Information Systems Security for the Special Educator MGMT 636 – Information Systems Security

Transcription

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security
Information Systems
Security for the
Special Educator
MGMT 636 – Information Systems Security
Overview
• Awareness of information systems security
in work and at home.
• Basic understanding of security
techniques that can be implemented in
both the work environment and at home.
Legal Environment
• FERPA
– Family Educational Rights and Privacy Act
L.S. v. Mount Olive Board of Education (New Jersey)
– 11th grade English class studying The Catcher
in the Rye.
• An assignment required students to create a psychological
profile of the main character.
• The teacher obtained a real psychological profile from the
school’s psychologist to use as an example.
• Even though the profile was redacted, a student deduced
that the profile was his friend’s psychological profile.
Legal Environment
• FERPA
– L.S. v. Mount Olive Board of Education (New
Jersey)
• The court ruled that the teacher and the school’s
psychologist could be personally sued under 42
U.S.C. § 1983: Civil action for deprivation of
rights.
• Extreme case due to negligence.
Work Computing Environment
• District and school policies concerning
information systems security.
– Know your data.
• Schools provide protection infrastructure.
– Firewalls to protect networked computers.
• School assumes risk in case of a security
breach, unless negligence is found.
Protecting Your Computer
• Password protect your computer.
• Lock computer when away.
• Use username and password to login.
– Do not share password or accounts.
– Do not allow others use your computer while
you are logged in.
• Someone could e-mail parents, students, your
boss.
Protect Your Files
• MS Office: 2010 offers AES 128-bit
advanced encryption.
• iWork offers encryption.
• File encryption software.
– Third party software.
• Requires being able to add
software to computer.
Encryption
• Benefits
– “Scrambles data” making
it unusable in it’s encrypted
state.
• Downfalls
– Forgotten password.
– Business continuity.
Password Construction
• In order to understand solid password
creation, it is important to understand the
three basic techniques to “crack” a
password.
Three Basic File Hacking Techniques
• Shoulder surfing and social engineering.
• Brute force attack.
– A properly designed password can make this
technique take a million years to crack.
• Dictionary attack.
– Avoid common words and combinations.
– Avoid common password security techniques.
• i=!, i=1, a=@, and etcetera.
Password Construction
• The longer the better.
• What is a bit and what does it mean?
• Using a passphrase.
“and she's climbing the stairway to heaven”
Password Construction
The Next Level
• Multi-Factor Authentication
– Goes beyond username and password.
• Requires additional information that only the user
would know (knowledge factor).
• Increases security. Used by banks and credit
reporting agencies.
– Questions such as “Name of your first pet” or “Name of
company that holds your home mortgage”.
Taking Work Home
• Risk transference.
– You are now responsible for data security.
• Does this violate security policies?
• Transportation of data.
– Flash Drive
• SanDisk Cruzer offers software to encrypt the
entire flash drive (SanDisk Secure Access).
– E-Mail: Not highly secure on its own.
– Laptop: Whole device could be stolen.
Home Networking Security
The firewall is the first line of defense.
• Decent router with firewall.
• Wi-Fi with good encryption protocols and a
strong password.
Personal Devices
Risks
• Text messaging.
• E-mail.
• Loss of device or laptop.
– Password protect entire device.
– Google’s pattern lock.
Questions?
Questions?