Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate.

Published byAustin McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate."— Presentation transcript:

1 Information Security Awareness Program

2 Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate Controls for Information Assets  Terminology  Do’s and Don’ts at Laurier  Q/A

3 What is Information Security? Information—facts or details about a person, company, product, etc. Confidentiality Integrity Availability

4 Why is Information Security Important? Protects valuable assets Regulatory compliance Financial consideration Public image

5 Education Data Breaches Since 2005, higher education hacks were responsible for 35 percent of all data breaches. At least one attack on colleges and universities takes place every week. Why are university networks targeted?  Difficult to detect and respond to breaches  Easy access  Real and useable human intelligence and valuable research data  Other information, such as intellectual property, alumni databases

6 Terminology Explained  Asset—Anything that has value to Laurier  Vulnerability—Any weakness of any asset  Threat—Any possible danger to assets  Risk—Vulnerability exposed to a threat  Control—Countermeasures to reduce risk

7 Terminology Explained

8 Appropriate Control for Information Assets  Data Classification & Information Management Policy Data Classification & Information Management Policy  Data Owner  Data Custodians  Data Consumers  Open Data (Type 1)  Internal Data (Type 2)  Restricted Data (Type 3)  Use of Information Technology Use of Information Technology  Information Security Policy Information Security Policy

9 Password Management Tips  Do choose a strong password, change it periodically, and make sure that you are the only person that knows it  Don't use your login name in any form  Don’t use word or words contained in any language dictionary  Don't use numbers significant to you or someone close to you, or associated with the University  Don't use passwords based on simple keyboard patterns  Don’t allow BROWSERS to remember passwords  Remember it or keep it in a protected place, such as a locked safe, password management App, etc.

10 Information Security Do’s & Don’ts at Laurier  Do have up to date anti-virus tools  Do use licensed and supported software  Do scan portable media before usage  Do lock computer when you walk away from desk  Do keep Operating System security patches up to date  Do keep application software up to date  Do use Laurier resources for business purposes only  Do keep your eyes on you laptop, using chain locks if necessary  Do report incidents, abnormal things to designated people, and leave the scene untouched if don’t know what to do  Do back up your documents  Do think about IT security on a regular basis  Do contact the ICT Service Desk when necessary

11 Information Security Do’s & Don’ts at Laurier  Do not shut down security applications on your computer, including anti-virus tool, Firewall, automated updates etc.  Do not let unknown people touch your computer. Feel free to challenge his/her ID when necessary  Do not give out your password to anyone, including ICT staff.  Do not provide your password in an email reply  Do not connect personal computing devices to the WLU wired network  Do not use insecure wireless connections  Do not open an email attachment unless you are certain of the authenticity of its contents  Do not open an unknown website or URL unless you are certain of its authenticity

12 Email Scam Terminology  Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant messages, or other communication channels.  Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.

13 Email Scam Terminology  Email spam, also known as junk email, is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email.  Email hoax is a scam that is distributed in email form. It is designed to deceive and defraud email recipient.

14 Social Engineering  Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insiders.  The goal of social engineering is to trick someone into providing valuable information or access to that information.  In forms of phone phishing, baiting, tailgating, etc.

15 Countermeasures of Social Engineering  Insist on verifying the caller’s identity by calling them back at their proper telephone number as listed in telephone directory. This procedure creates minimal inconvenience to legitimate activity when compared with the scope of potential losses.  Be cautious when dealing with a “lost” media, such as USB, CD, etc.  Remember that passwords are sensitive. A password for your personal account should be known ONLY to you. Systems administrators or maintenance technicians who need to do something to your account will not require your password. They have their own password with system privileges that will allow them to work on your account without the need for you to reveal your password. If a system administrator or maintenance technician asks you for your password, be suspicious.  External vendors who come on site should be accompanied.

16 Questions? ICT Service Desk Hours: Monday - Friday 8:00am - 5:00pm ICT Service Desk: https://itservicedesk.wlu.cahttps://itservicedesk.wlu.ca Waterloo: Phone: (519) 884- 1970 ext. 4357 (HELP) Location: Concourse Service Desk 1E4C Brantford: Phone: (519) 756-8228 ext. 4357 (HELP) Location: Research Centre East - Room 110

17 APPENDIX

18 Example of Spear Phishing Subject: WLU Account Alert Dear user, Recently, we are performing emergency mail maintenance on our email network. Your account has been identified as an essential account requiring upgrades. We therefore, implore you to follow our secure site (https:www.wlu.ca/) to upgrade your account.https:www.wlu.ca/ Thank you, (ICT) Technical Services

19 Example of Phishing Subject: De-activation Of Your Email Account in Progress! Dear user, We acknowledge your email request to lock down your account. You are required to verify your password to continue sending and receiving messages. Verify to continue receiving messages. If this wasn't you, please follow the links below to keep your account safe. Activate second sign-in. Sincerely, Verify to continue receiving messages Activate second sign-in (Company Name) Technical Services

20 Example of Email with malicious code Subject: Your E-Ticket Information, order #0000450279

21 Example of Fraud Email – Part I

22 Example of Fraud Email – Part II

Download ppt "Information Security Awareness Program. Agenda  What is Information Security?  Why is Information Security important?  Education Data Breach  Appropriate."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security Awareness:

Information Security Awareness:
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.

Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Program Objective Security Basics

Program Objective Security Basics
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Similar presentations

Ads by Google