Module4 policies&procedures-b

211 views
173 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
211
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Decision Box: Does your entity have a policy on how often staff should change their password?
  • Matrix: 3d, 5d-e, 9a(1) and 9d INTRODUCES PASS PHRASE REMINDER OR TICKLER PICTURE ON CORNER OF MONITOR DOES NOT REVEAL PHRASE
  • Matrix: 3d, 5d-e, 9a(1) and 9d
  • Matrix: 3d, 5d-e, 9a(1) and 9d SHOULD BE SUPPORTED BY YOUR POLICY USE OF PASSWORD SHOULD BE LIMITED USE SHOULD BE MONITORED BY INDIVIDUAL PARTICULARLY IN SETTINGS NOT WORK RELATED Be careful about typing your password into a strange computer. Does the computer have anti-virus protection enabled? Is the owner trustworthy or is he/she possibly running a keyboard logger to record your keystrokes? (It has happened). Who was the last person to use that computer and what did he/she run on it? Never, never, never use the automatic logon feature in Microsoft.
  • Module4 policies&procedures-b

    1. 1. Module 4 Basic Security Procedures Module 4
    2. 2. IT Policies <ul><li>Policies provide a common basis for: </li></ul><ul><ul><li>Understanding what “right” looks like </li></ul></ul><ul><ul><ul><li>Equipment </li></ul></ul></ul><ul><ul><ul><li>Programs </li></ul></ul></ul><ul><ul><ul><li>Settings </li></ul></ul></ul><ul><ul><li>Understanding what actions are expected/acceptable </li></ul></ul><ul><ul><ul><li>People have to “know the rules in order to follow them” </li></ul></ul></ul><ul><ul><ul><li>Breaking the rules should have clear consequences </li></ul></ul></ul><ul><ul><li>Understanding who is responsible /allowed to do what: </li></ul></ul><ul><ul><ul><li>“ Who ya’ gonna call?” </li></ul></ul></ul><ul><ul><ul><li>“ Should the FedEx guy be trying to log-on to the network?” </li></ul></ul></ul>
    3. 3. Your Account Is Only As Secure As It ’ s Password <ul><li>Don't let others watch you log in. </li></ul><ul><li>At home, change your password often. </li></ul><ul><li>Be sure all accounts have passwords at home. </li></ul><ul><li>Don ’ t write your password on a post-it note or anywhere else ( back of badge !). </li></ul><ul><li>Don ’ t attach it to your video monitor or under the keyboard (Or anywhere else you can think of). </li></ul>
    4. 5. Pick a sentence that reminds you of the password. For example: <ul><li>If my car makes it through 2 years, I'll be lucky (imcmit2y,Ibl) </li></ul><ul><li>Four score and seven years ago (4S&7ya) </li></ul><ul><li>Just what I need, another dumb thing to remember! (Jw1n,adttr!) </li></ul><ul><li>Use Special characters that make it difficult to crack but easy to remember (!=I @=a $=s 0=o or use the space bar) </li></ul>
    5. 6. Password = [email_address] Friendship = Fr13nd+sh1p Lifelong = L!f3l0ng Teddybear = T3ddy^BaRe <ul><li>Compound Words </li></ul><ul><li>Used every day and are easy to remember. </li></ul><ul><li>Spice them up with numbers and special characters. </li></ul><ul><li>Misspell one or both of the words and you'll get a great password. </li></ul>Password Construction
    6. 7. <ul><li>Be careful about typing your password into a strange computer. </li></ul><ul><ul><li>Anti-virus protection enabled? </li></ul></ul><ul><ul><li>Owner trustworthy? Keyboard logger running to record your keystrokes? </li></ul></ul><ul><ul><li>Who was the last person to use that computer? </li></ul></ul><ul><ul><li>Do not use the automatic logon feature in Microsoft. </li></ul></ul>
    7. 8. Passwords
    8. 9. Strong Passwords
    9. 10. IT Policies <ul><li>Company is developing organization wide policies for Technology Usage. These include: </li></ul><ul><ul><li>Management Access to all information </li></ul></ul><ul><ul><ul><li>Installed to support and conduct business operations </li></ul></ul></ul><ul><ul><ul><li>No expectation of privacy </li></ul></ul></ul><ul><ul><li>Appropriate Use </li></ul></ul><ul><ul><ul><li>Business purposes </li></ul></ul></ul><ul><ul><ul><li>Copyrighted/licensed material in accordance with terms </li></ul></ul></ul>
    10. 11. IT Policies <ul><ul><li>Unacceptable Use </li></ul></ul><ul><ul><ul><li>Any illegal activities (including copyright violations) </li></ul></ul></ul><ul><ul><ul><li>Any political or religious lobbying </li></ul></ul></ul><ul><ul><ul><li>Any material that is indecent, objectionable, harassing, etc. </li></ul></ul></ul><ul><ul><li>Privilege of Use </li></ul></ul><ul><ul><ul><li>Not a right, must agree to “Terms of Use” </li></ul></ul></ul><ul><ul><ul><li>Can be withdrawn if misused </li></ul></ul></ul><ul><ul><li>Ownership of information </li></ul></ul><ul><ul><ul><li>Company retains all rights to its information </li></ul></ul></ul><ul><ul><ul><li>Licenses are organizational property. </li></ul></ul></ul>
    11. 12. IT Policies <ul><ul><li>Confidential and Sensitive Information </li></ul></ul><ul><ul><ul><li>All employees have responsibility to safeguard information </li></ul></ul></ul><ul><ul><ul><li>Follow security policies </li></ul></ul></ul><ul><ul><ul><li>Participate in periodic security training </li></ul></ul></ul><ul><ul><li>Use by Non-Employees </li></ul></ul><ul><ul><ul><li>Only with explicit permission </li></ul></ul></ul><ul><ul><ul><li>Only in accordance with terms of contract and NDA </li></ul></ul></ul>
    12. 13. IT Policies <ul><ul><li>Company Websites </li></ul></ul><ul><ul><ul><li>Considered part of organization’s information </li></ul></ul></ul><ul><ul><ul><li>Only open to Company official business and Company-sponsored events/activities </li></ul></ul></ul><ul><ul><li>Company Wireless Devices (Phones/PDAs) </li></ul></ul><ul><ul><ul><li>Provided to facilitate business operations </li></ul></ul></ul><ul><ul><ul><li>Not a replacement for personal landline </li></ul></ul></ul><ul><ul><ul><li>Users must adhere to all local laws and regulations and are responsible for own actions (especially re: driving!) </li></ul></ul></ul><ul><ul><ul><li>Usage monitored and excessive personal use may result in loss of device or other sanctions </li></ul></ul></ul>
    13. 14. Cell Phone/Bluetooth Security Demonstrations

    ×