Information Security
Information Security
Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction, or disruption.
The three objectives of information security are:
- Confidentiality
- Integrity
- Availability
Confidentiality
Confidentiality refers to the protection of information from unauthorized access or disclosure. Ensuring confidentiality is ensuring that those who are authorized to access information are able to do so and those who are not authorized are prevented from doing so.
Integrity
Integrity refers to the protection of information from unauthorized modification or destruction. Ensuring integrity is ensuring that information and information systems are accurate, complete and uncorrupted.
Availability
Availability refers to the protection of information and information systems from unauthorized disruption. Ensuring availability is ensuring timely and reliable access to and use of information and information systems.
Your role in information security
Three primary roles have been defined in the context of information security:
- Data Steward
- Data Custodian
- User
A user is any employee, contractor or third-party affiliate of Carnegie Mellon who is authorized to access institutional data or information systems.
Users are responsible for:
Adhering to information security policies, guidelines and procedures.
Reporting suspected vulnerabilities, breaches and/or misuse of institutional data to a manager, IT support staff or the Information Security Office.
Users:
- Avoid Risky Behaviour
- Report suspected security breaches
- Safeguard electronic communications
- Safeguard institutional data
Safeguarding Institutional Data
Know your data
Be mindful of what type of data you handle:
- Public
- Private
- Restricted
Examples of Restricted data include account passwords, driver’s license numbers, education records of students, financial account information, health information and social security numbers.
Protecting Electronic Data
- Avoid storing Restricted data on mobile computing devices
- Don’t store institutional data on personally owned computing devices
- Don’t store Restricted data on CDs, DVDs, USB thumb drives, etc.
- Don’t transmit Restricted data via email and other insecure messaging solutions
- Don’t use personal email for business communications
- Use strong passwords or passphrases
- Secure your computing devices
Safeguard Your Password
- Use a strong password or passphrase
- Change your password periodically
- Avoid using the same password for multiple accounts
- Don’t write your password down or store it in an insecure manner
- Don’t share your password with anyone for any reason
- Don’t use automatic login functionality
Secure your Computer
- Update and patch your operating system
- Enable automatic software updates where available
- Update and patch software applications (e.g. browsers, email clients, JAVA, etc.)
- Install and update antivirus software
- Install and configure firewall software
- Do not automatically connect to public wireless networks
- Disconnect your computer from the wireless network when it is not in use
- Use caution when enabling browser pop-ups
- Use caution when downloading and installing software
- Lock your computer when it is unattended
Protecting Physical Data
- Close and lock your door when leaving your office unattended
- Lock file cabinets that store institutional data
- Don’t leave Restricted data in plain view at your desk or on a whiteboard
- Don’t leave Restricted data sitting on a printer, copier, fax machine or other
- peripheral device
Protecting Verbal Communication
- Be mindful of your surroundings when discussing Restricted data
- Don’t discuss Restricted data with individuals who do not have a need to know
Disposing of Data
- Dispose of data when it is no longer needed for business purposes
- Use Identity Finder to securely delete files that contain Restricted data
- Use the Computer Recycling Program to dispose of electronic media
- Use a cross shredder to dispose of paper-based and written media
Safeguarding Electronic Communications
Electronic communications can be in the form of email, instant messaging, text messaging, social network, etc.
- Avoid opening attachments from an untrusted source
- Avoid clicking on links in electronic communications from an untrusted source
- Be wary of phishing scams
- Avoid sending Restricted data through email and other electronic communications
Avoid Risky Behaviour Online
- Be cautious when using file-sharing applications
- Be cautious when browsing the web
- Be cautious when clicking on shortened URLs
- Avoid responding to questions or clicking on links in pop-up windows
Shrinkage In Concrete: Types and Methods to Reduce
Chemical Shrinkage
Autogenous Shrinkage
Plastic Shrinkage
Drying Shrinkage
Carbonation Shrinkage
Continue Reading Shrinkage In Concrete: Types and Methods to Reduce
Soil: Definition and Names of Various Types of Soil
The term ‘soil’ in soil engineering is defined as an unconsolidated material, composed of solid particles, produced by the disintegration of rocks. The void space between the particles may contain air, water or both. The soil particles may contain organic matter.
Continue Reading Soil: Definition and Names of Various Types of Soil
Bricks: Uses, Size, Weight, Frog, Types, and Much More
What are Bricks? Bricks are one of the oldest building materials and it’s extensively used at present as a loading material in construction methods because of its durability, strength, reliability, low cost, easy availability, etc. Bricks are manufactured by molding burnt clay or a mixture of sand and lime or of Portland cement concrete, in…
Continue Reading Bricks: Uses, Size, Weight, Frog, Types, and Much More
Water Proofing Materials, Damp-Proofing Course, and much more
Water Proofing Materials Dampness in a building is the main cause of the deterioration of the building as well as for the ill-health of the occupants. The damp brickwork in the buildings is prone to fresh attack. Also, the soluble salts in bricks are liable to attack the cement mortar when the brickwork remains wet…
Continue Reading Water Proofing Materials, Damp-Proofing Course, and much more
Sound Insulation And Sound Insulating Materials
Sound Insulation A well-designed building should incorporate sound insulation to restrain the noise level. High noise conditions result in uncomfortable living conditions, mental strains, fatigue, and may even lead to a nervous breakdown or temporary deafness. Adequate insulation can be achieved by using sound-absorbing or sound repellent materials. Sound Insulating Materials Sound Insulating Materials fall…
Continue Reading Sound Insulation And Sound Insulating Materials
Heat Insulating Materials: Convection, Radiation, and Conduction
Heat Insulating Materials The purpose of thermal insulation is to restrict the heat transfer from warmer to cooler areas. Transfer of heat takes place by three processes- the convection, the radiation and, the conduction. Convection In convection, heat is transferred from one place to another by the movement and mixing of liquids or gases. Radiation…
Continue Reading Heat Insulating Materials: Convection, Radiation, and Conduction