SlideShare a Scribd company logo

Information Security

Download as PPT, PDF
V
vadapav123

Information security, creating awareness, educating staff and protecting information

Technology
1 of 28
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson
2 Topics Covered  Data Privacy  Spyware & Adware  SPAM & SPIM  Phishing  Passwords  Social Engineering  Email & Chat Services  Securing Workstations  Data Backups  Equipment Disposal  Data Recovery Demo  Data Disposal  Access Rights  Physical Security  Emerging Threats  Incident Response  Creating Awareness  Questions  Useful Links
3 Why Security?  Liability  Privacy Concerns  Copyright Violations  Identity Theft  Resource Violations  Reputation Protection  Meet Expectations  Laws & Regulations
4 Understanding Threats What is valuable? What is vulnerable? What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Most believe they will win lottery before getting hit by malicious code
5 Protecting Information like: Social Security Number Drivers license number Insurance numbers Passwords and PIN’s Banking information Keep Sensitive Data Private
6 Terminology Hackers – white hat – grey hat – black hat DOS & DDOS 1337 (Leet) speak Warez Script kiddies
7 Spyware & Adware (Scumware) Spyware-Applications that monitor activity without express permission Adware-Applications that monitor activity with express permission – Read the EULA
8 SPAM & SPIM SPAM- – Junk email SPIM- SPAM has come to Instant Messaging – Uncontrolled viewing (pop-up windows) – Bot generated
9 Phishing  Phishing is a computer scam that uses SPAM, SPIM & pop-up messages to trick us into disclosing private information (Social Security Number, Credit Cards, banking data, passwords, etc) – Often sent from someone that we “trust” or are in some way associated with us – Appears to be a legitimate website – Embedded in links emails & pop-up message – Phishing emails often contain spyware designed to give remote control to our computer or track our online activities
10  Select a good one – At least 7 characters – Mixture of upper and lowercase characters – Mixture of alpha and numeric characters – Don’t use dictionary words  Keep passwords safe  Change them often  Don’t share or reuse passwords  Two-factor authentication Passwords
11 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception
12 Email & Chat Services  Email and chat are sent in clear text over the Internet  Data can easily be captured and read by savvy computer users and systems administrators  Safeguards should be put into place prior to using these programs for sending/receiving sensitive information like Social Security Numbers
13 Enhance Our Work Area Security  Secure workstations – Lock our systems (Ctrl-Alt-Delete) – Shut down – Run up to date virus scanning software – Password protect files – Apply software patches – Install cable locks – Run a desktop firewall
14 Is Our Data Being Backed Up? Test backups Securely store backup media (offsite) Restrict access to who can perform restoration
15 Equipment Disposal What happens to old computer when they are replaced? Do those systems contain sensitive information? Several programs to securely remove data from computer systems are commercially available
16 Data Recovery DEMO
17 Dumpster Diving We never know who is looking in our trash Shred sensitive documents Secure shred barrels, and make sure that proper handling procedures are in place
18 Access Rights  Only allow access that is absolutely required  Don’t grant accounts based on the fact that access “may” be required  Use least privilege access policies that state access will only be granted if required, not by default  Are accounts removed and passwords changed when someone changes jobs or is terminated?  Perform audits
19 Physical Security Who has access? Are sensitive documents secured?
20 Emerging Threats  Wireless Technology  Memory Devices-iPod, USB Keys, Coke cans, etc  Camera phones  P2P File Sharing
21 Incident Response Do you know what to do and who to contact if a security breach occurs?
22 Recent News
23 Creating Awareness  Educate staff – Train staff – Document processes and outline expectations  Research potential candidates – Perform background & credit checks  Track system changes – Audit system access – Audit system changes  Create & communicate policies: – Define document and system disposal processes – Define backup procedures – Define clean work area policies – Define computer usage policies
24 Be Aware Report anything “strange” Don’t give private information out Properly dispose of sensitive information Run up to date virus protection & software Ask questions
25 Useful Links National Cyber Security Alliance http://www.staysafeonline.info/ National Institute of Standards and Technology: http://csrc.nist.gov/sec-cert/ Recent News High Profile Computer Compromise High Profile Computer Compromise A lot of Schools have great security resource pages, for example UC Davis and the University of Iowa websites: http://security.ucdavis.edu/security101.cfm http://cio.uiowa.edu/itsecurity/
26 Example Software References Some various applications mentioned in the presentation*  Email Security – PGP http://www.pgp.com – Instant Messaging Security – Simp http://www.secway.fr/products/all.php?PARAM=us,text – Adware & Spyware Removal Applications – Ad-aware http://www.lavasoftusa.com/software/adaware/ – Spybot http://www.safer-networking.org/en/download/  Secure File Deletion – Secure Delete http://www.sysinternals.com/ntw2k/source/sdelete.shtml  System Disposal – Secure Hard Drive cleaning http://www.accessdata.com/Product07_Overview.htm * Use of these tools is not an endorsement or guarantee of product reliability or effectiveness
27 Sample Policies Developing Security Policy – http://www.sans.org/rr/papers/50/919.pdf Acceptable Use – http://www.sans.org/resources/policies/Acc eptable_Use_Policy.pdf
28 Questions? Please fill out the session evaluations & thank you for attending this session

Recommended

Information security
Information security Information security
Information security AishaIshaq4
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 
IT security
IT securityIT security
IT securityAman Jain
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 

Recommended

Information security
Information security Information security
Information security AishaIshaq4
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 
IT security
IT securityIT security
IT securityAman Jain
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCAT-NET Services, Inc. - Charleston Division
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Infosec
InfosecInfosec
InfosecIsmaila Gassama
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Cyber security
Cyber securityCyber security
Cyber securityAkdu095
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Data security
Data securityData security
Data securityAbdulBasit938
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 

More Related Content

What's hot

The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Cyber security
Cyber securityCyber security
Cyber securityAkdu095
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 

What's hot (20)

Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Cia security model
Cia security modelCia security model
Cia security model
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Infosec
InfosecInfosec
Infosec
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
 
Cyber security
Cyber securityCyber security
Cyber security
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Data security
Data securityData security
Data security
 

Similar to Information Security

IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics pptWulax37
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptxKhristine Botin
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 

Similar to Information Security (20)

IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Unit v
Unit vUnit v
Unit v
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Information Security

  • 1. Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson
  • 2. 2 Topics Covered  Data Privacy  Spyware & Adware  SPAM & SPIM  Phishing  Passwords  Social Engineering  Email & Chat Services  Securing Workstations  Data Backups  Equipment Disposal  Data Recovery Demo  Data Disposal  Access Rights  Physical Security  Emerging Threats  Incident Response  Creating Awareness  Questions  Useful Links
  • 3. 3 Why Security?  Liability  Privacy Concerns  Copyright Violations  Identity Theft  Resource Violations  Reputation Protection  Meet Expectations  Laws & Regulations
  • 4. 4 Understanding Threats What is valuable? What is vulnerable? What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Most believe they will win lottery before getting hit by malicious code
  • 5. 5 Protecting Information like: Social Security Number Drivers license number Insurance numbers Passwords and PIN’s Banking information Keep Sensitive Data Private
  • 6. 6 Terminology Hackers – white hat – grey hat – black hat DOS & DDOS 1337 (Leet) speak Warez Script kiddies
  • 7. 7 Spyware & Adware (Scumware) Spyware-Applications that monitor activity without express permission Adware-Applications that monitor activity with express permission – Read the EULA
  • 8. 8 SPAM & SPIM SPAM- – Junk email SPIM- SPAM has come to Instant Messaging – Uncontrolled viewing (pop-up windows) – Bot generated
  • 9. 9 Phishing  Phishing is a computer scam that uses SPAM, SPIM & pop-up messages to trick us into disclosing private information (Social Security Number, Credit Cards, banking data, passwords, etc) – Often sent from someone that we “trust” or are in some way associated with us – Appears to be a legitimate website – Embedded in links emails & pop-up message – Phishing emails often contain spyware designed to give remote control to our computer or track our online activities
  • 10. 10  Select a good one – At least 7 characters – Mixture of upper and lowercase characters – Mixture of alpha and numeric characters – Don’t use dictionary words  Keep passwords safe  Change them often  Don’t share or reuse passwords  Two-factor authentication Passwords
  • 11. 11 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception
  • 12. 12 Email & Chat Services  Email and chat are sent in clear text over the Internet  Data can easily be captured and read by savvy computer users and systems administrators  Safeguards should be put into place prior to using these programs for sending/receiving sensitive information like Social Security Numbers
  • 13. 13 Enhance Our Work Area Security  Secure workstations – Lock our systems (Ctrl-Alt-Delete) – Shut down – Run up to date virus scanning software – Password protect files – Apply software patches – Install cable locks – Run a desktop firewall
  • 14. 14 Is Our Data Being Backed Up? Test backups Securely store backup media (offsite) Restrict access to who can perform restoration
  • 15. 15 Equipment Disposal What happens to old computer when they are replaced? Do those systems contain sensitive information? Several programs to securely remove data from computer systems are commercially available
  • 17. 17 Dumpster Diving We never know who is looking in our trash Shred sensitive documents Secure shred barrels, and make sure that proper handling procedures are in place
  • 18. 18 Access Rights  Only allow access that is absolutely required  Don’t grant accounts based on the fact that access “may” be required  Use least privilege access policies that state access will only be granted if required, not by default  Are accounts removed and passwords changed when someone changes jobs or is terminated?  Perform audits
  • 19. 19 Physical Security Who has access? Are sensitive documents secured?
  • 20. 20 Emerging Threats  Wireless Technology  Memory Devices-iPod, USB Keys, Coke cans, etc  Camera phones  P2P File Sharing
  • 21. 21 Incident Response Do you know what to do and who to contact if a security breach occurs?
  • 23. 23 Creating Awareness  Educate staff – Train staff – Document processes and outline expectations  Research potential candidates – Perform background & credit checks  Track system changes – Audit system access – Audit system changes  Create & communicate policies: – Define document and system disposal processes – Define backup procedures – Define clean work area policies – Define computer usage policies
  • 24. 24 Be Aware Report anything “strange” Don’t give private information out Properly dispose of sensitive information Run up to date virus protection & software Ask questions
  • 25. 25 Useful Links National Cyber Security Alliance http://www.staysafeonline.info/ National Institute of Standards and Technology: http://csrc.nist.gov/sec-cert/ Recent News High Profile Computer Compromise High Profile Computer Compromise A lot of Schools have great security resource pages, for example UC Davis and the University of Iowa websites: http://security.ucdavis.edu/security101.cfm http://cio.uiowa.edu/itsecurity/
  • 26. 26 Example Software References Some various applications mentioned in the presentation*  Email Security – PGP http://www.pgp.com – Instant Messaging Security – Simp http://www.secway.fr/products/all.php?PARAM=us,text – Adware & Spyware Removal Applications – Ad-aware http://www.lavasoftusa.com/software/adaware/ – Spybot http://www.safer-networking.org/en/download/  Secure File Deletion – Secure Delete http://www.sysinternals.com/ntw2k/source/sdelete.shtml  System Disposal – Secure Hard Drive cleaning http://www.accessdata.com/Product07_Overview.htm * Use of these tools is not an endorsement or guarantee of product reliability or effectiveness
  • 27. 27 Sample Policies Developing Security Policy – http://www.sans.org/rr/papers/50/919.pdf Acceptable Use – http://www.sans.org/resources/policies/Acc eptable_Use_Policy.pdf
  • 28. 28 Questions? Please fill out the session evaluations & thank you for attending this session

Editor's Notes

  1. <number>