Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.

Slides:



Advertisements
Similar presentations
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Advertisements

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
POSSIBLE THREATS TO DATA
P ASSWORD S ECURITY. I F SOMEONE HAS YOUR PASSWORD, EITHER FROM YOU GIVING IT OUT OR THEM FIGURING OUT, THEY COULD : 1.Send abusive or threatening .
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.
Threats to I.T Internet security By Cameron Mundy.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet safety By Lydia Snowden.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Information Security Technological Security Implementation and Privacy Protection.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
IT Security for Users By Matthew Moody.
1 Information Security Creating Awareness, Educating Staff, & Identity Theft Protection Chris Aidan IT Security Manager Pearson Technology Session #40.
1.1 System Performance Security Module 1 Version 5.
IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
By Liam Wright Manga comic group Japan SAFETY on your computer.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Any criminal action perpetrated primarily through the use of a computer.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Technological Awareness for Teens and Young Adults.
Computer Security Keeping you and your computer safe in the digital world.
Allison Gladkowski.  About privacy and why it matters  Spyware and spam vocabulary and examples  Identity theft  Unapproved access  Today's big issues.
Payment Card Industry (PCI) Rules and Standards
Done by… Hanoof Al-Khaldi Information Assurance
Learn how to protect yourself against common attacks
Cyber Security & awareness
PCS Technology for Staff: Acceptable Use, Privacy, and Safety
IT Security  .
Unit 4 IT Security.
Personal spaces.
Social Engineering Charniece Craven COSC 316.
Information Security.
How to use the internet safely and How to protect my personal data?
Data Compromises: A Tax Practitioners “Nightmare”
Phishing, what you should know
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Information Security 101 Richard Davis, Rob Laltrello.
Topic 6: Issues Press F5 to view!
Teaching Computing to GCSE
Lesson 2- Protecting Yourself Online
Cybersecurity Awareness
Information Security Awareness 101
Robert Leonard Information Security Manager Hamilton
Cyber Security & awareness
County HIPAA Review All Rights Reserved 2002.
Information Security Awareness
HOW DO I KEEP MY COMPUTER SAFE?
Keeping your data, money & reputation safe
Computer Security.
ICT Communications Lesson 3: Internet Life and Privacy
Securing Windows 7 Lesson 10.
Policies and Procedures to Protect you, your Office and your Data
Internet Safety – Social Media
Lesson 2- Protecting Yourself Online
G061 - Network Security.
Presentation transcript:

Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson

1 Topics Covered  Data Privacy  Spyware & Adware  SPAM & SPIM  Phishing  Passwords  Social Engineering  & Chat Services  Securing Workstations  Data Backups  Equipment Disposal  Data Recovery Demo  Data Disposal  Access Rights  Physical Security  Emerging Threats  Incident Response  Creating Awareness  Questions  Useful Links

2 Why Security?  Liability  Privacy Concerns  Copyright Violations  Identity Theft  Resource Violations  Reputation Protection  Meet Expectations  Laws & Regulations

3 Understanding Threats  What is valuable?  What is vulnerable?  What can we do to safeguard and mitigate threats?  What can we do to prepare ourselves?  Most believe they will win lottery before getting hit by malicious code

4 Protecting Information like:  Social Security Number  Drivers license number  Insurance numbers  Passwords and PIN’s  Banking information Keep Sensitive Data Private

5 Terminology  Hackers –white hat –grey hat –black hat  DOS & DDOS  1337 (Leet) speak  Warez  Script kiddies

6 Spyware & Adware (Scumware)  Spyware-Applications that monitor activity without express permission  Adware-Applications that monitor activity with express permission –Read the EULA

7 SPAM & SPIM  SPAM- –Junk  SPIM- SPAM has come to Instant Messaging –Uncontrolled viewing (pop-up windows) –Bot generated

8 Phishing  Phishing is a computer scam that uses SPAM, SPIM & pop-up messages to trick us into disclosing private information (Social Security Number, Credit Cards, banking data, passwords, etc) –Often sent from someone that we “trust” or are in some way associated with us –Appears to be a legitimate website –Embedded in links s & pop-up message –Phishing s often contain spyware designed to give remote control to our computer or track our online activities

9  Select a good one –At least 7 characters –Mixture of upper and lowercase characters –Mixture of alpha and numeric characters –Don’t use dictionary words  Keep passwords safe  Change them often  Don’t share or reuse passwords  Two-factor authentication Passwords

10 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception

11 & Chat Services  and chat are sent in clear text over the Internet  Data can easily be captured and read by savvy computer users and systems administrators  Safeguards should be put into place prior to using these programs for sending/receiving sensitive information like Social Security Numbers

12 Enhance Our Work Area Security  Secure workstations –Lock our systems (Ctrl-Alt-Delete) –Shut down –Run up to date virus scanning software –Password protect files –Apply software patches –Install cable locks –Run a desktop firewall

13 Is Our Data Being Backed Up?  Test backups  Securely store backup media (offsite)  Restrict access to who can perform restoration

14 Equipment Disposal  What happens to old computer when they are replaced?  Do those systems contain sensitive information?  Several programs to securely remove data from computer systems are commercially available

15 Data Recovery DEMO

16 Dumpster Diving  We never know who is looking in our trash  Shred sensitive documents  Secure shred barrels, and make sure that proper handling procedures are in place

17 Access Rights  Only allow access that is absolutely required  Don’t grant accounts based on the fact that access “may” be required  Use least privilege access policies that state access will only be granted if required, not by default  Are accounts removed and passwords changed when someone changes jobs or is terminated?  Perform audits

18 Physical Security  Who has access?  Are sensitive documents secured?

19 Emerging Threats  Wireless Technology  Memory Devices-iPod, USB Keys, Coke cans, etc  Camera phones  P2P File Sharing

20 Incident Response  Do you know what to do and who to contact if a security breach occurs?

21 Recent News

22 Creating Awareness  Educate staff –Train staff –Document processes and outline expectations  Research potential candidates –Perform background & credit checks  Track system changes –Audit system access –Audit system changes  Create & communicate policies: –Define document and system disposal processes –Define backup procedures –Define clean work area policies –Define computer usage policies

23 Be Aware  Report anything “strange”  Don’t give private information out  Properly dispose of sensitive information  Run up to date virus protection & software  Ask questions

24 Useful Links National Cyber Security Alliance National Institute of Standards and Technology: Recent News High Profile Computer Compromise A lot of Schools have great security resource pages, for example UC Davis and the University of Iowa websites:

25 Example Software References Some various applications mentioned in the presentation*  Security –PGP –Instant Messaging Security –Simp –Adware & Spyware Removal Applications –Ad-aware –Spybot  Secure File Deletion –Secure Delete  System Disposal –Secure Hard Drive cleaning * Use of these tools is not an endorsement or guarantee of product reliability or effectiveness

26 Sample Policies  Developing Security Policy –  Acceptable Use – eptable_Use_Policy.pdfhttp:// eptable_Use_Policy.pdf

27 Questions? Please fill out the session evaluations & thank you for attending this session