博彩网址大全感谢您的帮助,帮助我们提供一个稳定的 and secure computing environment.
Computer and Information Security Incident Quick Reference Guide
博彩网址大全 IT资源的所有用户都有责任报告怀疑和确认 incidents. When an incident occurs, follow these tips:
- Stay calm. 信息安全团队有一个适当的流程来解决这些问题.
- Immediately document the event (i.e. time, date, file name, application name, how discovered, type of data loss or exposure).
- Don't act hastily. The accuracy of the information is more important than how quickly it is addressed and resolved.
- Do not modify or make any changes to the system. This could impact file logs or contaminate system evidence.
- Involve senior management early. Remind them that details of the incident are to be 保密,特别是在收集数据的早期阶段.
- Don't withhold information. All details, no matter how insignificant it may seem, should be shared so informed decisions can be made.
Report a Computer or Information Security Incident
- Email the information security team at abuse@glodokelektronik.net or call the ITS Help Desk at 314-977-4000
- To report a compliance issue, call 877-525-KNOW(5669).
What to Report
严重事件是指符合下列一项或多项标准的事件:
- 涉及未经授权访问、丢失或盗窃已知用于存储、处理的设备 or transmit sensitive information.
- 涉及到怀疑企业关键安全设备遭到入侵,例如 a data center firewall, border firewall, or authentication service.
- 涉及对its管理的网络设备(如路由器或交换机)的危害.
- 导致对大学任务至关重要的服务扩展不可用.
涉及大量的大学系统,表明受到了广泛的攻击.
在CIO或ISO的判断中,对大学系统构成了高度严重的风险 or information.
Sensitive Data
还应报告与敏感数据相关的受损用户或电子邮件帐户. 敏感数据是一个总括性术语,用于指定具有高级别的数据类 大学在法律上或合同上需要保护的敏感性. 在博彩网址大全,敏感数据指的是个人身份信息 (PII) such as:
- Social security number
- Credit card number
- Driver's license number
- Student records
- Protected health information (PHI)
- Human subject research
- 不要用电子邮件发送敏感或受限制的数据(如您的社会安全号码或个人信息) credit card information) to anyone. Email is not a secure form of communication. Instead, 考虑使用电话、传真机或美国邮政服务. Never e-mail HIPAA or FERPA sensitive data.
- 在移动电子设备上储存敏感或受限制的信息时要小心 storage devices such as CDs/DVDs, thumb drives, laptops, etc. These devices are easy 丢失,成为小偷的好目标,因为它们很容易出售,而且经常 valuable.
- 一定要确认询问你个人信息的人的身份 over the phone or through email. "Social engineering" is when someone lies to you 为了让你透露自己的机密信息,经常与伟大一起使用 success by identity thieves.
- 博彩网址大全绝不会要求您提供任何敏感或受限信息(完整的社交信息) security numbers, passwords, etc.) via e-mail or phone. When you call 314-977-4000 或者给服务台发电子邮件,你会被要求核实你的信息 你的社会安全号码的四位数字,你的出生日期和你的横幅身份证 if you are resetting your password.
- 在查看敏感或受限数据或交谈时保持态势感知 about private matters when others are present.
- 总是粉碎任何包含敏感或限制信息的文件 社保号信用卡号横幅身份证号医疗记录 purchase orders, etc.) instead of simply discarding them.
电子邮件是网络罪犯武器库中最有效的工具之一. Spam filters 阻止很多糟糕的电子邮件,否则它们会最终进入你的收件箱,但狡猾的网络罪犯 知道如何设计他们的邮件,以一种可以绕过这些过滤器的方式.
即使一封电子邮件看起来是真的,但最简单和最快的发现骗局的方法 is if it asks you to confirm your passwords. 博彩网址大全 will never ask for a password in an email. 任何要求提供此类个人信息的电子邮件都应被视为非法邮件 phishing scam and reported to abuse@glodokelektronik.net, and then deleted.
If you think you have spotted a phish, please follow these instructions to report it.
Protecting 博彩网址大全's data is everyone's responsibility. Whether sharing business data 在大厅对面或在世界各地出差,我们必须牢记信息 security best practices. Encryption can be used as one way to maintain the confidentiality of 博彩网址大全's sensitive data.
What is Encryption?
加密是一种将信息从纯文本格式编码为不可读格式的方法 text.
Full Disk Encryption for Computers
slu管理的计算机使用赛门铁克驱动器加密进行全磁盘加密 software, also commonly referred to by the software name, PGP. Symantec Drive Encryption encrypts the hard drive of your computer. It is recommended that you use full disk encryption if:
- You handle sensitive data
- You regularly travel with your laptop
- You have a security requirement for encryption
Document Encryption
对文档进行加密,以便存储(本地或可移动设备)或传输(在 email) adds a layer of protection to your sensitive information. Once you encrypt 使用下面列出的方法之一,无法打开您的文档 by anyone without the password. ITS cannot help you recover passwords for documents you encrypt, so follow these guidelines before you encrypt:
- 备份文件-如果你丢失了密码,它是无法恢复的,所以 the information will be lost
- 把你的密码存放在一个安全的地方——每个文件都需要一个密码,所以这个 could amount to managing many passwords. Using a password manager tool such as password safe is recommended.
- 明智地传达文件的密码——在相同的文件中发送密码 email as the encrypted document is not a good practice.
- 如果您有赛门铁克驱动器加密,您可以使用包含的赛门铁克PGP Zip with that SDE license. However, this type of file cannot be emailed in our current 邮件系统,所以你需要使用发送这个文件(可通过my博彩网址大全工具 tab).
External Drive Encryption Tools
There are many other options regarding tools you can use. You can purchase an encrypted external hard drive or thumb drive any place that sells computer supplies; 256-bit AES encryption is recommended for meeting most compliance standards.
Please contact ITS at ask@glodokelektronik.net if there are additional types of encryption needed in your area.
了解当前的法规、法律和安全提示是很重要的 when traveling abroad. Additionally, the U.S. federal government has strict policies around export controls which can include technology and some data. More information about this can be found at 博彩网址大全's Export Controls webpage.
To explore various countries travel restrictions, visit http://travel.state.gov.
为了与工作、家人和朋友保持联系,大多数人都在国外旅行 prefer to use mobile electronic communication devices. Mobile electronic devices such 因为笔记本电脑,手机和平板电脑,当被带到国外时,可能会被成功攻击 with malware and automated attack tools. These devices, even when kept current with security software, may not be able to thwart such an attack.
下面是一份清单,旨在帮助你为出国旅行做准备,包括 当你回来时要完成的任务来确保你做好了最好的保护工作 yourself and your data against malicious activity. Even though these guidelines apply 到商务旅行使用博彩网址大全设备,采用这些最佳实践为您的个人 travel is recommended.