The Future of Information Security Awareness Kelley Archer: Facilitator - Director Information Security, AIMIA Inc. Aaron Cohen: Managing Partner, MAD.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, /29/2014.
THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
POST WEBSITE OVERVIEW Training Managers Workshop Computer Services Bureau 9/28/2014.
Cyber X-Force-SMS alert system for threats.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Security Education and Awareness Group - SIG Kelley Archer, CISSR MN-ISSA, SEAG Facilitator, Distinguished Fellow, ISSA Ethics Committee, Director Information.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Security Issues: Phishing, Pharming, and Spam
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Information Security Phishing Update CTC
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber Crimes.
EaTIS Vendor Training - FY EaTIS Training for Vendors – Process Overview EaTIS Version 3.01 Last Modified on April 5, 2007.
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Digital Citizenship Project.  The etiquette guidelines that govern behavior when communicating on the internet have become known as netiquette.
ZOOM Training Solutions New Product Training: Servicing Excel BI NOW.
Promotion of e-Commerce sites. A business which uses e- commerce to trade online must also advertise. Several traditional methods can be used, such as.
Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
CCT355H5 F Presentation: Phishing November Jennifer Li.
Survey Scams Sam Roberts. What is a Survey Scam?  A scam where someone asks you to fill out a survey answering personal question, business questions,
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
To:Employee From: impersonated official company Message: Give us personal information here.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
Topic 5: Basic Security.
Minding your business on the internet Kelly Trevino Regional Director October 6,2015.
ISPAB Panel on Usable Security Mary Frances Theofanos - NIST Ellen Cram Kowalczyk - Microsoft.
What is Spam? d min.
How to Create an Address How to Create a Free Account, Read and Answer your s. Yahoo! provides FREE . To create a free .
Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!
Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.
Section 6 Theory Issues with information found on the Internet.
MassHealth Medicaid Management Information System (MMIS) Provider Online Service Center (POSC) Technical Upgrade January 13, 2016.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.
SECURITY ISSUES. TYPES BLUE JACKING SENDING MESSAGES TO OPEN BLUETOOTH CONNECTION VIRUSES HARMFUL PROGRAMS THAT SPREAD WITHIN DIGITAL DEVICES COOKIES.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Safe Computing Practices. What is behind a cyber attack? 1.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Limitless communication on long-haul flights Lufthansa FlyNet ®
Catching Phish. If I went fishing what would I be doing? On the Internet fishing (phishing) is similar! On the internet people might want to get your.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
 77.4% of the perpetrators are male.  50% live in one of the following states: California, New York, Florida, Texas, and Washington.  55.4% complainants.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Cyber security. Malicious Code Social Engineering Detect and prevent.
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
how to prevent them from being successful
Learn how to protect yourself against common attacks
How to Protect Yourself from ID Theft and Social Engineering
Cybersecurity Awareness
yahoo mail technical support number
Information Technology Services Education and Awareness Team
Robert Leonard Information Security Manager Hamilton
Phishing.
Protecting Senior Citizens from Phishing s
Computer Security.
Information Technology Services Education and Awareness Team
What is Phishing? Pronounced “Fishing”
Spear Phishing Awareness
Employee Cybersecurity Program
Week 7 - Wednesday CS363.
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

The Future of Information Security Awareness Kelley Archer: Facilitator - Director Information Security, AIMIA Inc. Aaron Cohen: Managing Partner, MAD Security Ira Winkler: President, Information Systems Security Association

Who wants YOUR information? 2

Agenda In the last year the effectiveness of information security awareness has been the subject of vigorous debate. In this panel, leading experts will discuss the causes for dissatisfaction with historical awareness techniques and how awareness has evolved in the last decade. Topics such as metrics, surrogate outcomes and the latest research will all be discussed. Each Panel member will respond to questions presented by the facilitator as well as from the audience. In the last year the effectiveness of information security awareness has been the subject of vigorous debate. In this panel, leading experts will discuss the causes for dissatisfaction with historical awareness techniques and how awareness has evolved in the last decade. Topics such as metrics, surrogate outcomes and the latest research will all be discussed. Each Panel member will respond to questions presented by the facilitator as well as from the audience. 3

Type of questions to be addressed How do you see Information Security Awareness being implemented in the next 5-6 years? What methods will become predominate and which ones currently in use will fall by the wayside? What new issues/struggles with obtaining executive buy in are expected? What will be the best way to reason with users of the future to ensure they are retaining the necessary messages and including them into their everyday behavior? Is it really all about changing behavior or is their some secret that we're all missing? The focus here being on the "I'm entitled" generation. How will we better equip our users to habitually be aware of threats, both virtual and physical? What and where will the metrics be found? There has to be something better than a pass or fail rating on a quiz which is what's traditionally seen in awareness programs. How will we mitigate targeted attacks, like spear phishing? People want freedom, but we obviously know this comes at a cost. How will a company best draw the line between enforcing security in a mobile environment? How will organizations measure how their security awareness programs are working? Can this even be done? Is this really something that can be done with a once a year program? What is more successful, a one time hit with training, or more spread out training? Lets talk about the C-Level executive. How do we educate the executive? Do we need to treat them differently? How do you see Information Security Awareness being implemented in the next 5-6 years? What methods will become predominate and which ones currently in use will fall by the wayside? What new issues/struggles with obtaining executive buy in are expected? What will be the best way to reason with users of the future to ensure they are retaining the necessary messages and including them into their everyday behavior? Is it really all about changing behavior or is their some secret that we're all missing? The focus here being on the "I'm entitled" generation. How will we better equip our users to habitually be aware of threats, both virtual and physical? What and where will the metrics be found? There has to be something better than a pass or fail rating on a quiz which is what's traditionally seen in awareness programs. How will we mitigate targeted attacks, like spear phishing? People want freedom, but we obviously know this comes at a cost. How will a company best draw the line between enforcing security in a mobile environment? How will organizations measure how their security awareness programs are working? Can this even be done? Is this really something that can be done with a once a year program? What is more successful, a one time hit with training, or more spread out training? Lets talk about the C-Level executive. How do we educate the executive? Do we need to treat them differently? 4

5

6

7

How they get your information 8 High Tech methods –Credit/Debit Card theft –Skimming – device under apron or at gas pumps –Pretexting – a form of social engineering –Man-in-the-Middle – intercept of communication –Phishing – Most common methods Pharming – tamper w/web site, redirect user Vishing – voice phishing/robo calls Search Engine Phishing – Too good to be true offer on web site SMiShing – Spam text message posing as legitimate org. Malware Based Phishing – attach a harmful program Phishing through Spam – also known as spammer, sends offers Spear Phishing – phishing focused at businesses, e.g. IT Tech support High Tech methods –Credit/Debit Card theft –Skimming – device under apron or at gas pumps –Pretexting – a form of social engineering –Man-in-the-Middle – intercept of communication –Phishing – Most common methods Pharming – tamper w/web site, redirect user Vishing – voice phishing/robo calls Search Engine Phishing – Too good to be true offer on web site SMiShing – Spam text message posing as legitimate org. Malware Based Phishing – attach a harmful program Phishing through Spam – also known as spammer, sends offers Spear Phishing – phishing focused at businesses, e.g. IT Tech support

Example Phishing s 9 Dear Customer:: For your security, access to Online Banking has been locked because the number of attempts to sign in exceeded the number allowed. To regain access to your internet banking, Please update and select the Reset Account link. below. We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. To access and activate your account, simply click the link below. The entire activation should take only 5 minutes of your time. Please complete the activation by now. Thank you for using Online Banking. Bank Of Ameria Alerts If you no longer wish to receive these s, please click on this link:

QUESTIONS????? 10