it security awareness

46
Presents Security Awareness Protect IT HAFEEZ UR REHMAN

Upload: hafeez-ur-rehman

Post on 15-May-2015

6.815 views

Category:

Education


0 download

DESCRIPTION

IT Security Awareness

TRANSCRIPT

Page 1: IT Security Awareness

Presents

Security Awareness

Protect IT

HAFEEZ UR REHMAN

Page 2: IT Security Awareness

Workshop Objectives

• What is IT security awareness?

• Your responsibilities as IT user

• Security issues you may face

• What should you do?

This workshop is designed to educateBusiness staff on the following:

Page 3: IT Security Awareness

What is Security Awareness?Security awareness is the advantage of knowing what types of security issues and incidents employees of Business may face in the day-to-day routine of their corporate function.

It is knowing what to do if you feel someone is attempting to:

• wrongfully take Business property or information

• obtain personal information about staff, clients or vendors

• utilize our resources for illegal or unethical purposes

There are many other security issues of which you need to be aware. We will discuss them in detail.

Page 4: IT Security Awareness

Your responsibility:

As an employee or contractor of Business, it is your responsibility to help in the protection and proper use of our information and technology assets.

What is Expected of You?

We are counting on you!

Page 5: IT Security Awareness

The former President of the United States, Bill Clinton, signed into law a bill which authorizes and acknowledges electronic signatures on legal documents.

As an example, the President also signed the bill electronically utilizing a ‘smart card’ and his password.

People world-wide watched as he entered the name of his dog “Buddy” as his password.

Real Life Example

(In memory of Buddy, who died in January 2002)

Page 6: IT Security Awareness

What Are “Information and Technology Assets”?

This term loosely describes the wide range of informationsources that our organization uses and the equipment thatwe use to access, process, and store this information.

Examples include:

Computers

Fax machines

Printers

Telephones

Networks

Software

Paper filesE-mail

… and more

Page 7: IT Security Awareness

Security Topics We Will Address

• Password construction• Password management• PC security• Backups• Building access• Social engineering

• Data confidentiality• E-mail usage• Internet usage• Viruses• Software piracy and copyrights

Page 8: IT Security Awareness

Passwords

Passwords are an integral part of overall security.

They are one of the vulnerabilities most frequently targeted by someone trying to break into a system.

If your password is compromised, your account allows the intruder access to do anything you are able to do on the system.

There are many ways that you can help protect your password and therefore, our organization’s information.

Page 9: IT Security Awareness

Password Construction

Bad examples:

Names:• Yours• Family• Pets

Personal Information:• Hobbies• Favorite teams• Birthdays

Dictionary Words:If used by themselves simple words make a bad password

Numbers:Numbers alone arenot a good password

Page 10: IT Security Awareness

Methods for creating strong passwords you can remember.

Password Construction

The Vanity Plate

Think of a password like a ‘vanity’ license plate utilizing letters and numbers to make up a phrase.

Too late again = 2L8again

Music is for me = MusikS4me

Day after today = dayFter2day

Page 11: IT Security Awareness

Password Construction

Compound Words

Compound words that we use every day are easy to remember. Spice them up with numbers and special characters. Also, misspell one or both of the words and you'll get a great password

Deadbolt = Ded&bowlt8

Blackboard = blaK4borD

Seashore = Seee@SHorr

Methods for creating strong passwords you can remember.

Page 12: IT Security Awareness

Phrases

Use the first letter of each word in a phrase or sentence.

Jack and Jill went up the hill to fetch a pail of water

J&Jwuth2fapoW

Methods for creating strong passwords you can remember.

Password Construction

Page 13: IT Security Awareness

Having a strong password is a great start but protecting it can be just as important.

Password Management

If you ever suspect your password has been compromised, please change your password and contact the appropriate person immediately.

As we’ve previously shown, once someone knows your user ID and your password, they have access to do everything on our systems that you do.

Anything they do will appear as though you did it.

Page 14: IT Security Awareness

Password Management

Do not share your password with anyone.

Never write down your password or store it in a computer file.

If you ever receive a telephone call from someone claiming to need your password, report it immediately.

When receiving technical assistance, enter your password instead of telling

it to the technology staff member.

Page 15: IT Security Awareness

PC Security

General PC Security

No matter what type of computer you use or where you use it there are a few things you should always do to protect your information.

Page 16: IT Security Awareness

While Traveling

Laptop thieves will look for you to drop your guard:

Industry groups estimate that there are as many as 400,000 laptops stolen each year. That’s over 1,000 per day!

At an airline or rental car counter While waiting for your plane While loading your things into a taxi At a public pay phone On the train or bus At your hotel While at a meeting or conference . . . And more

PC Security

Page 17: IT Security Awareness

While Traveling

In the airport:

• Do not leave your computer bag unattended.

PC Security

Page 18: IT Security Awareness

While Traveling

In the airport:

• Never check your computer as baggage.

PC Security

Page 19: IT Security Awareness

While Traveling

In the airport:

• Make sure that the pathway through the metal detector is clear before you place your computer on the x-ray conveyor.

PC Security

Page 20: IT Security Awareness

While Traveling

On a train or bus:

• Don’t become distracted by a decoy while an accomplice grabs your computer and runs.

• Be sure to keep a grasp on your computer at all times.

PC Security

Page 21: IT Security Awareness

While Traveling

In a hotel:

• When arriving at the hotel carry your computer to your room. Do not give it to the bell man or anyone else.

• If leaving your hotel room, make sure your laptop is secured to a solid fixture.

• Keep your hotel room door locked while in the room.

PC Security

Page 22: IT Security Awareness

Data Backups

Backup methods vary but there are important things to keep in mind to help prevent a loss of information.

• Perform a full backup whenever possible.

• Do not backup over your most recent backup media.

• Use a cycle of at least three backup media.

• Frequency of backups should be appropriate for the importance of the data on your computer.

Page 23: IT Security Awareness

Data Confidentiality

It is important that we protect our organization’s information.

Why?

• to maintain customer confidence

• to maintain public image

• to remain competitive

• to protect ourselves and other employees

Page 24: IT Security Awareness

To help maintain the confidentiality of our information:

• Don’t leave documents unattended on the copier or fax machine.

• Shred any confidential documents when discarding them.

• Encrypt highly confidential e-mail.

• Keep a “clean desk” and secure important files when leaving.

• Remove papers and wipe boards clean when finished using conference rooms.

Data Confidentiality

Page 25: IT Security Awareness

Building Security

• When entering secure areas do not let strangers ‘tailgate’ in behind you.

• Never prop open doors that lead to secured areas.

• When leaving at night try to exit with other co-workers if possible. There is some truth to the saying “safety in numbers.”

• If you ever lose an access card or key, report it immediately to the appropriate person for your facility.

• If you encounter strangers or unknown visitors in secured work areas, ask them if you could be of some assistance with a simple “May I help you?”

Page 26: IT Security Awareness

Social Engineering

To most people this is a new phrase:

A social engineer is a person that will deceive or con others into divulging information that they wouldn’t normally share.

“Social Engineer”

Page 27: IT Security Awareness

Social Engineering

Can you spot a social engineer in this group?

Page 28: IT Security Awareness

Social Engineering

Defending against a social engineering attempt is not easy. Usually you won’t know when it occurs until it is too late. But there are a few things you can do that might help.

If someone phones and asks you for information that you know is confidential information, don’t be afraid to ask a few questions yourself.

• Ask for the correct spelling of the caller’s name.• Ask for a number where you can return the call.• Ask why the information is needed.• Ask who has authorized the request and let the caller know that you will verify the authorization.

Page 29: IT Security Awareness

Social Engineering

If an unknown person appears and asks for confidential information try one or more of these steps:

• Ask for some identification.

• Ask who has authorized this request so that you may verify the authorization.

• If you are not authorized to provide that information, offer to help locate the correct person.

• Seek assistance if you are unsure.

Page 30: IT Security Awareness

E-mail Usage

Inappropriate Use

This would include harassing messages, threats, sexually oriented content, racist remarks, etc.

They are a threat and a risk to the level of comfort we would like to maintain in our work environment.

These types of potentially offensive messages have no place within our organization.

Page 31: IT Security Awareness

E-mail Usage

Spam

Spam is basically unsolicited and usually unwanted e-mail that you may receive. It is usually a form of advertisement for anything from get-rich-quick schemes to pornography sites on the Internet.

The simplest thing to do with most spam messages is just hit the delete key - end of story. If the problem is persistent or you notice a lot of messages coming from the same source, please contact our Lotus Notes Administrator to block this source.

Page 32: IT Security Awareness

E-mail Usage

Chain letters and hoaxes

E-mail chain letters and hoaxes ask the receiver to forward the message on to a specified number or as many people as possible. This can become a burden on e-mail systems in both traffic and storage capacity.

Most e-mail chain letters are often based on events or occurrences that are referred to as hoaxes. They may reference some ‘reputable’ source but not provide any contact information.

Let’s look at one which was most frequently found...

Page 33: IT Security Awareness

E-mail Usage

• Tsunami Ribbon - This is a ribbon for the people’s families who have died in the tsunami in Indonesia. It is asked in the email to pass it on to everyone and pray & then it says that something good will happen to you tonight at 11:11PM. It also mentions that this is not a joke & someone will either call you or write to you online to say 'I Love U,' do not break this chain; send to 13 people in the next 15 min.

Chain letters

Page 34: IT Security Awareness

E-mail Usage

Now that you know some of the characteristics of these types of messages, you should simply delete them when received.

You should also discourage others from spreading these e-mails. They are a waste of your time and our system resources.

Chain letters and hoaxes

Page 35: IT Security Awareness

Internet Usage

You must also be careful where you go on the web for another reason. Anywhere you go, anything you do, can be traced back to you and the Business networks.

Imagine what would happen to our organization’s image if an adult site or hate site suddenly had evidence that one of our employees had surfed their site from our network.

You leave a trail of digital “footprints” when using the Internet

Page 36: IT Security Awareness

Internet Usage

Other Things You Should Know

If you sign-up or register with Internet sites or services external to our organization, it is important that you use an ID and password that is different from the one you use on our systems.

Page 37: IT Security Awareness

Computer Viruses

• There are more than 80,000 viruses in existence.

• There are as many as 500 new ones being discovered each month.

• A wide-spread virus incident can easily cause in excess of $100,000 in damages to a single organization.

Statistics

• Virus attacks cost organizations around the world $55.1 billion in a year.

• Viruses are becoming far more malicious, being specifically designed for destruction and damage.

Page 38: IT Security Awareness

Computer Viruses

Common Sources of Viruses

• Files downloaded from the Internet

• E-mail messages and attachments

• Files brought in from home computers

• Even shrink-wrapped commercial software can be a source of virus infection

Page 39: IT Security Awareness

Computer Viruses

Virus Defense

• Always use anti-virus software on your computer.

• Scan all files downloaded from the Internet.

• Ensure your anti-virus software is current.

• Scan all e-mail attachments.

• Use anti-virus software on home computers.

• Scan diskettes and CDs before using them.

• Report all virus incidents immediately.

Page 40: IT Security Awareness

Software Piracy and Copyrights

Freeware:

Shareware:

Software that may be freely copied, shared and used. The author often restricts altering or using it as a component of other software.

Software that may be freely copied and shared but used only for the trial period or use stated at which point a registration fee must be paid to continue its use.

To help prevent violations within our organization, let’s discuss the three general types of software licensing.

Page 41: IT Security Awareness

Software Piracy and Copyrights

Commercial Software:

Software that must be purchased before any use and allows for either:

• One installation per purchased copy (a retail license);• A negotiated number of installations (a corporate license); or• Installation on all computers within an organization (a site or enterprise license).

Page 42: IT Security Awareness

Software Piracy and Copyrights

• Only licensed software can be used in the company. The transfer and use of company software to private PCs or Notebooks is not allowed.

• The procurement of software has to be verified and approved by the IM department.

• Installation of software, even licensed copy, can only be done or supervised by the IM department.

The IM department reserves the right to check and, if necessary, delete unauthorized software or data from users’ PCs or Notebooks in order to ensure non-violation of company’s regulation.

Page 43: IT Security Awareness

Software Piracy and Copyrights

Copyrights: Printed Material

Printed material will generally indicate if it is copyrighted through either a copyright symbol © or a copyright notice such as “Copyright 2005 Business Corporation” appearing somewhere on the material. Copyrighted material may not be reproduced, photocopied or quoted without properly crediting the source. Always be sure to check for copyright notices.

Page 44: IT Security Awareness

Software Piracy and Copyrights

Copyrights: Internet

Material published on the Internet is also protected by copyright law. Just because right-clicking on a picture in your browser gives you the option to “copy” or “save picture as,” does not mean it is legal. Generally, unless the web site specifically states that the material may be freely copied, it should be considered copyrighted. Materials that are labeled as “free for personal use” should not be copied for use within our organization.

Page 45: IT Security Awareness

Summary

1. We need to protect our Business IT assets.

• Passwords construction• Password management• PC Security• Data Backup• Building Security• Data confidentiality

• Social Engineering• E-mail Usage• Internet Usage• Viruses• Software Piracy and Copyrights

Areas taken up:

2. Every employee must be aware of, understand and commit to act on any security situation quickly, appropriately and knowledgeably.

3. IT Security is everyone’s business.

Page 46: IT Security Awareness

Thank You!

www.funnypicturessite.blogspot.com