Secure IT! Newsletter
The Newsletter of the Information Security Group | ISG@brown.edu
Archive Edition: February, 2007
Archives Home Page

 

Connie Sadler
by Connie Sadler, Dir. of IT Security, CIS

Don't Get Caught Up in a Security Breach!

Ok. We all read the papers and watch television. We hear about hackers and botnets and identity theft and loss of data. It doesn't sound too good, and it isn't. But the fact is that these incidents are more and more frequent and the trend is escalating exponentially.

So how do we avoid getting caught up in a security breach? Faculty and staff can start by attending a new course titled "Protecting Brown's Information". You can find it on Brown's new training site at http://training.brown.edu. Faculty and Staff can sign up there, and we generally offer classes twice per month. We're also available to do dedicated sessions for staff meetings or specific departments.

Who does this training? We are Camille Rigney, Director of Information Systems Audit Services, and Connie Sadler, Director of Information Technology Security. Our goal is to make sure that eventually, every employee at Brown takes this training. So far, we have offered 18 classes and trained approximately 400 employees since June of 2006. The big questions we ask people to walk away with are these:

What are the risks to information in my immediate work area? These could be any number of things, including the following:

  • Confidential reports sitting out on desks or in unlocked files overnight
  • Unshredded paper in boxes waiting to be shredded
  • Old computers with disks that have not been sanitized
  • Untrained personnel handling Brown Confidential Information (BCI)
  • Weak passwords or shared passwords

Should a breach occur, can I defend my current practices? So, if someone hacks into your workstation, or an application that you use, are you confident that you have done what you can to prevent the breach? Some preventive actions include the following:

  • I have a strong password or passphrase (we recommend 16 characters now for access to BCI!).
  • I don't share my password with anyone.
  • I store BCI on a protected server and not on my workstation.
  • I do not transfer BCI to my home machine or to a laptop unless the data is encrypted with CyberAngel or some other utility.
  • If I need to work with Brown information from home, I access the information using a secure connection (SSH, VPN)
  • I don't talk about confidential information I have access to with co-workers or others unless they have a need to know.
  • My backups are stored in a secure location.

Pat Falcon has developed a 15 minute WebCT quiz that you can take before and/or after the class to see what you know and what you learned in the class. The quiz reflects some of the key points that Camille and I cover in the class. If you're interested in taking the quiz, or in making it available to others, send an email to SecureIT@brown.edu and we'll send you instructions for how to get in and take the quiz!

And by all means, if you have any questions about what constitutes Brown Confidential Information and how to protect it, and yourself, from breaches, feel free to contact Connie_Sadler@Brown.edu or ITSecurity@Brown.edu at any time. We're here to help!