presents security awareness workshop audio introduction customized with your organizations name !!...

Presents

Security Awareness WorkshopAudio introduction customized with your organization’s name !!

Protect IT

We interrupt this demonstration version of the Protect IT: Security Awareness Workshop to let you know that the full

version of the workshop is available from:

Security Awareness, Inc3837 Northdale Blvd., Suite 320

Tampa, FL 336241-888-807-0888

Outside North America: 1-813-681-0095Email: [email protected]

On the web at: www.securityawareness.com

mailto:[email protected]

http://www.securityawareness.com/

Copyright 2001-2003 - Security Awareness, Inc (This notice and logo does not appear in the licensed version)

Workshop Objectives

• What is security awareness?

• Your responsibilities

• Security issues you may face

• What should you do?

The Protect IT workshop is designed to educate [your-name] staff on the following:


What is Security Awareness?

Security awareness is the advantage of knowing what types of security issues and incidents employees may face in the day-to-day routine of their corporate function.

It is knowing what to do if you feel someone is attempting to:

• wrongfully take [your-name] property or information

• obtain personal information about staff, clients or vendors

• utilize [your-name] resources for illegal or unethical purposes

There are many other security issues of which you need to be aware. We will discuss them in detail.


Responsibility:

As an employee or contractor of [org-name], it is your responsibility to help in the protection and proper use of our information and technology assets.

What is Expected of You?

We are counting on you!


What does this mean to you?

During your typical day, you may be exposed to situations where you may become aware of an attempt to breach an area of security.

• quickly• appropriately

• knowledgeably

You need to be prepared to act:

Remember, the resources you are protecting are there to help make your job easier.

What is Expected of You?


What Are “Information and Technology Assets”?

This term loosely describes the wide range of informationsources that our organization uses and the equipment thatwe use to access, process, and store this information.

Examples include:

Computers

Fax machines

Printers

Telephones

Networks

Software

Paper filesE-mail

… and more


Why Is This So Important?

By helping to safeguard these valuable business resources you could be saving money, time, jobs, our public image and customer confidence.

Nothing can impress on you the importance of this better than real-life examples. The next pages will explain someincidents that could have been easily avoided if the staffat these companies had received some security awarenesseducation and training.

Let’s take a look . . .


Real Life Example #1

An oil company was facing a lawsuit filed by four female employees offended by e-mail jokes that the employees felt were degrading to women. The newspapers noted at the time, "There was no indication that the women were referenced in any way in the e-mail messages”. The critical fact was that the women's e-mail addresses, for whatever reasons, had been included in the distribution list. Rather than try the case, the company paid the women $2.2 million plus legal fees and court costs.


A report from Computer Economics says that virus attacks cost organizations around the world $17.1 billion in 2001. The report concludes that over the last three years, a major programming shift has occurred with viruses becoming far more malicious, being specifically designed for destruction and damage.

Imagine what this has cost each of us, directly or in-directly, through increased prices and lost jobs.



The Business Software Alliance has reported that a major U.S. university recently paid $100,000 to settle claims that it had pirated Corel, Microsoft, Adobe and other companies’ software on school computers.

The BSA said it has collected over $47 million in corporate piracy claims over the past seven years.



Recently, the former President of the United States, Bill Clinton, signed into law a bill which authorizes and acknowledges electronic signatures on legal documents.

As an example, the President also signed the bill electronically utilizing a ‘smart card’ and his password.

People world-wide watched as he entered the name of his dog “Buddy” as his password.



So How Do We Start?

What you can do: • Become aware - Know how to identify a potential issue - Use sound judgement

• Learn and practice good security habits - incorporate secure practices into your everyday routine - encourage others to do so as well

• Report anything unusual - notify the appropriate contacts if you become aware of a security incident


Security Topics We Will Address

• Password construction• Password management• PC security• Backups• Building access• Social engineering• Data confidentiality

• E-mail usage• Internet usage• Viruses• Software piracy and copyrights• Telephone fraud• Personal security


Passwords

Passwords are an integral part of overall security.

They are one of the vulnerabilities most frequently targeted by someone trying to break into a system.

If your password is compromised, your account allows the intruder access to do anything you are able to do on the system.

There are many ways that you can help protect your password and therefore, our organization’s information.


Bad examples:

Names:• Yours• Family• Pets

Personal Information:• Hobbies• Favorite teams• Birthdays

Dictionary Words:If used by themselves simple words make a bad password

Numbers:Numbers alone arenot a good password

Password Construction


Why are those bad examples?

Many of the items mentioned as bad examples would be easy for someone to guess if they knew you or were able to obtain information about you.

A hacker or cracker may utilize a password cracking program. These programs will check every word in a dictionary, lists of common names, and all combinations of numbers against your password within seconds.



Guidelines for a better password:

Do not use names

Do not use personal information

Do not use dictionary words

Use at least eight (8) characters

Use both letters and numbers

Use special characters if possible (@#&$)

Use UPPER and lower case

Combine misspelled words



Methods for creating strong passwords you can remember.

The Vanity Plate

Think of a password like a ‘vanity’ license plate utilizing letters and numbers to make up a phrase.

Too late again = 2L8again

Music is for me = MusikS4me

Day after today = dayFter2day



Compound Words

Compound words that we use every day are easy to remember. Spice them up with numbers and special characters. Also, misspell one or both of the words and you'll get a great password

Deadbolt = Ded&bowlt8

Blackboard = blaK4#borD

Seashore = Seee@SHorr




Phrases

Use the first letter of each word in a phrase or sentence.

Jack and Jill went up the hill to fetch a pail of water

J&Jwuth2fapoW




Phrases


I spent too much at the fair last night

Is2matfln




Phrases


Gee, what I would give for a really good password

GwIwg4argpw



Full Workshop Contents

The full version of the workshop covers the topics of:

The information contained within this workshop has been considered invaluable to the organizations that utilize it. Users are made aware

that they share the responsibility to protect your Information Technology resources. They also learn that they are protecting

valuable tools and information that make their jobs easier.

• Identity theft• E-mail usage• Internet usage• Viruses• Software piracy and copyrights• Telephone fraud• Personal security

• Password construction• Password management• PC security• Backups• Building access• Social engineering• Data confidentiality• Privacy

A twenty question quiz is included. Have your staff take the quiz before the presentation starts and then again at the end of the presentation.

You can measure effectiveness almost immediately!

Quiz included !!

Full Workshop Contents

The Protect IT: Security Awareness Workshop includes:

- The full presentation on CD-ROM

- A printed copy of the presentation handouts

- Printed speaker notes (complete with transition markers)

- A guide to help with a successful presentation

- Customization instructions

- A customized audio introduction

- Course updates provided free during valid license period

Prepared for [your-name]

by

Copyright 2001-2003 - Security Awareness, Inc.Licensed to [your-name] for internal use only

This copyright notice may not be removed from this presentation for any reason.

Thank you for attending today’sProtect IT security awareness workshop.

We hope that this information is helpful to you in your role here at [your-name].

Security Awareness, Inc3837 Northdale Blvd., Suite 320

Tampa, FL 336241-888-807-0888

Outside North America: 1-813-681-0095Email: [email protected]

On the web at: www.securityawareness.com







presents security awareness workshop audio introduction customized with your organizations name !!...

Documents

security awareness education

area of security

types of security issues

demonstration version

personal information

companies software

email jokes

email addresses