Security Insights: User Security. Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Part I: Making Good Online Choices

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Security Policies? Ugh, just give me a firewall! Steve Riley Enterprise Security Architect Security Business and Technology Unit

SECURITY CHECK Protecting Your System and Yourself Source:

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.

What is identity theft, and how can you protect yourself from it?

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

INTERNET SAFETY FOR EVERYONE

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Lessons Learned: Using the Experience of Others to Avoid Common Project Server Mistakes LaDonna Carpenter Technical Lead Product Support Services Microsoft.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Scams & Schemes Common Sense Media.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

1 Safely Using Shared Computers Amanda Grady December 2013.

7 Information Security.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Security Insights: Spyware. Spyware Challenges Bombard you with ads Change system settings Collect personal information Slow down or crash computers Invade.

Steve Riley Senior Program Manager Security Business and Technology Unit Common security screw-ups we have known and seen Security.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Computer Skills and Applications Computer Security.

Web Services Security Patterns Alex Mackman CM Group Ltd

Security Configuration Wizard Keith D Miller Microsoft European Support Readiness Manager.

Security Insights: Identity Theft & Management. The Identity Theft Problem What is Identity Theft? Dumpster diving Low tech Phishing/Pharming Targets.

Security for Mere Mortals Steve Lamb Technical Security Advisor Microsoft Ltd.

Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.

A Quick and Easy Crash Course Internet Safety for Everyone.

David Finch National Star College Navigating the e-Safety minefield Navigating the e-Safety minefield David Finch National Star College.

Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.

Protecting Young Children Online Speaker Name Speaker Organization.

Top Tips for Online Safety Speaker Name Speaker Organization.

Deployment Planning Services

“Introduction to Azure Security Center”

Security Insights: How Microsoft Secures IT

Azure API Management Jothi Prakash A

Deriving more value from your Windows investment

Securing Information Systems

Secure your Active Directory to mitigate risk in the cloud

Security in a Container based World

Microsoft Virtual Academy

Fixing Bad IT Security: Stupid Mistakes and Dangerous Conveniences

Maritime Business Solutions

Implementing Client Security on Windows 2000 and Windows XP Level 150

Presented by Elizabeth Kunkel Member Service Trainer

PLANNING A SECURE BASELINE INSTALLATION

Empower your users with Azure Active Directory Premium

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Microsoft Data Insights Summit

Security in the Real World – Plenary Day One

In the attack index…what number is your Company?

Security Insights: Secure Messaging

Presentation transcript:

Security Insights: User Security

Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine > user

Why are people so dangerous? Very vulnerable to mistakes and manipulation Not good at estimating risk Often too willing to extend trust Duped by pleas for help—it’s our natural desire to want to be helpful And can undermine all technical countermeasures Often the weakest part  should be accorded more scrutiny!

Policy: Determine its impact Security is inconvenient Recognize and respect security’s disruption Build “user impact” into design; invite discussion Avoid excessive complexity Use tools that are already tested and proven Controls costs; lessens chances of attack To prosecute or not? Decide in advance how far to go If yes: know what evidence to collect and train staff Make the punishment fit the crime Often reprimands are sufficient But what about the person who hacks the payroll?

Enforcement: Be visible Make security overt Badges even in small firms—has huge psychological effects and increases sensitivity Remind constantly Regular briefings and logon notices Include reminders of information value Emergency service Coordinate with physical security people Drill the troops Know where legitimate users are so you can more easily find attackers Perform drills to test procedures

Enforcement: Be visible Walk in your users’ shoes Use the same systems and software they do Operate with the same privileges they do Helps to spot areas where they might try to circumvent the security Keeps you from making disastrous mistakes

User education Security management campaign Periodic refreshers Newsletters Group meetings Screensavers Signatures on acceptable use policies Regular audits

Security awareness Know what has value What to do if you suddenly lost all access? Friends aren’t always friends Don’t allow trust to be exploited Over-the-phone friendships lack trust Passwords are personal And always undervalued Uniforms are cheap Mutually authenticate when your bank calls you!

Ongoing reminders Regular reminders to keep people aware One training session won’t last forever Police departments do this continually Be creative Don’t become yet another source of noise to be ignore Make the policy itself available easily Post on a web server Provide simple searching and navigation Keep it current!

Demo on the stand Free eval. from the stand Expert assistance on the stand Resources on-line Resources

Security Insights – Coming Up 11:15Secure Messaging 11:45Identity Theft 12:15How Microsoft Secures IT 12:45User Security 13:15Secure Messaging 13:45Spyware 14:15Identity Theft 14:45How Microsoft Secures IT 15:15User Security 15:45Spyware

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.