Download - Eac Session Eac Session
-
7/24/2019 Eac Session Eac Session
1/28
Information Security Creating Awareness,Educating Sta, and
Protecting Information
Session 46
Chris Aidan, CISSP
Information Security Manager
Pearson
-
7/24/2019 Eac Session Eac Session
2/28
2
Topics Covered
Data Privacy
Spyware & Adware
SPAM & SPIMPhishing
Passwords
Social EngineeringEmail & Chat Services
Securing or!stations
Data "ac!ups
E#uipment DisposalData $ecovery DemoData DisposalAccess $ightsPhysical SecurityEmerging %hreats
Incident $esponse
Creating Awarenessuestions'seful (in!s
-
7/24/2019 Eac Session Eac Session
3/28
3
Why Security?
(ia)ility
Privacy Concerns
Copyright *iolations
Identity %heft
$esource *iolations
$eputation Protection
Meet E+pectations
(aws & $egulations
-
7/24/2019 Eac Session Eac Session
4/28
4
Understanding Threats
hat is valua)le
hat is vulnera)le
hat can we do to safeguard and
mitigate threats
hat can we do to prepare ourselvesMost )elieve they will win lottery )efore
getting hit )y malicious code
-
7/24/2019 Eac Session Eac Session
5/28
5
Protecting Information li!e-
Social Security .um)erDrivers license num)erInsurance num)ersPasswords and PI./s
"an!ing information
Keep Sensitive Data Private
-
7/24/2019 Eac Session Eac Session
6/28
6
Terminology
0ac!ers1
white hat1 grey hat
1 )lac! hat
D2S & DD2S
3445 6(eet7 spea!
are8
Script !iddies
-
7/24/2019 Eac Session Eac Session
7/28 7
Spyware & Adware
Scumware!
Spyware9Applications that monitor
activitywithout
e+press permissionAdware9Applications that monitor
activity withe+press permission
1$ead the E'(A
-
7/24/2019 Eac Session Eac Session
8/28 8
SPA" & SP#"
SPAM9
1 :un! emailSPIM9 SPAM has come to Instant
Messaging
1 'ncontrolled viewing 6pop9up windows71 "ot generated
-
7/24/2019 Eac Session Eac Session
9/28 9
Phishing
Phishingis a computer scam that usesSPAM, SPIM & pop9up messages to tric! us
into disclosing private information 6SocialSecurity .um)er, Credit Cards, )an!ing data,passwords, etc71 2ften sent from someone that we ;trust< or are in
some way associated with us
1Appears to )e a legitimate we)site1 Em)edded in lin!s emails & pop9up message1 Phishing emails often contain spyware designed to
give remote control to our computer or trac! ouronline activities
-
7/24/2019 Eac Session Eac Session
10/28 10
Select a good one1At least 5 characters
1 Mi+ture of upper and lowercase characters
1 Mi+ture of alpha and numeric characters
1 Don/t use dictionary words
=eep passwords safe
Change them often
Don/t share or reuse passwords
%wo9factor authentication
Passwords
-
7/24/2019 Eac Session Eac Session
11/28 11
Social $ngineering
Social Engineering is the art of pryinginformation out of someone else to
o)tain access or gain important details
a)out a particular system through the
use of deception
-
7/24/2019 Eac Session Eac Session
12/28 12
$mail & Chat Services
Email and chat are sent in clear te+t over the
Internet
Data can easily )e captured and read )y
savvy computer users and systems
administrators
Safeguards should )e put into place prior tousing these programs for sending>receiving
sensitive information li!e Social Security
.um)ers
-
7/24/2019 Eac Session Eac Session
13/28 13
$nhance %ur Wor Area
Security
Secure wor!stations
1 (oc! our systems 6Ctrl9Alt9Delete7
1 Shut down
1 $un up to date virus scanning software
1 Password protect files
1Apply software patches1 Install ca)le loc!s
1 $un a des!top firewall
-
7/24/2019 Eac Session Eac Session
14/28 14
#s %ur Data 'eing
'aced Up?
%est )ac!ups
Securely store )ac!up media 6offsite7$estrict access to who can perform
restoration
-
7/24/2019 Eac Session Eac Session
15/28 15
$(uipment Disposal
hat happens to old computer when
they are replacedDo those systems contain sensitive
information
Several programs to securely removedata from computer systems are
commercially availa)le
-
7/24/2019 Eac Session Eac Session
16/28 16
Data )ecovery
DEMO
-
7/24/2019 Eac Session Eac Session
17/28 17
Dumpster Diving
e never !now who is loo!ing in our
trashShred sensitive documents
Secure shred )arrels, and ma!e sure
that proper handling procedures are inplace
-
7/24/2019 Eac Session Eac Session
18/28 18
Access )ights
2nly allow access that is a)solutely re#uiredDon/t grant accounts )ased on the fact that
access ;may< )e re#uired'se least privilege access policies that state
access will only )e granted if re#uired, not )ydefault
Are accounts removed and passwordschanged when someone changes ?o)s or isterminated
Perform audits
-
7/24/2019 Eac Session Eac Session
19/28
19
Physical Security
ho has access
Are sensitive documents secured
-
7/24/2019 Eac Session Eac Session
20/28
20
$merging Threats
ireless %echnology
Memory Devices9iPod,
'S" =eys, Co!e cans, etc
Camera phones
P@P ile Sharing
-
7/24/2019 Eac Session Eac Session
21/28
21
#ncident )esponse
Do you !now what to do and who to
contact if a security )reach occurs
-
7/24/2019 Eac Session Eac Session
22/28
22
)ecent *ews
-
7/24/2019 Eac Session Eac Session
23/28
23
Creating Awareness
Educate staff1 %rain staff
1 Document processes and outline e+pectations
$esearch potential candidates1 Perform )ac!ground & credit chec!s
%rac! system changes1 Audit system access
1 Audit system changes
Create & communicate policies-1 Define document and system disposal processes
1 Define )ac!up procedures
1 Define clean wor! area policies
1 Define computer usage policies
-
7/24/2019 Eac Session Eac Session
24/28
24
'e Aware
$eport anything ;strange>wwwBstaysafeonlineBinfo>
.ational Institute of Standards and %echnology-
http->>csrcBnistBgov>sec9cert>
$ecent .ews0igh Profile Computer Compromise
0igh Profile Computer Compromise
A lot of Schools have great security resource pages, for e+ample'C Davis and the 'niversity of Iowa we)sites-
http->>securityBucdavisBedu>security33Bcfm
http->>cioBuiowaBedu>itsecurity>
http://www.staysafeonline.info/http://news.com.com/Hacker+strikes+university+computer+system/2100-7349_3-5418388.html?tag=cd.tophttp://news.com.com/Hacker+strikes+university+computer+system/2100-7349_3-5418388.html?tag=cd.tophttp://www.staysafeonline.info/ -
7/24/2019 Eac Session Eac Session
26/28
-
7/24/2019 Eac Session Eac Session
27/28
27
Sample Policies
Developing Security Policy
1http->>wwwBsansBorg>rr>papers>H>3Bpdf
Accepta)le 'se
1 http->>wwwBsansBorg>resources>policies>Acc
epta)leG'seGPolicyBpdf
-
7/24/2019 Eac Session Eac Session
28/28
28
.uestions?
Please fill out the session evaluations & than! you forattending this session