by: travis holm. security awareness is the knowledge and attitude members of an organization...

SECURITY AWARENESS

PRESENTATION By: Travis Holm

What is Security Awareness?

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially information assets of that organization

2 PARTS:

Personal/Identity Security

Information Security

IDENTITY THEFT

What is Identity Theft?

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes

It can destroy your credit and your good name

Identity Theft Fact:

The FTC estimates that as many as 9 million Americans have their identities stolen each year. (2009) In fact, you or someone you know may have experienced some form of identity theft

Identity Theft:

This crime takes many forms:

Credit Card FraudPhone or Utilities FraudBank/Finance FraudObtain Government DocumentsOther Fraud

Identity Theft:

How do thieves steal an identity?

For identity thieves, your personal information is as good as gold!!

Thieves use a variety of methods to get hold of your personal information, including:


Dumpster Diving - They rummage through trash looking for bills

Skimming - They steal credit/debit card numbers by using a special storage device

Phishing - They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information


Changing Your Address - They divert your billing statements to another location by completing a change of address form

Old-Fashioned Stealing - They physically steal wallets/purses & postal mail; steal personnel records, or bribe employees who have access

What do thieves do once they have your identity?

Credit Card Fraud:

- They may open new credit card accounts in your name

- They may change the billing address on your credit card


Phone or Utilities Fraud:

- They may open a new phone or wireless account in your name

- They may use your name to get utility services like electricity, heating, or cable TV


Bank/Finance Fraud:

- They may create counterfeit checks

- May open a bank account in your name

- Clone your ATM card- Take out a loan


Government Documents Fraud:

- They may get a drivers license - Use your name and SS # to get government benefits

- File a fraudulent tax return


Other Fraud:

- Apply for and get a job - Rent a house/apartment - Receive medical services- Give out your personal information during an arrest

Monitor Your Identity

Monitor your accounts and bank statements each month

Check your credit report on a regular basis

3 Major Credit Reporting Bureaus….

What to do if your Identity is stolen?

Check your credit reports Notify creditors immediately Dispute any unauthorized

transactions Last, but not least, file a police

report

Do your part to prevent Identity theft!!

Be aware how information is stolen Educate your family, friends, and others Basic awareness and common sense Treat your trash and mail carefully

What is Information Security?

Describes the tasks of guarding information that is in a digital format

Integrity

Confidentiality

Availability

Information Security Terminology:

AssetSomething that has value

ThreatAn event or object that may defeat the security measures in place

Threat AgentPerson or thing that has the power to carry out a threat

Information Security Terminology:

VulnerabilityWeakness that allows a threat

agent to bypass security Exploiting

To take advantage of a vulnerability

RiskLikelihood that a threat agent will

exploit a vulnerability

Who are the Attackers?

Hackers

Identifies anyone who illegally breaks into or attempts to break into a computer system

A Person who uses his or her advanced computer skills to attack computers only to expose security flaws


Crackers

Refers to a person who violates system security with malicious intent


Script Kiddies

Unskilled Users They download automated hacking

software


Spies

A person who has been hired to break into a computer and steal information


Thieves

Search for any unprotected computer

*From July through December of 2004, 54 percent of the top 50

malicious Internet programs were designed to steal confidential

financial information*


Employees

Yes, your own employees!!


Cyberterrorists

Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens and wreak havoc with vital information systems

Such people may attack because of their ideology/beliefs

Types of Attacks on Desktop Computers

Malware (Malicious Software)

Used to describe computer programs designed to break into and create havoc

Most common types of malware are:

Common Types of Malware

Viruses

A program that secretly attaches itself to a document or another program and executes when that document or program is opened


Worms

Similar to viruses, but does not attach to a document to spread, but can travel by itself

A worm does not always require action by the computer user to begin its execution


Logic Bombs

A computer program that lies dormant until it is triggered by a specific logical event

Types of Attacks on Desktop Computers

Spyware

General term used for describing software that violates a users personal security

Approximately 116,386 Web pages distributed spyware during April 2005

Spyware Tools

Adware

Software that delivers advertising content in a manner this is unexpected and unwanted by the end user

Spyware Tools

Phishing

Involves sending an e-mail or displaying web announcements that falsely claims to be from a legitimate enterprise

Another Phishing Example:

Spyware Tools

Keyloggers (Keystroke Logger)

Either a hardware device or a small software program that monitors keystrokes

May observe the program running in: MS Windows , Windows Task Manager

Basic Attacks

Social Engineering

Social interaction that preys on human gullibility, sympathy, or fear to take advantage of the target; to steal money, information, or other valuables – basically a con man/woman

Basic Attacks

Password Guessing

Brute Force – systematically changing one character at a time

Dictionary Attack – takes each word from a dictionary and encodes it the same way the computer encodes a user’s password for protection

Basic Attacks

Physical Theft

February 2005 – The Bank of America said that it lost computer backup tapes containing personal information on about 1.2 million charge card users

May 2005 – Time Warner, Inc. reported that information on 600,000 current and former employees was missing

Basic Attacks

Improperly Recycled Computers

Many people give them to schools, charities, or sell them online

To erase the data completely use a DOD Wipe program

Desktop Defense

Patch Software

Describes software security updates that vendors provide for their programs and operating systems

Windows/Microsoft Update

Desktop Defense

Firewalls

Designed to prevent malicious packets from entering the network or computers

Software or Hardware based Some routers have built in NAT

Desktop Defense

Strong Passwords (Basic Rules)

Have at least 8 characters Combination of letters, numbers,

and special characters Replace every 30 days Do not reuse for 12 months

Example: U@ndI4evr

Desktop Defense

Antivirus Software

Software scans a computer for infections and isolates any file that contains a virus

Desktop Defense

Antispyware Software

Helps prevent computers from becoming infected by different type of spyware

Basically like antivirus software

Desktop Defense

How to Prepare

ALWAYS back-up your files that cannot be easily or quickly recreated!!! Portable USB hard drives Network attached storage device Internet/Online back-up Tape back-up CD/DVD ROM USB Flash Drive

by: travis holm. security awareness is the knowledge and attitude members of an organization...

Documents

fraud slide

threat slide

organization slide

credit card slide

loan slide

access slide

arrest slide

personal information