Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jason C. Belford Information Security Briefing Staff Senate

Published byMarshall Cooper Modified over 6 years ago

Similar presentations

Presentation on theme: "Jason C. Belford Information Security Briefing Staff Senate"— Presentation transcript:

1 Jason C. Belford Information Security Briefing Staff Senate
November 2, 2017 Information Security Briefing Staff Senate Jason C. Belford Chief Information Security Officer

2 Obligatory Legal Disclaimer
This presentation is for general  educational purposes only, and is not intended as legal or specific security advice.  The presenter is neither an attorney nor associated with law enforcement.  Opinions presented  are those of the presenter, not his employing institution.  For legal and information technology security advice, please consult appropriate professionals who can address your particular needs. Slide Number

3 Threat Landscape Slide Number

4 Who are the bad guys? Slide Number Rivals Script Kitty Kiddie
Nation State Actors Organized Crime Insider Threat Hacktivism Slide Number

5 What do they want? Slide Number Money Data Trade Secrets Access
Everything Revenge Slide Number

6 Your Email – the Connection to Everything
Slide Number

7 How are they going to get it?
Disregard for laws, policies, rules Exploit Vulnerabilities Malicious Software Social Engineering Phishing Brute Force Slide Number

8 Security Incidents Slide Number

9 It is WHEN not IF 2012 2014 2015 2013 Slide Number

10 Summer 2015 August 14, 2015 August 14, 2015 The University of Virginia shut down access to many of its information technology systems Friday in response to a cyberattack that originated in China, the university announced in a release. Slide Number

11 Winter 2016 January 20, 2016 Slide Number

12 UPDATE! November 22, 2016 ...the arraignment Friday of two Nigerian citizens who were extradited from Kuala Lumpur, Malaysia, to Atlanta to face charges. Damilola Solomon Ibiwoye and Olayinka Olaniyi are accused in a series of alleged “phishing scams” targeting Georgia Tech and other colleges and universities across the country. Guilty

13 Summer 2017 Slide Number

14 Fall 2017 October 12, 2017 “student accounts were compromised when a fraudulent told students they could get a reduction in fees.” Slide Number

15 Most Popular Method? Slide Number

16 PHISHING Phishing is a fraudulent activity that attempts to acquire sensitive information such as usernames, passwords and credit card numbers by masquerading as a trustworthy and legitimate entity SCAM

17 Phishing for Username / Password – Example
Slide Number

18 Phishing for Money Transfers – Example
Slide Number

19 Phishing for Infections – Example
Slide Number

20 Phishing for Infections – Example
Slide Number

21 Cyber Self Defense Slide Number

22 https://netbadge.virginia.edu/ https://netbadge.virginia.edu/
Find the Domain Slide Number

23 https://netbadge.virginia.edu/
Find the Domain Ignore everything before the domain! Slide Number

24 https://netbadge.virginia.edu https://netbadge.virginia.edu/index.cgi
Find the Domain The 3rd slash may be optional if the domain is the last part of the line Slide Number

25 What is UVA doing to help protect you from Phishing?
Slide Number

26 Technical Controls your-network-with-dns-firewall/

27 Non-technical Controls

28 Phishing Simulation – Fall 2016
Slide Number

29 Phishing Simulation – Fall 2016
Slide Number

30 DNS Firewall Block Slide Number

31 2-Step Slide Number

32 2-Step 10 different methods

33 Speaking of authentication…
Slide Number

34 Pick a good password Cav2468! Slide Number

35 Pick a good password Ca$d0V’n, Slide Number

36 Pick a good password Mr. Thomas Jefferson Slide Number

37 Wah-hoo-wah,wah-hoo-wah!
Pick a good password Wah-hoo-wah,wah-hoo-wah! Slide Number

38 Pick a good password passphrase
Cav2468! Ca$d0V’n, Mr. Thomas Jefferson Wah-hoo-wah,wah-hoo-wah! Number of Characters 8 9 20 25 Character Classes 4 3 How Secure? Weak Very Strong Time to Crack? ~ 1 minute ~ 2 hour 1.25 thousand trillion centuries 5.53 trillion trillion centuries Slide Number

39 My Advice Freeze your credit
Review your credit reports and financial statements Identify the real ”domain” (only click if it makes sense) Do not open unexpected attachments Verify! Verify! Verify! Use long, unique passwords Use 2-step login for any services that allow it Back up your files, regularly Do not provide sensitive information over When in doubt, stop and ask Slide Number

40 He who knows best knows how little he knows. --Thomas Jefferson
Questions ? He who knows best knows how little he knows. --Thomas Jefferson

Download ppt "Jason C. Belford Information Security Briefing Staff Senate"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Other useful information about the presentation ECE 6612 Kyle Koza.

Other useful information about the presentation ECE 6612 Kyle Koza.
Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.

Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
CCT355H5 F Presentation: Phishing November 22. 2012 Jennifer Li.

CCT355H5 F Presentation: Phishing November Jennifer Li.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.

About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
Phishing: Trends and Countermeasures Blaine Wilson.

Phishing: Trends and Countermeasures Blaine Wilson.
How Phishing Works Prof. Vipul Chudasama.

How Phishing Works Prof. Vipul Chudasama.

Similar presentations

Ads by Google