When John arrives, do you allow him to use your computer under your account? “I’m John Newbie - the latest hire in the company’s Tech Support. Director.

Slides:



Advertisements
Similar presentations
Welcome to eDMR This PowerPoint presentation is designed to show eDMR users how to login and begin using the eDMR system.
Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
HIPAA Security.
1 Identity Theft and Phishing: What You Need to Know.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.
Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.
Factors to be taken into account when designing ICT Security Policies
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Self Service Connection Users Guide
Fire Officer Strategy and Tactics (FOST)
Welcome to the Sinclair Community College Online Employment Applicant Tutorial.
IMonitor Software About IMonitorSoft Since the year of 2002, coming with EAM Security Series born, IMonitor Security Company stepped into the field of.
Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!
Program Objective Security Basics
Welcome to the University of West Florida Online Employment System Applicant Tutorial.
CS105 Lab 1 – Introduction Section: ??? TA: ??? ??? Announcements CITES Accounts Compass Netfiles Other Administrative Information CS105 Fall
Introduction to our On-Line Self Service Center at
9/10/2015 What’s New? Edline at Valley View!! Joyce Potempa Technology Department presentation to Building Support Staff February 2, 2010 Institute Day.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Fire Officer Strategy and Tactics (FOST)
Collection of Assessment Results
Protecting and Sharing Documents Lesson 13. Objectives.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
ONE® Pages Training Presentation North York General Hospital.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Slide 1 FastFacts Feature Presentation December 22, 2015 To dial in, use this phone number and participant code… Phone number: Participant.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Versatrans E-Link Parent look up and review of student Transportation Information.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
Social Engineering By: Pete Guhl and Kurt Murrell.
Message Validation, Processing, and Provisioning System (MVPS) Access for Jurisdictions User has SAMS User ID Center for Surveillance, Epidemiology, and.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
FERPA & Data Security:FERPA & Data Security: Passwords and Authenticators.
Step 1 Lead Notifications Dear Partner, New leads have been assigned to your organization based on customer preference and are available for you.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
Component D: Activity D.3: Surveys Department EU Twinning Project.
Two account types on this campus: UWB Access AccountUW NetID Account & 1.Not everyone has one as it must be requested by your supervisor 2.You are.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
My Learning Journal Parent Workshop Friday 28th April 2017.
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
Social Engineering Brock’s Cyber Security Awareness Committee
Recommending a Security Strategy
Services Course 9/9/2018 3:37 PM Services Course Windows Live SkyDrive Participant Guide © 2008 Microsoft Corporation. All rights reserved.
How to Use Members Area of The Ninety-Nines Website
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Protecting Your Identity:
Social Engineering No class today! Dr. X.
ONE® Pages Training Presentation
Commonapp.org #commonappready © 2015 The Common Application.
Lesson 2: Epic Security Considerations
ONE® Mail Training Presentation
Epic Introduction Basics
Epic Introduction Basics
Epic Introduction Basics
Premier Employee Program Version 4.0
Employee Cybersecurity Program
Presentation transcript:

When John arrives, do you allow him to use your computer under your account? “I’m John Newbie - the latest hire in the company’s Tech Support. Director Sue suggested that a good way for me to introduce myself is to install the company’s new anti-spam software on all computers. When would it be convenient for me to stop by and update your office machine?”

FROM: TO: DATE: September 7, 2005 Message to all FriendliWare employees, In response to employee requests, President Pauline has created a new electronic way for you to view your personnel information online. This new system provides access to all salary records, performance evaluations and productivity information. Of course, you can be assured that your personal information is confidential - protected by secure login. To activate this new system every employee needs to follow the following link... http: info.YourCompany.com In the interest of your convenience you can log in using your existing user name and password. Please follow the directions. This should take no more than a couple of minutes of your valuable time. Thanks. Sam Reliable Assistant to President Pauline FriendliWare Corp.

Friday, 4:45 p.m. -- “Hi, this is Sam in Accounting. Is Bob around?” “No? Is this Bob’s assistant, Chris?” “Chris, I don’t know why we haven’t met before. I guess I just haven’t stopped by old Bob’s office in the past few months. You see Bob and I go way back to college days. Our families spend a week every spring in Aruba. In any event, the reason for my call is that Bob and I have been developing this new security system that could save the company thousands. Bob and I plan to pitch our idea to the Board next Tuesday, and I need to polish the PowerPoint slides this weekend. Bob was working on some major revisions and said they would be ready today. He told me that if I missed him you would be able to log into his corporate account and send me a copy of the files I know it’s late, but would you mind ing the files to me?” “You don’t know the presentation file names? Well, I know Bob developed a new spreadsheet and added some nice graphics, but I don’t know the names of these new files. Perhaps it would be easier for you if you just let me log in and access them directly from my office. This would also be more secure, since the company doesn’t use encryption. The odds are slim, but we could lose our jobs if these files were somehow intercepted by a competitor.”

FROM: David RileyDavid Riley TO: David RileyDavid Riley DATE: February 17, 2004 SUBJECT: I love you, David. Someone loves you! Click on the web link below to find out who. A Classic

Def’n ______________ is a category of attack in which the perpetrator manipulates humans into divulging sensitive information. Social engineering preys on human qualities such as... your desire to be _________. your tendency to ________ others. your ________ of getting into trouble. Social engineering is still viewed as the most effective (and often the most convenient) means of breaching security. Social engineering is not based on hardware or software vulnerabilities, but rather human vulnerabilities..

Methods of the Social Engineer befriend your victim trigger rapid response from excitement or fright gather bits of information from various sources impersonate (president, tech support staff) shoulder surfing dumpster diving software mimic phishing

Anatomy of an Attack telephone book local office company web pages reception annual report toll free number staff directory help desk executive assistant lunch restaurant human resources org chart new hire list employee contacts login info

Why is social engineering successful? diffusion of responsibility opportunity for benefit - help desks are particularly vulnerable trust moral responsibility guilt

MITIGATION - policy How should sensitive materials be handled? What information is considered sensitive/confidential? Who should have access to sensitive documents? How are people authenticated? How are electronic documents authenticated? Who is responsible for what?

MITIGATION - infrastructure Sound physical security is essential. Practice good electronic security (firewalls, encryption, etc.) Phone calls can be traced and/or recorded. Selected computer transactions should be logged and audited. An internal website can assist authentication. Conduct simulated attacks.

MITIGATION - awareness be aware of the signs name dropping intimidation request for sensitive info rushed need uniformed personnel be aware of your environment what is your keyboard’s viewing exposure? is your computer logged in? what is your screen’s viewing exposure? are sensitive documents visible? who sent your ? (be header-aware) what web server are you viewing? (be URL-aware)

use callback authentication protocols never share passwords (tech support should have their own accounts) Some specific ideas (for social engineering mitigation) “lockdown” confidential material shred all confidential paper use ctrl-alt-del login (for Windows) mark sensitive/confidential documents require escort of offsite personnel enact introduction procedures for new employees establish procedures to verify identities password lock a computer when you leave the room

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.