Information Systems Security for the Special Educator MGMT 636 – Information Systems Security
Transcription
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security
Information Systems Security for the Special Educator MGMT 636 – Information Systems Security Overview • Awareness of information systems security in work and at home. • Basic understanding of security techniques that can be implemented in both the work environment and at home. Legal Environment • FERPA – Family Educational Rights and Privacy Act L.S. v. Mount Olive Board of Education (New Jersey) – 11th grade English class studying The Catcher in the Rye. • An assignment required students to create a psychological profile of the main character. • The teacher obtained a real psychological profile from the school’s psychologist to use as an example. • Even though the profile was redacted, a student deduced that the profile was his friend’s psychological profile. Legal Environment • FERPA – L.S. v. Mount Olive Board of Education (New Jersey) • The court ruled that the teacher and the school’s psychologist could be personally sued under 42 U.S.C. § 1983: Civil action for deprivation of rights. • Extreme case due to negligence. Work Computing Environment • District and school policies concerning information systems security. – Know your data. • Schools provide protection infrastructure. – Firewalls to protect networked computers. • School assumes risk in case of a security breach, unless negligence is found. Protecting Your Computer • Password protect your computer. • Lock computer when away. • Use username and password to login. – Do not share password or accounts. – Do not allow others use your computer while you are logged in. • Someone could e-mail parents, students, your boss. Protect Your Files • MS Office: 2010 offers AES 128-bit advanced encryption. • iWork offers encryption. • File encryption software. – Third party software. • Requires being able to add software to computer. Encryption • Benefits – “Scrambles data” making it unusable in it’s encrypted state. • Downfalls – Forgotten password. – Business continuity. Password Construction • In order to understand solid password creation, it is important to understand the three basic techniques to “crack” a password. Three Basic File Hacking Techniques • Shoulder surfing and social engineering. • Brute force attack. – A properly designed password can make this technique take a million years to crack. • Dictionary attack. – Avoid common words and combinations. – Avoid common password security techniques. • i=!, i=1, a=@, and etcetera. Password Construction • The longer the better. • What is a bit and what does it mean? • Using a passphrase. “and she's climbing the stairway to heaven” Password Construction The Next Level • Multi-Factor Authentication – Goes beyond username and password. • Requires additional information that only the user would know (knowledge factor). • Increases security. Used by banks and credit reporting agencies. – Questions such as “Name of your first pet” or “Name of company that holds your home mortgage”. Taking Work Home • Risk transference. – You are now responsible for data security. • Does this violate security policies? • Transportation of data. – Flash Drive • SanDisk Cruzer offers software to encrypt the entire flash drive (SanDisk Secure Access). – E-Mail: Not highly secure on its own. – Laptop: Whole device could be stolen. Home Networking Security The firewall is the first line of defense. • Decent router with firewall. • Wi-Fi with good encryption protocols and a strong password. Personal Devices Risks • Text messaging. • E-mail. • Loss of device or laptop. – Password protect entire device. – Google’s pattern lock. Questions? Questions?