Introduction to Computer Security

INTRODUCTION

What is Computer Security?

Computer Security is the protection of computing systems and the data that they store or access.

Why is Computer Security Important?

Computer Security allows the University to fufill its mission by:

  • Enabling people to carry out their jobs, education, and research activities
  • Supporting critical business processes
  • Protecting personal and sensitive information

Why do I need to learn about Computer Security? Isn't this just an IT problem?

Good Security Standards follow the "90 / 10" Rule:

  • 90% of security safeguards rely on an individual ("YOU") to adhere to good computing practices
  • 10% of security safeguards are technical.

Example: The lock on the door is the 10%. You remembering to lock the lock, checking to see if the door is closed, ensuring others do not prop the door open, keeping control of the keys, etc. is the 90%. You need both parts for effective security.

What Does This Mean for Me?

  • This means that everyone who uses a computer or mobile device needs to understand how to keep their computer, device and data secure.
    • --> Information Technology Security is everyone's responsibility!
  • Members of the UCSC community are also responsible for familiarizing themselves and complying with all University policies, procedures and standards relating to information security -- see http://its.ucsc.edu/policies/index.html

Security Objectives

  • Learn "good computing security practices."
  • Incorporate these practices into your everyday routine. Encourage others to do so as well.
  • Report anything unusual - Notify your supervisor and the ITS Support Center if you become aware of a suspected security incident 

Many cyber security threats are largely avoidable.

How to Stay Secure

One-stop spot to learn about using ITS services and how to make smart security choices to do your part in complying with UC security policies.

Security Training

 Information on required systemwide cybersecurity training and local training resources.


Protecting UCSC's networks:

Computers posing a serious threat will be blocked or disconnected from the campus network. Passwords known to be compromised will be scrambled.

From UCSC's "Procedures for Blocking Network Access":
"Campus network and security personnel must take immediate action to address any threats that may pose a serious risk to campus information system resources.... If the threat is deemed serious enough, the account(s) or device(s) presenting the threat will be blocked or disconnected from network access."


What are the consequences for security violations?

  • Fines, penalties or civil actions.
  • Damage to UC reputation.
  • Employment or educational consequences, up to and including:
    • Restriction or suspension of accounts and/or access to IT Resources or Institutional Information.
    • Informal verbal or written counseling.
    • Mandatory supplemental training.
    • Adverse performance appraisals.
    • Corrective or disciplinary actions.
    • Termination.

GETTING HELP:

If you have questions, please contact the ITS Support Center.