PGP & IP Security Pretty Good Privacy – PGP Pretty Good Privacy IP Security. IP Security.
An Introduction To IT Security And Privacy In Libraries
-
Upload
blake-carver -
Category
Technology
-
view
238 -
download
0
Transcript of An Introduction To IT Security And Privacy In Libraries
![Page 1: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/1.jpg)
IT Security For Librarians:Outrunning The Bear@ Your LibraryBlake CarverLYRASIS Systems Administrator
![Page 2: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/2.jpg)
Week One
•Passwords: L E N G T H & Unique
•Paranoia: Think Before You Click
•BackuPs: Frequent and Automatic
•Patches: Set to Auto
•Ponder Before PostingIntro
![Page 3: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/3.jpg)
Last Week• Privacy
Surveillance Is The Business Model Of The Internet
• Carry A Safe, Not A Suitcase• Email• Browsers• Public Wi-Fi• Social Media• Mobile Devices• Backups
![Page 4: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/4.jpg)
This WeekEverything You Need To Know
Lock Things DownGrant Least PrivilegeWhitelisting - Patches – Limit Admins
Build a Defensible LibraryThreat Modeling
Everything With An IP Address MattersTraining
New Instincts Never Without The WHY
![Page 5: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/5.jpg)
![Page 6: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/6.jpg)
![Page 7: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/7.jpg)
“An iCloud scam that may be worse than ransomware”
https://blog.malwarebytes.org/mac/2016/03/an-icloud-scam-that-may-be-worse-than-ransomware/
![Page 8: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/8.jpg)
![Page 9: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/9.jpg)
The Danger of Apps that Die
About three years ago there was an iPhone app named Kinotopic. According to their website, which is still up, “Kinotopic allows you to create, share, and store short video moments and make them more expressive – in the form of animated pictures and cinemagraphs.”Past users of Kinotopic may be interested to learn that there is currently a MongoDB database that appears to belong to Kinotopic sitting out on the open internet with no protection whatsoever. This derelict MongoDB instance contains, among other things, the email addresses, usernames, and hashed passwords for, what appear to be, over 198,000 previous Kinotopic users.
https://mackeeper.com/blog/post/197-the-danger-of-apps-that-die
![Page 10: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/10.jpg)
![Page 11: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/11.jpg)
In Cloquet, email and SmartBoards were affected, along with phones, school bell and food service systems. The middle school has a one-to-one device program for students that was
affected.
![Page 12: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/12.jpg)
From: Geraldo Spence <[email protected]>To: <[email protected]>Subject: FW: Order Status #001204Date: Tue, 22 Mar 2016 07:01:47 +0300
Dear someone,
We would like to thank you for your recent order.
Order Status updated on: 21/03/2016Your Customer ID: 001204Your Order ID: 4081F78D45-M-2016Invoice Number: 5978299
Delivery Note:We received your order and payment on 17/03/2016
Your order details are attached.
Best regards,Geraldo SpenceChief Executive Officer - Food Packaging Company
![Page 13: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/13.jpg)
Libraries Live Below The Security Poverty Line
(Wendy Nather)
We simply can't afford to reach a great level of security
Few or no IT PeopleFew or no Security PeopleHard to keep up with technology and securityMaintenance, planning, strategy are 2nd to OMGDepend on consultants, vendors, family, patrons, friends, volunteers, etc...
![Page 14: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/14.jpg)
This leaves us in a bad place Defaults Old and outdated Workarounds Not much control No time to focus "We'll fix it later"
![Page 15: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/15.jpg)
We ain't got Budget People Time Hardware Software Expertise
![Page 16: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/16.jpg)
So what can we do? Budget? Buy things that are more secure? Question our vendors and partners on
security? Use our consortia? Outsourcing?
![Page 17: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/17.jpg)
So what can we do? Develop a good Threat Model Set achievable security goals Learning, Planning & Training Develop IT- and security-focused
community groups for the exchange of ideas, information and known security threats. http://security4lib.org/
![Page 18: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/18.jpg)
The perfect is not the enemy of the good
![Page 19: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/19.jpg)
Make Your Library Defensible
![Page 20: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/20.jpg)
Able To Be Defended• Defensible does not mean secure
• There are more things to defend than there are resources to defend with
• Defensibility focuses on what, why, how, when and from whom
![Page 21: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/21.jpg)
Attackers are economically rational – they take scarce resources and apply them efficiently to achieve a desired outcome. As a defender, making the target less attractive or too expensive for that economically rational actor means they will go after something else. “It’s like the old saying: you don’t have to outrun the bear. You just have to outrun your friend.”
![Page 22: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/22.jpg)
Defensible Libraries
• A change in mindset• Awareness of limitations & weaknesses• Awareness of threats• An admission of inconvenience • A lot of hard, detailed and underappreciated work.
![Page 23: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/23.jpg)
So Let’s Think About…• What do we have to secure?• Who wants it?• How could they acquire it?• How could they benefit from its use?
–Can they sell it? –Can they hold it hostage?–Can they use & abuse it?
• How damaging would the loss of data be?• How would this effect library operations?• How secure do we really need to be?
![Page 24: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/24.jpg)
But We’re Just A Library
IT Security For Libraries
![Page 25: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/25.jpg)
We Are All Targets
IT Security For Libraries
![Page 26: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/26.jpg)
Every access point to the internet is potential breach.
![Page 27: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/27.jpg)
83% targets of opportunity92% of attacks were easy85% were found by a 3rd party
IT Security For Libraries
Verizon Data Breach Investigations Report
![Page 28: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/28.jpg)
84% were found by a 3rd party
Bad guys were in for 175 days before they were discovered.
Trustwave Global Security Report
IT Security For Libraries
![Page 29: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/29.jpg)
It’s Easy Being Bad
IT Security For Libraries
![Page 30: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/30.jpg)
Security Is Hard
IT Security For Libraries
![Page 31: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/31.jpg)
The attacker only needs to succeed once...
IT Security For Libraries
![Page 32: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/32.jpg)
While we need to catch every single thing...
IT Security For Libraries
![Page 33: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/33.jpg)
Staying safe takes more than just a firewall & AV/AM...
IT Security For Libraries
![Page 34: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/34.jpg)
Passwords
![Page 35: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/35.jpg)
Your security software / hardware is a seat belt – not a force field.
IT Security For Libraries
![Page 36: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/36.jpg)
When we protect our library, we protect our patrons
• People come to us and want things to be easy and free and fun
• They don’t think about security (Ever)
• Information Literacy
![Page 37: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/37.jpg)
Complexity is the Enemy of Security
• We have no shortage of access points
• We deal with any number of vendors
• Threats come from outside the libraries
• Threats come from inside the libraries
•Our libraries are full of people
IT Security For Libraries
![Page 38: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/38.jpg)
Security will forever be a moving target
![Page 39: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/39.jpg)
So What Can We do?
• Stop Ignoring it
• Prepare – Threat Modeling
• Prepare - Training
IT Security For Libraries
![Page 40: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/40.jpg)
Ignoring it and thinking you're safe“If It Ain’t Broke...”
• The vast majority of attacks…–Won’t be targeted–Will Be Easily Avoidable
Do something.... Do Anything!
IT Security For Libraries
![Page 41: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/41.jpg)
Don't Make Things Easy
![Page 42: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/42.jpg)
What Does A Library Need To Protect?
IT Security For Libraries
Your Employees Homes / Phones / etc...?
OPAC / ILSStaff ComputersDatabasesPrinters / CopiersWebsiteServersBackups
PrintersCell PhonesWi-Fi RoutersRoutersCell PhonesIpadsLaptops
![Page 43: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/43.jpg)
Printers??Light Bulbs??
Cameras??
![Page 44: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/44.jpg)
There are more things to defend than there are resources to defend with
Not every asset in your organization is equally valuable
![Page 45: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/45.jpg)
An attacker will always pick the weakest point of entry…
…but you can't know which point that is
![Page 46: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/46.jpg)
The Weakest Point In A Library?
![Page 47: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/47.jpg)
Public Access Computers
IT Security For Libraries
![Page 48: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/48.jpg)
Public Access Computers
Staying Safe On This Computer:–Make Sure You Log Out
–Don’t Access Sensitive Sites
–Beware of the "remember me" option
–Don't send personal or financial information via email or insecure websites
IT Security For Libraries
![Page 49: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/49.jpg)
Public Access Computers
This Week’s Stay Safe Tips–Never Trust Email
–Learn About Phishing
–Attend Our Security Class
–Always Check For A Secure Connection
IT Security For Libraries
![Page 50: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/50.jpg)
Most exploits used “old” issues that have been patched
![Page 51: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/51.jpg)
There is no longer a window to patch when a vulnerability or exploit is discovered, in public or private.Brad Arkin, Adobe
![Page 52: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/52.jpg)
Locking Down Public Access Computers
• Patching and Updating–OS and *ALL* Applications
• Whitelisting• BIOS passwords• EMET - microsoft.com/emet• SteadyState / DeepFreeze / SmartShield• Check for USB additions
• Don’t use Windows?• Don’t use IE?
IT Security For Libraries
![Page 53: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/53.jpg)
35 Strategies to Mitigate Targeted Cyber Intrusions
![Page 54: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/54.jpg)
Change your mindset – YOU are the attacker• What are you library’s most valuable assets? Where are these assets? How can they be accessed?
• If you were the attacker how would you spread malware? And who are the most ‘vulnerable’ targets in the organization?
• Do you have a view on the ‘normal’ behavior of your organization (people, behavior, locations and systems)?
![Page 55: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/55.jpg)
Level the playing field…
Hack Your library!
![Page 56: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/56.jpg)
![Page 57: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/57.jpg)
![Page 58: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/58.jpg)
Library Information Security System Assessment Model (LISSAM)
Awareness CreationAdministrative Tools and MethodsProcedures and Control Information Security PolicyTechnological Security Foundation
![Page 59: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/59.jpg)
CIS and CCS introduced the Cyber Hygiene Campaign
Count: Know what’s connected to and running on your networkConfigure: Implement key security settings to help protect your systemsControl: Limit and manage adminsPatch: Regularly update all apps, software, and operating systemsRepeat: Regularly revisit the Top Priorities
https://www.cisecurity.org/about/CHToolkits.cfm
![Page 60: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/60.jpg)
Six Steps to Stronger Security 1. Keep an accurate hardware inventory 2. Keep an accurate software inventory 3. Actively manage configurations 4. Remediate vulnerabilities quickly 5. Automate endpoint defenses 6. Control administrative access
https://www.sans.org/reading-room/whitepapers/awareness/steps-stronger-security-smbs-36037
![Page 61: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/61.jpg)
Don’t Forget• Check the internets for usernames/passwords for your library (e.g. pastebin)
• HTTPS• Is your domain name going to expire?• Is you SSL Cert going to expire? • Typo Squatters?
IT Security For Libraries
![Page 62: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/62.jpg)
Thumb Drives
![Page 63: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/63.jpg)
IT Security For Libraries
Training
Building Cybersecurity Champions
![Page 64: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/64.jpg)
Training does not work
It's not worth it because someone will still mess up
People already know what to do
This stuff us easy / obvious
![Page 65: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/65.jpg)
Training
Train A Security Mindset
Quickly forgotten without practice and reminders
Regular low level of training and awareness
IT Security For Libraries
![Page 66: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/66.jpg)
Good security awareness programs help all employees
know where to get help
Who they should call when there is trouble
Where they can look for guidance & policies
They should know that they will not be looked down on for making a mistake
Someone’s job is to help them through whatever difficulty they are having
![Page 67: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/67.jpg)
We can't make everyone an expert
We do NOT need to train the non-technical employees about what the deep level geek
employees already know.
![Page 68: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/68.jpg)
Building Good Habits
“Being secure” is something that is learned over time and eventually becomes a habit.
Make the security mindset the default
Consistent reinforcement of the importance of IT Security
![Page 69: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/69.jpg)
What about training UP?
How do we communicate up?Is your boss/director/board/dean/whatever aware of IT Security? If they
were, would that help make the library more secure? It may be up to you to help everyone at your library become Security Literate.
So how do you do it?
Start talking & training.
Make sure everyone understands that we are all targets.
If they ask “How secure are we?”… the answer will most likely scare them.
![Page 70: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/70.jpg)
NEVER without the ‘WHY?’
![Page 71: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/71.jpg)
Understanding awareness, training, and development
What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way.
This will require a huge amount of patience and buy in from every at your library.
![Page 72: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/72.jpg)
![Page 73: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/73.jpg)
IT Security For Libraries
![Page 74: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/74.jpg)
Carver, Blake Name123456 ID Number00123456 User IDcarver Password05/01/2012 End Date
![Page 75: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/75.jpg)
Training
• Phishing• Social Engineering• Privacy• Passwords• Email Attachments• Virus Alerts• Social Networking• Updates
IT Security For Libraries
![Page 76: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/76.jpg)
What we want is policies that reinforce good security principles that will foster over time a new instinct in people, a new way of looking at things, a new way of acting in a more secure way.
![Page 77: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/77.jpg)
The goal is to make doing things the right way become
the default in your library
![Page 78: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/78.jpg)
Training…. Patrons?
• Your patrons don't care much for security• Their habits are inviting malware
• Look for ways to make things safer in ways that don't interfere with people's everyday tasks as much as possible.
• Principle of Least Privilege
IT Security For Libraries
![Page 79: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/79.jpg)
http://www.pewinternet.org/files/2015/09/2015-09-15_libraries_FINAL.pdf
Offer Training At Your Library
![Page 80: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/80.jpg)
Library Security Mantra
• Security• Privacy• Confidentiality• Integrity• Availability• Access
(based on Net Sec 101 Ayre and Lawthers 2001)
IT Security For Libraries
![Page 81: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/81.jpg)
Remember:
This about your library’s security and protecting your library’s brand and reputation and your patrons.
The only way this can happen is if security and risk management become regular parts of library conversation.
![Page 82: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/82.jpg)
Preparation - Practical Resources• SANS 20 Critical Security Controls
– http://sans.org
• Securing Library Technology: A How-To-Do-It Manual– Earp & Wright
• Strategies to Mitigate Targeted Cyber Intrusions– Australian Signals Directorate
• Library Information Security System Assessment Model (LISSAM)– Malaysian Journal of Library & Information Science, Vol. 16, no. 2
Virtual Privacy Lab from the San José Public Library https://www.sjpl.org/privacy
Library Freedom Project https://libraryfreedomproject.org/
IT Security For Libraries
![Page 83: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/83.jpg)
Next WeekWeek Four: The Web – Sites & Servers
How & why websites get hackedWeb ServersServers in general
Some Hacker ToolsReview
![Page 84: An Introduction To IT Security And Privacy In Libraries](https://reader035.fdocuments.net/reader035/viewer/2022070518/58eb6f311a28abdd328b472d/html5/thumbnails/84.jpg)
IT Security For Librarians:Outrunning The Bear@ Your LibraryBlake CarverLYRASIS Systems Administrator