information security awareness, middle management
DESCRIPTION
Information security awareness for middle managementTRANSCRIPT
Haneen Iemeir
Information Security Awareness
Information Technology Dept. By Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Cyber Attacks
Computer-to-computer attack that undermines the confidentiality, integrity, or availability of a computer or information resident on it
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Examples
Espionage Organizations-targeted Personnel-targeted Kiddies Botnets
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Stuxnet /Iran nuclear
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Flame
It was discovered in 2012 but it had been operating since 2010.
Attacked Middle East and Asia Collected sensitive data of regular individuals, business men and military personnel.
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Heartland Payment Systems
Phishing out over 100 million individual card numbers, costing Heartland more then $140 million
dollars in damages incurred in 2008 Started with PHISHING to a regular customer
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirPHISHING.. Simplest example
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Link Clicked .. Oops !
Data is stolen Software is installed … Malware Computer is infected and may infect others on network
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirHow do hackers GET AWAY WITH IT!
BOTNET
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir Could my PC be a botnet?
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
So WHAT ?? Theft of hard disk data, photos and videos Destruction to hard disk and data performance issues Malfunction of applications
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirMost Common Threats
Infected USB Email phishing, pretend to be some one else asking you to do something
Social engineering, https://www.youtube.com/watch?v=HJXJkpir-ds
Social Networking, https://www.youtube.com/watch?v=T1EZVFoZq4A
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Most Common Threats
Unknown attachments, https://www.youtube.com/watch?v=5grTJH3B_70
Mobile devices, theft or hack Hard disk failures Malicious codes Accessing business desktop form outside
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
MOST of Most POOR PASSWORD and ACCESS management
Unawareness of data importance INSIDER THREATS DOWNTIMES !!
On may 2013, it was reported that %58 of cyber attacks attributed to insider attack
Intentional harm or misuse of access
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirWHY ???
An employee having the password of another employee is not afraid of consequences and disciplinary actions.
An employee who access data that he/she is NOT responsible of DO NOT pay care to confidentiality agreements regarding this data!
Unaware employee can lose data and infect the network
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirDowntime; availability & Confidentiality
If there is no well-documented business continuity plan,, you either end up with NO productivity or paper work will be a total mess!!
Switching back from paper to information systems needs authorized procedure and personnel.
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
How to …. Safeguard my PC and Mobil either at home or at office? Protect my integrity,, not allowing anyone to abuse me? Pay due-care towards my signed code of conducts?
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirSafeguards .. Data classification. To know the importance of data I access; i.e. when I travel
Do not open emails or messages from unknown people, DELETE.
Keep my password secret, complex and changed periodically; Password Policy
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirSafeguards ..
UPGRADE OS of desktop & mobile, ANTIVIRUS and other applications.
LOG OFF your computers after work hours
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Safeguards .. Control privileged access to my staff; IT Privilege Request Form & annual privilege review
Good job description and confidentiality agreements.
Do not click on unknown LINKS Use UPDATED Anti-spam
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirSafeguards ..
Do NOT use the same password for all your accounts.
Avoid UNLICENSED software Close your office when leaving Pay attention to shoulder surfing Use secure devices to access business systems Either from home or via smart phone.
Scan USB before opening it
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirSafeguards .. Use SHAREFOLDERs, Sharefolder request form
When implementing new systems,, consult IT for security
and performance issues.
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Business Continuity Plan Define Critical business procedures Paper/manual alternative procedure Downtime period needed to pass before launching BCP
Who launches the BCP? Decision maker? How to go back to automatic systems after recovery?
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
Other Security Considerations Third Party Access NDA Policy
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
How to tell if I am hacked!!
Browser open websites by its own and you cannot close them
Antivirus is reporting infected file Passwords no longer work or they are locked out.
Suspicious applications on the desktop Unreasonable slowness of the system/network
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen IemeirReport Incidents All the previous systems Abuse of credentials Suspected employee activities
How to report ! http://khccportal/default.aspx
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir
Haneen Iemeir Thank You
IT Department, Haneen Iemeir
Haneen Iemeir