As University employees, we use the personal information of others in order to do our jobs. Many times we have access to an individual's personal data such as name, Social Security number, credit card number, bank account information, or other identifying information in order to do our jobs properly. It is necessary that each and every one of us safeguard this information by practicing good security in our everyday routines and by being aware of the sensitivity of the information we are working with.
Information security is more than simply having a user ID and password to protect our systems. Viruses, worms, spammers, phishers, and other malicious activities threaten us every day. Technology alone is not enough to ensure information security. Investments in firewalls, intrusion detection systems, anti-virus software, and other security technology are only the fundamentals of physical security. People are truly the driving force behind the success of information security.
Security awareness is needed to educate people on how to protect not only their own personal information but also the information they handle in their jobs daily. Because of the importance of the information we handle, we need to practice good security in our everyday routine and be conscious of the different types of information we have access to.
Each of us needs to be familiar with potential security issues in our particular area and recognize how to prevent them in the future. It is our shared responsibility to protect Shawnee State's information and technology resources.
SSU's Security Awareness Efforts
Shawnee State University is working to ensure that all members of our University family, including students, faculty, and staff, are aware of the importance of information security and understand their role in creating and maintaining security. It is important that everyone recognize the need to protect data, information and systems not only with technical solutions but also with human efforts. As a part of this effort, information has been distributed to all employees to promote Security Awareness. SSU is participating in the Federal Trade Commission's educational program on Identity Theft entitled "Deter, Detect, Defend; Avoid ID Theft" and has launched it's own Security Awareness Education Campaign "Be Informed, Be Aware, Be Responsible About Information Security".
Here are several resources that can be used to increase your level of Security Awareness:
- Deter, Detect, Defend - Federal Trade Commission's brochure with easy to read tips (PDF)
- Gramm-Leach-Bliley Act
Information Security Definitions
- Authentication - The process of identifying an individual based on a user name and password for the purpose of allowing access to systems or services.
- Computer Virus - A computer program file capable of attaching to disks or other files and replicating itself repeatedly, typically without the user's knowledge.
- Encryption - A procedure that renders the contents of a message or file unreadable in order to prevent anyone, except the intended recipient, from reading the data.
- IP Address - A value for a computer or device that is used to identify a particular network or host on the network.
- Phishing - A form of Internet fraud that aims to steal valuable information such as Social Security numbers, credit cards, user IDs, and passwords.
- Private Network - A network established and operated by a private organization for users within that organization. A private network includes: internal Local Area Networks (LANs) and Wide Area Networks (WANs); leased lines; the university network backbone; and internal telephony systems.
- Public Network - Any network ultimately beyond the physical access control of Shawnee State University. This includes, but is not limited to, the public telephone system, the Internet, or satellite systems.
- Spam - An electronic form of junk mail or unsolicited e-mails generally dealing with advertisement or marketing a product.
- Spyware - Any software that secretly gathers user information without the user's knowledge or consent. Once installed, the spyware monitors user activity on the Internet and transmits the information in the background to someone else. It can also gather e-mail addresses, passwords and credit card numbers.
- Telephony - Communication systems and adjuncts including but not limited to: phone system; private branch exchange (PBX); voice mail; fax service; wireless transmissions; call accounting; call management systems; voice response (VRU/IVR); and voice recorders.
- Trojan Horse - A program that appears useful and legitimate but contains hidden code designed to perform unauthorized functions.
- Virtual Private Network (VPN) - Technology that establishes a private and secure network connection within a public network, such as the Internet.
- Worm - A self-replicating program that reproduces itself over a network.