Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design of a cyber security awareness campaign for Internet Cafés users in rural areas WA Labuschagne, MM Eloff, N Veerasamy, L Leenen, M Mujinga CSIR /

Published byDerick Parrish Modified over 9 years ago

Similar presentations

Presentation on theme: "Design of a cyber security awareness campaign for Internet Cafés users in rural areas WA Labuschagne, MM Eloff, N Veerasamy, L Leenen, M Mujinga CSIR /"— Presentation transcript:

1 Design of a cyber security awareness campaign for Internet Cafés users in rural areas WA Labuschagne, MM Eloff, N Veerasamy, L Leenen, M Mujinga CSIR / UNISA IST Africa 12 May 2011

2 Internet Usage in Africa Africa has the lowest number of Internet users 5.6% of total world users 2000% growth in last decade Possible causes: Lack of infrastructure –High cost –Low bandwidth Lack of equipment © CSIR 2011

3 Lack of Infrastructure Development of infrastructure with deployment of: Seacom (2009) EASSY (2010) TEAMS (2009) Improvement in bandwidth and lower costs to access Internet © CSIR 2011

4 Lack of Equipment Not have computer to access Internet due to cost Internet Café provides equipment to access the Internet © CSIR 2011

5 Background More Internet Cafés in less affluent areas Repeat users High demand for training Use for business activities, search for employment, communication and establish business contacts Access resources, if employed, not allowed to access at work © CSIR 2011

6 Problem Security measures implemented by the establishment (No control) Knowledge & Skill set of the Internet users (Address with Security Awareness) © CSIR 2011

7 Corporate Environment vs Other Users Companies protected by expensive complex security system (IDS, Firewalls, Anti-Virus, etc.) Security is delegated to specialized teams Users are only provided access to enough functionality to perform responsibilities Security awareness programs are usually part of training provided within companies Security is automatically applied by systems at no cost to the user Case Study of Internet Cafés to determine security weaknesses © CSIR 2011

8 Feedback on Observation Use of outdated Web browsers Use outdated 3 rd party applications for example Acrobat Reader, Flash Player Most Not using latest Service Packs (Most using SP2) Allow user to install application (Administrative privileges) Can access and edit the registry No security awareness Using Microsoft Windows XP Autorun is enabled No Anti-malware installed © CSIR 2011

9 Need Identified © CSIR 2011

10 What is Security Awareness? Awareness - Focus attention on a set of security issues Training – Teach skills to allow person to perform a specific function Education – Aims to produce IT security specialists capable of proactive responses © CSIR 2011

11 NIST Special Publication (800-50) National Institute of Standards and Technology 800 Series reports on the Information Technology Laboratory (ITL): Research Guidance Outreach efforts in computer security Collaborative activities with industry, government, and academic organizations Building an Information Technology Security Awareness and Training Program © CSIR 2011

12 Steps in NIST (800-50) Life Cycle © CSIR 2011

13

14 Design Step Needs assessment Identify most threats at Internet Café Identify critical topics that form part of security awareness program addressing threats at Internet Cafés © CSIR 2011

15 Internet Use Classification © CSIR 2011 Type of UseClassification Seeking informationInformation EmailCommunications ChattingEntertainment Reading online newsInformation ResearchInformation Computer gamesEntertainment Downloading software for professional useBusiness Downloading software for amusementEntertainment Downloading musicEntertainment Visiting pornographic sitesEntertainment Doing businessBusiness e-shoppingFinancial GamblingFinancial Social networksCommunications

16 Internet Uses to Threats (1) © CSIR 2011 Use Threat Info Entertain- ment FinancialBusinessComms Spam  DOS  PhishingPP  Malware Virus  Spyware  Password/Info stealer  Backdoor  Downloader  Dropper  Rootkit 

17 Internet Uses to Threats (2) © CSIR 2011 Use Threat Info Entertain- ment FinancialBusinessComms Browser Based Firefox  IE  PDF  Hacking(Exploit) Social engineeringX  Inherent software vulnerabilities  Patch management  Online scams  P  Physical harmX  XX  Cyber bullyingX  XX  Identity TheftXP  P 

18 Selection Process © CSIR 2011

19 Development Step Critical Topics for Internet Café Social Engineering Scams Cyber Bullying Physical Harm Identity Theft Social Networking Email Phishing © CSIR 2011

20 Implementation Step Material can be delivered: Interactive video training - Applicable Web-based training (Passive) - Applicable Instructor-led training Placement of awareness messages (posters, screen savers, email) - Applicable Discussion Groups © CSIR 2011

21 Post Implementation Interviews Questionnaires Analysis of Internet usage © CSIR 2011

22 What about.. Mobile phone adoption vs Internet Café Decline in Internet Café Lessons learned could be used with personal computer at home Other frameworks Other tools to deliver content e-Awareness Model © CSIR 2011

23 Conclusions The NIST (800-50) Framework is feasible solution to design a cyber security awareness program. A need has been identified to address threats at Internet Cafés in rural areas. Email, social engineering, phishing, social networking, scams, cyber bullying and identity theft are prominent threats at Internet Cafés. © CSIR 2011

24 Q&A © CSIR 2011

Download ppt "Design of a cyber security awareness campaign for Internet Cafés users in rural areas WA Labuschagne, MM Eloff, N Veerasamy, L Leenen, M Mujinga CSIR /"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
Internet, Intranet and Extranets

Internet, Intranet and Extranets
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
Use computer and internet safely Dave Dai 2008. Computer security Malware Virus: a program that copies itself and infect a computer without permission.

Use computer and internet safely Dave Dai Computer security Malware Virus: a program that copies itself and infect a computer without permission.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.

Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.

Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google