINRA/SIPC Notice to

LPL Financial Investor Presentation Q2 2020 July 30, 2020 Member FINRA/SIPC Notice to Investors: Safe Harbor Statement Statements in this presentation regarding LPL Financial Holdings Inc. s (together with its subsidiaries, the

800 views • 37 slides
I N V E S T O R P R E S E N T A T I O N SECOND QUARTER 2016 (As of June 30, 2016)

I N V E S T O R P R E S E N T A T I O N SECOND QUARTER 2016 (As of June 30, 2016)

I N V E S T O R P R E S E N T A T I O N SECOND QUARTER 2016 (As of June 30, 2016) Disclaimer/Forward-Looking Statements Statements made by us in this presentation and in other reports and acquire additional real estate assets; continued high

472 views • 23 slides
Webinar May 12, 2020 1 Renee Ostrander, Donna Beaumont, Veronica Silva-Gil, Brad Hanson 2

Webinar May 12, 2020 1 Renee Ostrander, Donna Beaumont, Veronica Silva-Gil, Brad Hanson 2

School Employer Advisory Committee Webinar May 12, 2020 1 Renee Ostrander, Donna Beaumont, Veronica Silva-Gil, Brad Hanson 2 Michelle Norris, Christina Rollins, Kurt Schneider, Jennifer Rocco 3 William Greenhalgh, Susan Forrer, Stephanie

1.34k views • 68 slides
Q4 2018 FINANCIAL RESULTS FEBRUARY 1, 2019 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT

Q4 2018 FINANCIAL RESULTS FEBRUARY 1, 2019 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT

A DIVERSIFIED TECHNOLOGY COMPANY Q4 2018 FINANCIAL RESULTS FEBRUARY 1, 2019 SIMPLE IDEAS. POWERFUL RESULTS. SAFE HARBOR STATEMENT The information provided in this presentation contains forward-looking statements within the meaning of the

461 views • 28 slides
Nebraska Investment Council December 12, 2019 We Enrich Lives & Safeguard Futures Do

Nebraska Investment Council December 12, 2019 We Enrich Lives & Safeguard Futures Do

Nebraska Investment Council December 12, 2019 We Enrich Lives & Safeguard Futures Do the right thing The pursuit of excellence Integrity, candor A spirit of competition and collaboration that inspires innovation

577 views • 14 slides
2018 1 MAIN HIGHLIGHTS 2 FINANCIAL HIGHLIGHTS Expanded Loan Portfolio: Recurring Net Income:

2018 1 MAIN HIGHLIGHTS 2 FINANCIAL HIGHLIGHTS Expanded Loan Portfolio: Recurring Net Income:

RESULTADOS RESULTS 3 TRIMESTRE 3 rd QUARTER 2018 2018 1 MAIN HIGHLIGHTS 2 FINANCIAL HIGHLIGHTS Expanded Loan Portfolio: Recurring Net Income: R$523.4 billion R$5.5 billion RESULTADOS +1.5% QoQ and +13.7% YoY* +7.5% YoY* 3

797 views • 34 slides
myDesire2Learn TM Getting Started for Administrators Desire2Learn and the molecule logo are

myDesire2Learn TM Getting Started for Administrators Desire2Learn and the molecule logo are

myDesire2Learn TM Getting Started for Administrators Desire2Learn and the molecule logo are trademarks of Desire2Learn Incorporated, registered in the U.S. and other countries. Agenda What is myDesire2Learn? Who should use

783 views • 11 slides
Portal Application Process Applicants will only need to register once for the portal * You may

Portal Application Process Applicants will only need to register once for the portal * You may

Special Designated License Portal Application Process Applicants will only need to register once for the portal * You may move to Slide 7 if you have previously registered Applicant must be: Retail Liquor License Holder Non-Profit

690 views • 21 slides

More recommend