Presentation is loading. Please wait.

Presentation is loading. Please wait.

EPISODE I: USE THE FORCE

Published byToby Small Modified over 7 years ago

Similar presentations

Presentation on theme: "EPISODE I: USE THE FORCE"— Presentation transcript:

1 EPISODE I: USE THE FORCE
SENSITIVE INFORMATION IS POURING THROUGH THE FLOODGATES WHICH SIDE OF THE FORCE WILL YOU USE?

2 University of Northern Colorado
FROM A CAMPUS . . .NOT SO FAR AWAY Forrest H. Swick Information Security University of Northern Colorado

3 EPISODE I: USE THE FORCE
THE GALACTIC REPUBLIC – WITH TODAY’S BYOD ENVIRONMENT – EVERYONE CARRIES A PERSONAL • SMARTPHONE OR 2 • TABLETS • LAPTOPS • BLUETOOTH LIGHTSABERS • THUMBDRIVES

4 EPISODE I: USE THE FORCE
– AND THEY DEMAND! – SEAMLESS EASY CONNECTIVITY – TO THE CAMPUS NETWORK • FOR • REPORT ACCESS • PRINTING • APPOINTMENT UPDATES • BASICALLY THEY NEED TO DO THEIR JOBS? • AND OF COURSE WOOKIELEAKS…EPISODE IV – WHICH BRINGS US TO . . .

5 EPISODE I: USE THE FORCE
THE PLANET OF NABOO – SENSITIVE INFORMATION IS AT RISK – OUR SUPREME CHANCELLORS • HAVE INFORMATION SECURITY NEEDS • THEY KNOW THE RESPONSIBILITY LIES WITHIN • AND NOT JUST ON INFORMATION SECURITY • DON’T HAVE JEDI KNIGHTS TO DISPATCH • DUE TO THEM BEING SITH

6 EPISODE I: USE THE FORCE
THERE IS NO PADAWAN (APPRENTICE) – YET WE CAN • CLASSIFY DATA • DEVELOP GUIDELINES • CREATE DATA HANDLING PROCEDURES • HAVE EFFECTIVE AWARENESS TRAINING – POLICIES ARE EVEN MORE CRITICAL! • WE KNOW DARTH SIDIOUS IS BEHIND EVERY RISK

7 EPISODE I: USE THE FORCE
JAR JAR BINKS KNOWS – MOBILE DEVICES ARE • EASILY LOST • THE TOP TARGET OF THIEVES – THE DEFAULT SETTINGS • NO PASSWORD • NO PIN • NO PATTERN LOCK

8 EPISODE I: USE THE FORCE
WITH THE BATTLE OF THE DROIDS – MOBILE DEVICES HAVE • OVER 8GB OF FREE SPACE • INSECURE COMMUNICATIONS • INFLATED APP PERMISSIONS • IMPROPER APP SECURITY CONTROLS – YET MANAGEMENT WANTS • CAMPUS ACCESS • CLOUD APPLICATIONS AND ACCESS TO DATA • IT FEELS AS IF EVERYONE FAVORS FUNCTIONALITY SECURITY

9 EPISODE I: USE THE FORCE
EVEN QUEEN AMIDALA – CANT AFFORD TECHNOLOGIES • TO SEE ALL THE RISKS • TO STOP EVERY THREAT – HER PERSONAL JEDI CANT • STOP MOBILE DEVICE COMMUNICATION • STOP CELLULAR PROVIDERS NETWORKS COVERAGE – WHO CAN AFFORD ENOUGH SECURITY INFRASTRUCTURE?

10 EPISODE I: USE THE FORCE
ANAKIN SKYWALKERS OWN DROID – C3PO – WAS BUILT FOR PROTOCOLS • TO DEVELOP GUIDELINES • TO CREATE POLICIES • TO CREATE PROCEDURES • TO CLASSIFY DATA • TO BUILD AN INFORMATION SECURITY PROGRAM – YET – WHAT IS MISSING?

11 EPISODE I: USE THE FORCE
WIN A PODRACING TOURNAMENT? – THIS WONT FREE YOU FROM • COMPLIANCE REQUIREMENTS • LEARNING ABOUT DARTH MAUL RISKS • UNDERSTANDING SECURITY LITERACY • NEEDING TO LEARN AWARENESS MINDTRICKS – WHO IS THE CHOSEN ONE IN SECURITY?

12 EPISODE I: USE THE FORCE
Padmé IS THE REAL QUEEN – WHICH MAKES AWARENESS THE KEY* • ON HOW TO CLASSIFY DATA • ABOUT CAMPUS GUIDELINES • ABOUT ESTABLISHED POLICIES • ABOUT PROCEDURES • ABOUT YOUR CAMPUS INFOSEC TEAM – THIS IS THE JEDI MINDTRICK! *sorry Charlie Miller . . .

13 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – SUBTLY MAKE CAMPUS AWARE • OF WHERE TO LOOK TO CLASSIFY DATA • OF YOUR CAMPUS GUIDELINES • OF YOUR ESTABLISHED POLICIES • OF YOUR PROCEDURES • OF HOW TO SELF IDENTIFY RISKS – IT IS AS SIMPLE AS • “THESE ARE NOT THE DROIDS YOU ARE LOOKING FOR”

14 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – IT IS NOT A LIGHTSABER DUAL – DON’T TEACH SECURITY LITERACY • WHAT IS A PHISHING ATTACK? – DO TEACH SECURITY AWARENESS • HOW TO SPOT A PHISHING ATTACK!

15 EPISODE I: USE THE FORCE
GENERIC GREETING: A typical phishing will have a generic greeting, such as “Dear User.” FALSE SENSE OF URGENCY “Your account will be disabled if it’s not updated within three (3) business days!” DECEPTIVE URL -

16 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – DON’T PUNISH BAD BEHAVIOR – DO REWARD GOOD BEHAVIOR • IT SECURITY HERO OF THE WEEK AWARDS

17 EPISODE I: USE THE FORCE

18 EPISODE I: USE THE FORCE

19 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – DON’T TELL THEM HOW TO BE SECURE – DO SHOW THEM HOW TO: • HELP OTHERS • HELP THEIR KIDS STAY SECURE ONLINE • HELP THEIR PARENTS SHOP SECURELY • HELP THEIR ELDERLY NEIGHBORS – MAKE OTHERS YOUR APPRENTICE

20 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – GET INVOLVED WITH CAMPUS EVENTS • FALL STUDENT INVOLVEMENT FAIR (AUG) • HEALTH AND SAFETY FESTIVAL (SEPT) • NATIONAL CYBER SECURITY AWARENESS MONTH (OCT) • NATIONAL DATA PRIVACY DAY (JAN) • NATIONAL DATA PRIVACY MONTH (FEB) • EARTH DAY – INFOSEC SHREDFEST (APR) • STAR WARS DAY – MAY 4TH

21 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – AWARENESS ACTIVITIES • GUEST SPEAKERS IN CAMPUS CLASSROOM • BE AVAILABLE FOR FACULTY/STAFF TRAINING • CREATE POSTCARDS/TABLE TENTS/GIVEAWAYS • TARGETED MESSAGES (BLACK FRIDAY, TAX TIME TIPS) • PUBLIC SPEAKING FOR GROUPS / CONFERENCES

22 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – HOST THE DEPARTMENTAL COFFEE CLUB • KEEP A HOT COFFEE POT ON – GIVE OTHERS A REASON TO VISIT INFOSEC • INFOSEC HAS A TENDANCY TO ISOLATE ITSELF – BE AVAILABLE

23 EPISODE I: USE THE FORCE
AWARENESS…THE JEDI MINDTRICK – USE THE EDUCAUSE RESOURCES! • 2014 INFOSEC SECURITY GUIDES • NETWORK WITH OTHER INFOSEC TEAMS IN YOUR AREA • EDUCAUSE SECURITY LISTSERV • JOIN REN-ISAC – USE ALL THE TOOLS AVAILABLE TO YOU

24 EPISODE I: USE THE FORCE
BE A SECURITY JEDI KNIGHT – DEVELOP RELATIONSHIPS WITH • DATA STEWARDS OUTSIDE OF IT • THE REGISTRAR’S OFFICE • HUMAN RESOURCES • INSTITUTIONAL RESEARCH BOARD • RESEARCHERS

25 EPISODE I: USE THE FORCE
BE A SECURITY JEDI KNIGHT – WORK WITH YOUR LEADERSHIP • TO CREATE EFFECT POLICIES • TO CREATE EFFECT PROCEDURES • TO ESTABLISH RULES TO CLASSIFY DATA • TO BUILD AN INFORMATION SECURITY PROGRAM • TO ADVOCATE AWARENESS – WITHOUT CAMPUS INFOSEC AWARENESS • YOUR DATA WILL FALL TO THE DARK SIDE

26 EPISODE I: USE THE FORCE
“FOR MY ALLY IS THE FORCE, AND A POWERFUL ALLY IT IS.” -YODA AWARENESS IS YOUR ALLY, AND A POWERFUL ALLY IT IS. *All copyrighted materials owned by the respective owners where applicable.

27 University of Northern Colorado forrest.swick@unco.edu
FROM A CAMPUS . . .NOT SO FAR AWAY Q&A! THANK YOU! Forrest H. Swick Information Security University of Northern Colorado

Download ppt "EPISODE I: USE THE FORCE"

Similar presentations

Norman M. Sadeh, Ph.D. Smart Phone Security & Privacy: What Should We Teach Our Users …and How? Professor, School of Computer Science Director, Mobile.

Norman M. Sadeh, Ph.D. Smart Phone Security & Privacy: What Should We Teach Our Users …and How? Professor, School of Computer Science Director, Mobile.
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Digital Citizenship L’école élémentaire Beachy Cove Elementary School January 2013.

Digital Citizenship L’école élémentaire Beachy Cove Elementary School January 2013.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Ten years have passed since the invasion of Naboo, and the Galactic Republic is in turmoil. Former Jedi Master Count Dooku has organized a Separatist movement.

Ten years have passed since the invasion of Naboo, and the Galactic Republic is in turmoil. Former Jedi Master Count Dooku has organized a Separatist movement.
Data Privacy Day 2012 on Campus Jolynn Dellinger Program Manager, Data Privacy Day National Cyber Security Alliance.

Data Privacy Day 2012 on Campus Jolynn Dellinger Program Manager, Data Privacy Day National Cyber Security Alliance.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
Education Empowered Ask every customer: “Does your school use (or want to use) laptops or tablets for learning?” If the answer is yes, recommend devices.

Education Empowered Ask every customer: “Does your school use (or want to use) laptops or tablets for learning?” If the answer is yes, recommend devices.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Sandringham Parents BYOD working group 28 th April 2014.

Sandringham Parents BYOD working group 28 th April 2014.
KTAC Security Task Force Superintendents Update April 23, 2015.

KTAC Security Task Force Superintendents Update April 23, 2015.
This resource sponsored by Intel Education Copyright © 2014 K-12 Blueprint. *Other names and brands may be claimed as the property of others www.k12blueprint.com.

This resource sponsored by Intel Education Copyright © 2014 K-12 Blueprint. *Other names and brands may be claimed as the property of others
THINK CYBER SMART, BE CYBER SMART! CYBER SAFETY AND DIGITAL CITIZENSHIP IN A CLASSROOM.

THINK CYBER SMART, BE CYBER SMART! CYBER SAFETY AND DIGITAL CITIZENSHIP IN A CLASSROOM.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
A long time ago in a galaxy far, far away…. People are living in a republic. There is an elected Senate which makes decisions for the galaxy. The Jedi.

A long time ago in a galaxy far, far away…. People are living in a republic. There is an elected Senate which makes decisions for the galaxy. The Jedi.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
DIGITAL CITIZENSHIP ED 505 TECHNOLOGY AND EDUCATION (REVISION)

DIGITAL CITIZENSHIP ED 505 TECHNOLOGY AND EDUCATION (REVISION)

Similar presentations

Ads by Google