Why is this called “the ostrich effect”?

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

What is identity theft, and how can you protect yourself from it?
June is an easy way to communicate. It costs nothing to send an , but it does require a connection to the Internet. You can.
Joel Garmon, Director, Information Security Mike Rollins, Security Architect Jeff Teague, Security Analyst, Senior 1
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats to I.T Internet security By Cameron Mundy.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
PRIVACY BOOTCAMP YpJU.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Topic 5: Basic Security.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Cyber.
Scams and Schemes Essential Question: What is identity theft, and how can you protect yourself from it?
You. are at risk for the fastest growing crimes crime.
PRIVACY BOOTCAMP Jack Vale - Social Media Experiement.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
3.6 Fundamentals of cyber security
Lesson Objectives Aims You should be able to:
Protecting What’s Yours: Your Identity
How to use the internet safely and How to protect my personal data?
Welcome to Milton’s Parts Express
Information Security.
Kodak - Social On Demand
Data Protection Session
I S P S loss Prevention.
Tips to Download or Install Norton Security to Computer Device.
Effective Method to Recover Norton Antivirus Key.
Information Security 101 Richard Davis, Rob Laltrello.
Protecting your personal information and privacy
Year 10 ICT ECDL/ICDL IT Security.
Lesson 2- Protecting Yourself Online
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Lippincott Procedures Training Tour for HealthStream Users
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Call AVG Antivirus Support | Fix Your PC
Robert Leonard Information Security Manager Hamilton
Cyber Security Experts
Identity Theft This presentation will focus on identity theft. What do you already know about identity theft? Do you know anyone who has had their identity.
Welcome to FOCUS FOCUS website:
Setting up an online account
Why ISO 27001? Subtitle or presenter
Introduction to Computers
Lippincott Procedures Training Tour for General Users
Cybersecurity Am I concerned?
Why ISO 27001? MARIANNE ENGELBRECHT
Security Hardening through Awareness August 2018
Health Insurance Portability and Accountability Act
Lippincott’s Nursing Procedures and Skills
Being Aware of What You Share
Internet Safety – Social Media
Unit 1 Fundamentals of IT
Lesson 2- Protecting Yourself Online
Anuj Dube Jimmy Lambert Michael McClendon
Dark Web Domain Status Report
Training Tour for General Users
Handling Information Securely
Personal Mobile Device Acceptable Use Policy Training Slideshow
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Why is this called “the ostrich effect”? “In many companies the security of information rests precariously on the honesty, integrity and care of the staff, and nothing else.” Why is this called “the ostrich effect”? If you have read the module, you will be able to explain to the audience the relevance of the person who made this statement. M11, P15 – Are You Sufficiently Prepared to Meet the Threat?

A 2009 Ponemon Institute report revealed that over 50% of disaffected employees target company information as they prepare to depart. Might this happen in our company, or are we different because all of our employees are contented? How can we begin to address this problem by technical and non- technical means? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. M11, P42 – Sources and Motivations of Malicious Insiders

Could it happen here? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. It is an alternative to the one shown previously. How do we protect out databases? Are there any weaknesses in our approach? M11, P42 – Sources and Motivations of Malicious Insiders

Social engineering emails seek to get you to click on links in order to steal your private information. This message is designed to trick recipients into infecting the network. What awareness programmes to we have in place to reduce the risk of users clicking on infected links? This slide is designed to elicit discussion. You should have the answers in your head, and you can provide them in writing in the accompanying handout. If you know how, you could replace this with a phoney email from one well-known person to another. They are easy to create. M11, P37 – Social Engineering

What are these and where might you find one? Is there a company procedure to check the connections on the back of our computers? You can reinforce the point that many such devices have been planted by cleaners and guards, they are left for a few days, and then removed by the perpetrator. If you go to the internet, you will find case studies of where they have been used. M11, P34 – Technical Surveillance

You can reinforce the point that M11, P34 – Technical Surveillance

Which of these presents a better opportunity to today’s information thief? The answer is obviously the right image. It takes effort to copy the documents on the left, but the unattended laptop can be “data-slurped” using a flash drive in under a minute. M11, P39 – Data Slurping

Company Information Security Policy Extract W O R D “All user-chosen passwords must be difficult to guess. You must not use: Words in a dictionary, derivatives of userIDs, names of celebrities, obscene words, and common character sequences such as 12345. Personal details such as birthdays, spouse’s name, car licence plate, social security number or employee number, and birthday. Any part of speech. For example, proper names, geographical locations, common acronyms and slang.” A key element of awareness is company policy, so your presentation should include this. Don’t try to present it all; just take selected extracts. The best passwords are those that include a mix of upper- and lowercase letters, numbers and non-alphanumeric characters. Company Information Security Policy, Section xyz

Company Information Security Policy Extract W O R D P R I V A C Y “All identifying information about customers and staff, such as bank account details, credit card information, credit references, background checks, dates of birth, email and postal addresses etc., must be accessible ONLY to those Company personnel who need such access in order to perform their jobs.” An interactive way to introduce the meaning of the CIA Triad. To share such information with other parties, or to inadvertently or negligently disclose such, may put the Company in breach of data protection legislation. Company Information Security Policy, Section xyz

Let’s go around the room and agree on an action point that each participant is going to take away today…. This is a different approach to Q&A. Q&A has a tendency to place the speaker as the expert and is less empowering of the audience. This approach is better at empowering the audience and it reinforces the key points.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.