The document appears to be a presentation on computer security given by Khairulmizam Samsudin, Ph.D. The presentation covers various computer security topics including scenarios of common security incidents like phishing and social engineering. It also defines computer security terms, discusses laws and best practices, and includes awareness tests to check audience understanding. The overall goal is to make the audience aware of computer security risks and how to identify and handle issues.
3. khairulmizam@upm.edu.my
Presentation Contents
1. Awareness test for audience
2. Scenario related to security incident
3. Definition of computer related term
4. What to do in the event of attack
5. Statistics on computer crime
6. News related to computer security
7. Laws and regulation related to computer
usage
3
4. khairulmizam@upm.edu.my
Learning outcome
At the end of this talk, audience will
1. be aware of computer security risk at
home and in the workplace
2. be able to identify common computer
security issues
3. follow best computer security practice
4. have the knowledge to handle computer
security incident
4
7. khairulmizam@upm.edu.my
Scenario #1
Reference:https://goo.gl/2FWWAf 7
From: UPM Email Administrator [mailto:admin@email.upm.edu.my]
Sent: 12 May 2016 8:51am
To: khairulmizam@upm.edu.my
Subject: Email Storage Warning
Dear Dr. Khairulmizam Samsudin,
Your mailbox is almost full.
Please reduce your mailbox size by email deletion. Click here to reduce
size automatically
11. khairulmizam@upm.edu.my 11
Scenario #1: Phising Attack
Definition: attempt to
acquire sensitive
information by masquerading
as a trustworthy entity in
electronic communication.
Variation: bank account,
monetary reward, over
credit, using other
communication medium, etc
Reference:https://goo.gl/lygRnT
14. khairulmizam@upm.edu.my
Scenario #1: To do
14
To Do
● Verify the URL address
● Use HTTPS (if available)
● Enable anti-virus
‘secure browsing’
feature
● Update OS and anti-virus
regularly
20. khairulmizam@upm.edu.my
This talk is not about...
How to…
● e-Punch from outside UPM?
● How to crack application or games?
● How to obtain password of protected WiFi?
● How to top-up SmartTAG for free?
● How to <illegal activity> ?
20
29. khairulmizam@upm.edu.my
Law and Regulation
1. Akta Jenayah Komputer 1997 (Akta 563)
2. Akta Komunikasi dan Multimedia 1998 (Akta
588)
3. Akta Harta Intelek (Paten dan Hakcipta)
4. Arahan Teknologi Maklumat 2007 (Akta 680)
5. Akta Perlindungan Data Peribadi 2010 (Akta
709)
6. Kaedah-Kaedah Universiti Putra Malaysia
(Teknologi Maklumat Dan Komunikasi) 2013
7. Garis Panduan Keselamatan Teknologi
Maklumat dan Komunikasi (GPKTMK), UPM 2014
29
33. khairulmizam@upm.edu.my
Awareness Test #1: Computer/Smartphone
1. I know how to install and uninstall software
2. I pay my utility bill online
3. I know how to configure WiFi
4. I know how to hook up all the computer cables
5. I can format and reinstall OS on my computer
33
37. khairulmizam@upm.edu.my 37
Scenario #2: Hoax, Chain letter, Faxlore, etc
Definition: a message that
attempts to convince the
recipient to distribute copies
of the letter and then pass
them on to as many recipients
as possible.
Variation: children in need,
petitions, false warnings,
monetary rewards, urban
legends, superstitions
48. khairulmizam@upm.edu.my
Awareness Test #2: Security
1. I know how to scan for virus/malware
2. I password protect my computer/smartphone
3. I have 8 character password with 1 capital
letter, 1 symbol and 1 number
4. I update my computer OS and software frequently
5. I use a non-administrator user account on my
computer
48
54. khairulmizam@upm.edu.my
Scenario #3: To do
54
To Do
● Do not use the same password
● Do not share password and be
sure no one watches
● Use ‘incognito’ mode if you
are using public computer
● Lock or log off everytime
● Use biometric password (if
possible)
● Update OS and anti-virus
regularly
60. khairulmizam@upm.edu.my 60
News: Car hacking
… two researchers managed to take
control of an unaltered vehicle’s
electronically controlled subsystems
(radio, AC, wipers, transmission,
steering, even brakes) from afar,
using the Internet connection its
entertainment system makes through
Sprint’s cellular network … - “IEEE
Spectrum”
69. khairulmizam@upm.edu.my 69
Scenario #2: Social Engineering
Definition: an attack
that relies heavily on
human interaction and
involves tricking people
into breaking security
procedures.
Variation: call from IT,
reset password, install
a software, click a
link, etc
71. khairulmizam@upm.edu.my
Scenario #4: To do
71
● Slow down
● Research the facts
● Never provide confidential
information to unknown
source (i.e. email)
● Beware of any downloads
and links
● Update OS and anti-virus
regularly
73. khairulmizam@upm.edu.my
What to do if you are a victim?
73
1. Disconnect from network
2. Inform online account
provider
3. Report to authority
4. Get help
76. khairulmizam@upm.edu.my
Scenario #5: Man-in-the-middle attack
76
Definition: an
attacker secretly
relays and alters
the communication
between two parties
who believe they are
directly
communicating with
each other..
Reference:http://goo.gl/22mq8V
78. khairulmizam@upm.edu.my
Scenario #5: To do & Not to do
78
To Do
● Avoid using public Wi-Fi
(if possible)
● Avoid entering passwords
when using public Wi-Fi
connections
● Use HTTPS or VPN if you
need to enter passwords