by: travis holm. security awareness is the knowledge and attitude members of an organization...
Post on 22-Dec-2015
215 views
TRANSCRIPT
SECURITY AWARENESS
PRESENTATION By: Travis Holm
What is Security Awareness?
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially information assets of that organization
2 PARTS:
Personal/Identity Security
Information Security
IDENTITY THEFT
What is Identity Theft?
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes
It can destroy your credit and your good name
Identity Theft Fact:
The FTC estimates that as many as 9 million Americans have their identities stolen each year. (2009) In fact, you or someone you know may have experienced some form of identity theft
Identity Theft:
This crime takes many forms:
Credit Card FraudPhone or Utilities FraudBank/Finance FraudObtain Government DocumentsOther Fraud
Identity Theft:
How do thieves steal an identity?
For identity thieves, your personal information is as good as gold!!
Thieves use a variety of methods to get hold of your personal information, including:
How do thieves steal an identity?
Dumpster Diving - They rummage through trash looking for bills
Skimming - They steal credit/debit card numbers by using a special storage device
Phishing - They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information
How do thieves steal an identity?
Changing Your Address - They divert your billing statements to another location by completing a change of address form
Old-Fashioned Stealing - They physically steal wallets/purses & postal mail; steal personnel records, or bribe employees who have access
What do thieves do once they have your identity?
Credit Card Fraud:
- They may open new credit card accounts in your name
- They may change the billing address on your credit card
What do thieves do once they have your identity?
Phone or Utilities Fraud:
- They may open a new phone or wireless account in your name
- They may use your name to get utility services like electricity, heating, or cable TV
What do thieves do once they have your identity?
Bank/Finance Fraud:
- They may create counterfeit checks
- May open a bank account in your name
- Clone your ATM card- Take out a loan
What do thieves do once they have your identity?
Government Documents Fraud:
- They may get a drivers license - Use your name and SS # to get government benefits
- File a fraudulent tax return
What do thieves do once they have your identity?
Other Fraud:
- Apply for and get a job - Rent a house/apartment - Receive medical services- Give out your personal information during an arrest
Monitor Your Identity
Monitor your accounts and bank statements each month
Check your credit report on a regular basis
3 Major Credit Reporting Bureaus….
What to do if your Identity is stolen?
Check your credit reports Notify creditors immediately Dispute any unauthorized
transactions Last, but not least, file a police
report
Do your part to prevent Identity theft!!
Be aware how information is stolen Educate your family, friends, and others Basic awareness and common sense Treat your trash and mail carefully
What is Information Security?
Describes the tasks of guarding information that is in a digital format
Integrity
Confidentiality
Availability
Information Security Terminology:
AssetSomething that has value
ThreatAn event or object that may defeat the security measures in place
Threat AgentPerson or thing that has the power to carry out a threat
Information Security Terminology:
VulnerabilityWeakness that allows a threat
agent to bypass security Exploiting
To take advantage of a vulnerability
RiskLikelihood that a threat agent will
exploit a vulnerability
Who are the Attackers?
Hackers
Identifies anyone who illegally breaks into or attempts to break into a computer system
A Person who uses his or her advanced computer skills to attack computers only to expose security flaws
Who are the Attackers?
Crackers
Refers to a person who violates system security with malicious intent
Who are the Attackers?
Script Kiddies
Unskilled Users They download automated hacking
software
Who are the Attackers?
Spies
A person who has been hired to break into a computer and steal information
Who are the Attackers?
Thieves
Search for any unprotected computer
*From July through December of 2004, 54 percent of the top 50
malicious Internet programs were designed to steal confidential
financial information*
Who are the Attackers?
Employees
Yes, your own employees!!
Who are the Attackers?
Cyberterrorists
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens and wreak havoc with vital information systems
Such people may attack because of their ideology/beliefs
Types of Attacks on Desktop Computers
Malware (Malicious Software)
Used to describe computer programs designed to break into and create havoc
Most common types of malware are:
Common Types of Malware
Viruses
A program that secretly attaches itself to a document or another program and executes when that document or program is opened
Common Types of Malware
Worms
Similar to viruses, but does not attach to a document to spread, but can travel by itself
A worm does not always require action by the computer user to begin its execution
Common Types of Malware
Logic Bombs
A computer program that lies dormant until it is triggered by a specific logical event
Types of Attacks on Desktop Computers
Spyware
General term used for describing software that violates a users personal security
Approximately 116,386 Web pages distributed spyware during April 2005
Spyware Tools
Adware
Software that delivers advertising content in a manner this is unexpected and unwanted by the end user
Spyware Tools
Phishing
Involves sending an e-mail or displaying web announcements that falsely claims to be from a legitimate enterprise
Another Phishing Example:
Spyware Tools
Keyloggers (Keystroke Logger)
Either a hardware device or a small software program that monitors keystrokes
May observe the program running in: MS Windows , Windows Task Manager
Basic Attacks
Social Engineering
Social interaction that preys on human gullibility, sympathy, or fear to take advantage of the target; to steal money, information, or other valuables – basically a con man/woman
Basic Attacks
Password Guessing
Brute Force – systematically changing one character at a time
Dictionary Attack – takes each word from a dictionary and encodes it the same way the computer encodes a user’s password for protection
Basic Attacks
Physical Theft
February 2005 – The Bank of America said that it lost computer backup tapes containing personal information on about 1.2 million charge card users
May 2005 – Time Warner, Inc. reported that information on 600,000 current and former employees was missing
Basic Attacks
Improperly Recycled Computers
Many people give them to schools, charities, or sell them online
To erase the data completely use a DOD Wipe program
Desktop Defense
Patch Software
Describes software security updates that vendors provide for their programs and operating systems
Windows/Microsoft Update
Desktop Defense
Firewalls
Designed to prevent malicious packets from entering the network or computers
Software or Hardware based Some routers have built in NAT
Desktop Defense
Strong Passwords (Basic Rules)
Have at least 8 characters Combination of letters, numbers,
and special characters Replace every 30 days Do not reuse for 12 months
Example: U@ndI4evr
Desktop Defense
Antivirus Software
Software scans a computer for infections and isolates any file that contains a virus
Desktop Defense
Antispyware Software
Helps prevent computers from becoming infected by different type of spyware
Basically like antivirus software
Desktop Defense
How to Prepare
ALWAYS back-up your files that cannot be easily or quickly recreated!!! Portable USB hard drives Network attached storage device Internet/Online back-up Tape back-up CD/DVD ROM USB Flash Drive