Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Thursday, July 9, 2009

 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure web applications
Secure web development
Secure data deletion
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
Application developers
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
NeXpose Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Information Security at the University of Pennsylvania

The job of coordinating information security at Penn is handled by the Office of Information Security, a unit of Penn's Information Systems and Computing (ISC) division.

The Office of Information Security establishes, implements and maintains security programs to assist management in the protection of computing resources and associated information assets against accidental or unauthorized modification, destruction, or disclosure.

Read more...

New Online Privacy and Security Training

Most people at Penn have already dealt personally and/or professionally with the challenge of keeping confidential information safe and secure. Staying abreast of privacy and security risks, and ways to counteract them, is difficult in today's environment because of the multitude of warnings and rules that exist about handling information.

Penn has developed an online training that focuses many important privacy and security topics that its faculty and staff should know about.

For your own personal benefit, as well as for the benefit of Penn's valued community, we urge all faculty and staff at Penn to take this training. The training will help each of us to meet the expectations of the students, faculty, staff, alumni, patients, visitors and many others who trust in us to protect the privacy and security of their information.

Taking this training requires approximately 20-25 minutes. To enroll, simply go to the University's Knowledge Link site, at http://knowledgelink.upenn.edu/welcome/index.html. Log in using your Penn Key and password; click on 'Optional'; then select 'Information Privacy and Security at Penn' from the list of available courses.

Thank you for your help in protecting important personal and Penn data - this effort relies on each and every one of us.


Information Security News & Views...

Michael Jackson Death Spawns Spam/Malware Threat

The SANS Institute (www.sans.org) is reporting that the death of singer Michael Jackson on Thursday, June 25, 2009 has already given rise to an outbreak of spam messages with subject lines like "Confidential===Michael Jackson", and many of these messages carry attachments purporting to be videos and other items relating to Jackson, but which actually carry malware. For the SANS Diary entry discussing this, visit:

http://isc.sans.org/diary.html?n&storyid=6658.


Consider Using Secure Share for Sharing Sensitive Files

Secure Share is a web-based application for secure file exchange available to Penn faculty and staff. Though there should be a very limited need to exchange sensitive or confidential information electronically, when Penn faculty and staff are required to do so, Secure Share provides a secure and easy-to-use mechanism to ensure the safety and privacy of University data.

For information and login instructions, click here.


Cornell Laptop Theft Exposes 45,000 to Identity Theft

A laptop computer belonging to an employee at Cornell University was stolen, and it contained sensitive personal information relating to 45,000 current and former Cornell students, faculty and staff. Read more about this here.

Loss of (unencrypted) confidential and sensitive data by theft of laptops and other portable data devices continues to be a major security issue, and the risk of incidents like this one at Cornell is certainly a major concern here at Penn and other educational institutions.Especially if you regularly use a laptop, PDA, USB "thumb drive" or other device in handling important data, please investigate and consider using whole disk/device encryption to minimize the damage that could occur to Penn - and yourself - if the device is lost or stolen. For more information on encryption, visit:

www.upenn.edu/computing/security/pgp.php


Next Security-SIG Meeting: Thursday, August 20, 2009 2:00-3:30 pm

The Security-SIG special interest group meets bi-monthly on the 3rd Thursday of even-numbered months (February, April, June, August, October, December). The usual meeting place is the Bits and Pieces Room (Rm 306) in Sansom West.

All Penn IT staff and faculty with an interest in computing security and privacy issues are invited to attend. For more info, contact John Lupton at lupton@upenn.edu

The agenda for this meeting includes a presentation by SAS Computing's Justin Klein Keane on their use of a "low interaction ssh honeypot".


Solicitations from Tagged.com

IT support staff in Penn's School of Medicine have received numerous complaints about high-pressure email tactics used by Tagged.com to get users to upload address books to their (Tagged.com) site, which are then used in turn to generate spam to the addresses in those books.

Please note that, in addition to being a source of yet more spam, providing electronic address books to people or organizations outside Penn may violate laws and Penn policies regarding protection of student and employee information. If you receive a solicitation of this type, please disregard it.


Inquirer: Sears to Settle Spyware Charges

According to this article published in the Philadelphia Inquirer on June 5, 2009, Sears Roebuck & Co. has agreed to settle in a case involving charges brought by the Federal Trade Commission that Sears misled customers who joined their "My SHC Community". Read the full article here



 
Information Security Quick Links
 
About the Office of Information Security
Penn Information Security Policies
Reporting problems
Reporting copyright infringement
Penn Information Security Brochure
 
Other Useful Links
 
Penn Computing News
How to stay informed of security issues and alerts
About 'spam'
Implementing IPSec
One Step Ahead (Almanac Security Tips)
Secure Web Application team: Top Ten Web Application Security Vulnerabilities
Disposing of old computers & drives
Searching for Sensitive Data
Spider Tool: Best Practices
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania