SlideShare a Scribd company logo

Brochure protect operational_info_sm1

Noel Waterman
Noel Waterman
1 of 12
Download to read offline
Resources National Cyber-Alert System: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076 National Crime Prevention Association: http://www.ncpc.org/ Army Information Assurance Portal: https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite. mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance Homeland Security Cyber Security Tips: http://www.dhs.gov/cybersecurity National Cyber Awareness System: http://www.us-cert.gov/alerts-and-tips/ DoD Chief Information Officer: http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx 12 1
BE VIGILANT. REPORT SUSPICIOUS ACTIVITY. Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs 2 11
Safe home computing Operations Security (OPSEC) Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success. easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the hard disk space, your fast processor, and your Internet connection. They availability of this information. use these resources to attack other computers on the Internet. The more computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include: originating source. If intruders can't be located, they can't be stopped, and • Deny intelligence and information to terrorists they can't be prosecuted. • Avoid rigid operational routines that produce observable patterns What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist • Install and use anti-virus programs planning cycle and cyber attack methods • Keep your system patched • Integrate OPSEC into organizational security programs and individual personal protection measures • Use care when reading email with attachments • Install and use a firewall program Sample Cyberspace OPSEC procedures: • Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access router to computer networks, equipment, facilities, and documents • Make backups of important files • Password protect or restrict computer access to itineraries, travel plans, personnel rosters, building and base plans, billeting assignments, and • Use strong passwords and change them frequently very important person (VIP) guest lists • Use care when downloading and installing programs • Don’t post personal, work, or family information to open social media • Understand the risk of downloading files and programs websites • Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a person who attempts to connect with you, investigate who they are and why they want to join your social network. • Don’t post sensitive work information or photographs on the internet; always assume a threat adversary is reading your material 10 3
Advances in technology increase risk Privacy tips for social networking Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare, information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with the information you share and use privacy settings to protect your Defense measures include: information. • Educate Army computer users on restrictions for use of information technologies Protect personal information • Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of measures information, comments, photos, and videos you share online. • Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements trained (itineraries, rosters, time tables, travel plans); current or future operations (movement of forces, capabilities & limitations, coalition & participating Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and limitations, operational reporting); or communication in support of • Apply the OPSEC review process outlined in AR 530-1 (Operations operations (work email addresses, logins and passwords, details of specific Security) equipment, infrastructure and call signs). • Review their Web Pages and ensure they are OPSEC compliant KNOW YOUR AUDIENCE: Consider who may have access to your profile: • Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers, • Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your readiness, and operational matters audience. • Verify there is a valid mission need to disseminate the information Your privacy is only as protected as your least reliable friend allows it to be. When you choose to share information with friends, those friends can make their own decisions about forwarding your content. Think carefully before sharing. 4 9
Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a terrorist or spy obtains critical information, correctly analyzes it, and acts • Installation or facility maps designating points of interest (such as upon it, the compromise of the information may prevent or seriously barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or • Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for • Security operating procedures additional protection because it can be revealed through unclassified indicators. The use of essential elements of friendly information (EEFI) • Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or • Capabilities and intent classified details. • Indicators of unit morale Example of EEFI for threat countermeasures • Information which may undermine leadership • When do security guards or law enforcement change shifts? • Photographs particularly when they are accompanied by descriptive • Are guards armed? captions • Is there a security response team alarm – how quick is the response? • Personal information about patterns and routines • Where is the security alarm / power system – is it protected? • Work email addresses • Are external CCTV cameras operated and are they actually monitored? • How many security guards are there in a specific building (day and What we can do to reduce risk on the internet: night)? • Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas • Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every blog or website, or sending an email evacuation)? • Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed – must they go through a centralized screening location? • If you are threatened as a result of something you have posted or through an open forum such as blog – believe the threat and report it immediately • Avoid posting work email addresses if possible; they can provide targets for phishing attacks • Follow OPSEC policies and procedures • Work with your OPSEC officer 8 5
OPSEC in the Blogosphere “Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of personal thoughts and web links, including a mix of what’s happening in a from open-source information.” CRS Report for person’s life. Blogs may include forms of personal diaries or guides for Congress, Sensitive But Unclassified Information and others. Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and other open source information make up pieces of a puzzle, which when combined, can complete a picture of what may become a terrorist’s or How can OPSEC help protect my organization against spy’s target. terrorism? Examples include: Terrorists require intelligence to accomplish their objectives. You can apply the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes, against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects information. of threat weapon systems such as improvised explosive devices • Some photographs include geo-location and date/time information. Terrorists seek—and OPSEC is intended to deny— • Enemies can use this information for propaganda purposes, battle information about: damage assessments, targeting, and refinement of TTPs • What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers • How accessible it is and their families for attack, both overseas and at home • If we are able to replace the item of interest • How vulnerable it is (security weaknesses) • What it is vulnerable to (threat tactics) • What outcome can be achieved if attacked • How easy it is to find or locate 6 7
OPSEC in the Blogosphere “Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of personal thoughts and web links, including a mix of what’s happening in a from open-source information.” CRS Report for person’s life. Blogs may include forms of personal diaries or guides for Congress, Sensitive But Unclassified Information and others. Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and other open source information make up pieces of a puzzle, which when combined, can complete a picture of what may become a terrorist’s or How can OPSEC help protect my organization against spy’s target. terrorism? Examples include: Terrorists require intelligence to accomplish their objectives. You can apply the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes, against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects information. of threat weapon systems such as improvised explosive devices • Some photographs include geo-location and date/time information. Terrorists seek—and OPSEC is intended to deny— • Enemies can use this information for propaganda purposes, battle information about: damage assessments, targeting, and refinement of TTPs • What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers • How accessible it is and their families for attack, both overseas and at home • If we are able to replace the item of interest • How vulnerable it is (security weaknesses) • What it is vulnerable to (threat tactics) • What outcome can be achieved if attacked • How easy it is to find or locate 6 7
Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a terrorist or spy obtains critical information, correctly analyzes it, and acts • Installation or facility maps designating points of interest (such as upon it, the compromise of the information may prevent or seriously barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or • Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for • Security operating procedures additional protection because it can be revealed through unclassified indicators. The use of essential elements of friendly information (EEFI) • Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or • Capabilities and intent classified details. • Indicators of unit morale Example of EEFI for threat countermeasures • Information which may undermine leadership • When do security guards or law enforcement change shifts? • Photographs particularly when they are accompanied by descriptive • Are guards armed? captions • Is there a security response team alarm – how quick is the response? • Personal information about patterns and routines • Where is the security alarm / power system – is it protected? • Work email addresses • Are external CCTV cameras operated and are they actually monitored? • How many security guards are there in a specific building (day and What we can do to reduce risk on the internet: night)? • Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas • Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every blog or website, or sending an email evacuation)? • Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed – must they go through a centralized screening location? • If you are threatened as a result of something you have posted or through an open forum such as blog – believe the threat and report it immediately • Avoid posting work email addresses if possible; they can provide targets for phishing attacks • Follow OPSEC policies and procedures • Work with your OPSEC officer 8 5
Advances in technology increase risk Privacy tips for social networking Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare, information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with the information you share and use privacy settings to protect your Defense measures include: information. • Educate Army computer users on restrictions for use of information technologies Protect personal information • Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of measures information, comments, photos, and videos you share online. • Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements trained (itineraries, rosters, time tables, travel plans); current or future operations (movement of forces, capabilities & limitations, coalition & participating Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and limitations, operational reporting); or communication in support of • Apply the OPSEC review process outlined in AR 530-1 (Operations operations (work email addresses, logins and passwords, details of specific Security) equipment, infrastructure and call signs). • Review their Web Pages and ensure they are OPSEC compliant KNOW YOUR AUDIENCE: Consider who may have access to your profile: • Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers, • Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your readiness, and operational matters audience. • Verify there is a valid mission need to disseminate the information Your privacy is only as protected as your least reliable friend allows it to be. When you choose to share information with friends, those friends can make their own decisions about forwarding your content. Think carefully before sharing. 4 9
Safe home computing Operations Security (OPSEC) Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success. easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the hard disk space, your fast processor, and your Internet connection. They availability of this information. use these resources to attack other computers on the Internet. The more computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include: originating source. If intruders can't be located, they can't be stopped, and • Deny intelligence and information to terrorists they can't be prosecuted. • Avoid rigid operational routines that produce observable patterns What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist • Install and use anti-virus programs planning cycle and cyber attack methods • Keep your system patched • Integrate OPSEC into organizational security programs and individual personal protection measures • Use care when reading email with attachments • Install and use a firewall program Sample Cyberspace OPSEC procedures: • Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access router to computer networks, equipment, facilities, and documents • Make backups of important files • Password protect or restrict computer access to itineraries, travel plans, personnel rosters, building and base plans, billeting assignments, and • Use strong passwords and change them frequently very important person (VIP) guest lists • Use care when downloading and installing programs • Don’t post personal, work, or family information to open social media • Understand the risk of downloading files and programs websites • Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a person who attempts to connect with you, investigate who they are and why they want to join your social network. • Don’t post sensitive work information or photographs on the internet; always assume a threat adversary is reading your material 10 3
BE VIGILANT. REPORT SUSPICIOUS ACTIVITY. Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs 2 11
Resources National Cyber-Alert System: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076 National Crime Prevention Association: http://www.ncpc.org/ Army Information Assurance Portal: https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite. mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance Homeland Security Cyber Security Tips: http://www.dhs.gov/cybersecurity National Cyber Awareness System: http://www.us-cert.gov/alerts-and-tips/ DoD Chief Information Officer: http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx 12 1

Recommended

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Security Threats
Security ThreatsSecurity Threats
Security ThreatsYasmeen Shaikh
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWAReScott Sutherland
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 

Recommended

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Sourcehack33
 
Security Threats
Security ThreatsSecurity Threats
Security ThreatsYasmeen Shaikh
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWAReScott Sutherland
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Threats
ThreatsThreats
Threatssbmiller87
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital Worldalxdvs
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priorityzohaibqadir
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Hacking
HackingHacking
HackingVipinYadav257
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Internet security
Internet securityInternet security
Internet securityMohammed Adam
 
Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013Matt Collinge
 
Karya tulis ilmiah populer
Karya tulis ilmiah populerKarya tulis ilmiah populer
Karya tulis ilmiah populerMOH. SHOFI'I
 

More Related Content

What's hot

An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]MeeraNairJ
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital Worldalxdvs
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priorityzohaibqadir
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 

What's hot (20)

An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & Anywhere
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Cyber security[1118]
Cyber security[1118]Cyber security[1118]
Cyber security[1118]
 
Threats
ThreatsThreats
Threats
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
Personal Data Security in a Digital World
Personal Data Security in a Digital WorldPersonal Data Security in a Digital World
Personal Data Security in a Digital World
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Internet security
Internet securityInternet security
Internet security
 

Viewers also liked

Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013Matt Collinge
 
Karya tulis ilmiah populer
Karya tulis ilmiah populerKarya tulis ilmiah populer
Karya tulis ilmiah populerMOH. SHOFI'I
 
Day In the Life Z Patton
Day In the Life Z PattonDay In the Life Z Patton
Day In the Life Z Pattonzpattonp2
 
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013Ft Riley Winter Guide Dec 2012, Jan and Feb 2013
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013Noel Waterman
 
14 Nov 2012 1ABCT Weekly Newsletter
14 Nov 2012 1ABCT Weekly Newsletter14 Nov 2012 1ABCT Weekly Newsletter
14 Nov 2012 1ABCT Weekly NewsletterNoel Waterman
 
Festival Research - Ayrton ; Ashleigh
Festival Research - Ayrton ; AshleighFestival Research - Ayrton ; Ashleigh
Festival Research - Ayrton ; Ashleighvegnagun1
 
Str8ts Weekly Extreme #43 - Solution
Str8ts Weekly Extreme #43 - SolutionStr8ts Weekly Extreme #43 - Solution
Str8ts Weekly Extreme #43 - SolutionSlowThinker
 
B-bread re-framing Assignment3 by Bread-Winners
B-bread re-framing Assignment3 by Bread-WinnersB-bread re-framing Assignment3 by Bread-Winners
B-bread re-framing Assignment3 by Bread-WinnersViroo Mirji
 
Str8ts Weekly Extreme #47 - Solution
Str8ts Weekly Extreme #47 - SolutionStr8ts Weekly Extreme #47 - Solution
Str8ts Weekly Extreme #47 - SolutionSlowThinker
 
Home away from home sjc-shopping-observation lab
Home away from home sjc-shopping-observation labHome away from home sjc-shopping-observation lab
Home away from home sjc-shopping-observation labViroo Mirji
 
Effects of TMOF-Bti against Aedes outside lab
Effects of TMOF-Bti against Aedes outside labEffects of TMOF-Bti against Aedes outside lab
Effects of TMOF-Bti against Aedes outside labentogenex
 
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter Noel Waterman
 
Patchouli livelihoods info for bop mobiles
Patchouli livelihoods info for bop mobilesPatchouli livelihoods info for bop mobiles
Patchouli livelihoods info for bop mobilesRichard Beresford
 
Vancouver housing starts february 2011
Vancouver housing starts february 2011Vancouver housing starts february 2011
Vancouver housing starts february 2011Matt Collinge
 
Vancouver real estate november 2012 stats package rebgv
Vancouver real estate november 2012 stats package rebgvVancouver real estate november 2012 stats package rebgv
Vancouver real estate november 2012 stats package rebgvMatt Collinge
 
Mar 2012 1 ID Fort Riley Monthly Newsletter
Mar 2012 1 ID Fort Riley Monthly NewsletterMar 2012 1 ID Fort Riley Monthly Newsletter
Mar 2012 1 ID Fort Riley Monthly NewsletterNoel Waterman
 

Viewers also liked (20)

Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013Vancouver real estate stats package, August 2013
Vancouver real estate stats package, August 2013
 
Karya tulis ilmiah populer
Karya tulis ilmiah populerKarya tulis ilmiah populer
Karya tulis ilmiah populer
 
Day In the Life Z Patton
Day In the Life Z PattonDay In the Life Z Patton
Day In the Life Z Patton
 
time_management_handout(goerzen_2011)
time_management_handout(goerzen_2011)time_management_handout(goerzen_2011)
time_management_handout(goerzen_2011)
 
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013Ft Riley Winter Guide Dec 2012, Jan and Feb 2013
Ft Riley Winter Guide Dec 2012, Jan and Feb 2013
 
14 Nov 2012 1ABCT Weekly Newsletter
14 Nov 2012 1ABCT Weekly Newsletter14 Nov 2012 1ABCT Weekly Newsletter
14 Nov 2012 1ABCT Weekly Newsletter
 
Festival Research - Ayrton ; Ashleigh
Festival Research - Ayrton ; AshleighFestival Research - Ayrton ; Ashleigh
Festival Research - Ayrton ; Ashleigh
 
Str8ts Weekly Extreme #43 - Solution
Str8ts Weekly Extreme #43 - SolutionStr8ts Weekly Extreme #43 - Solution
Str8ts Weekly Extreme #43 - Solution
 
Trender&insikter2014
Trender&insikter2014Trender&insikter2014
Trender&insikter2014
 
B-bread re-framing Assignment3 by Bread-Winners
B-bread re-framing Assignment3 by Bread-WinnersB-bread re-framing Assignment3 by Bread-Winners
B-bread re-framing Assignment3 by Bread-Winners
 
The State of Social 2012
The State of Social 2012The State of Social 2012
The State of Social 2012
 
Program tahunan
Program tahunanProgram tahunan
Program tahunan
 
Str8ts Weekly Extreme #47 - Solution
Str8ts Weekly Extreme #47 - SolutionStr8ts Weekly Extreme #47 - Solution
Str8ts Weekly Extreme #47 - Solution
 
Home away from home sjc-shopping-observation lab
Home away from home sjc-shopping-observation labHome away from home sjc-shopping-observation lab
Home away from home sjc-shopping-observation lab
 
Effects of TMOF-Bti against Aedes outside lab
Effects of TMOF-Bti against Aedes outside labEffects of TMOF-Bti against Aedes outside lab
Effects of TMOF-Bti against Aedes outside lab
 
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter
July and August Edition of the Devil's Corner, 1ABCT Brigade Newsletter
 
Patchouli livelihoods info for bop mobiles
Patchouli livelihoods info for bop mobilesPatchouli livelihoods info for bop mobiles
Patchouli livelihoods info for bop mobiles
 
Vancouver housing starts february 2011
Vancouver housing starts february 2011Vancouver housing starts february 2011
Vancouver housing starts february 2011
 
Vancouver real estate november 2012 stats package rebgv
Vancouver real estate november 2012 stats package rebgvVancouver real estate november 2012 stats package rebgv
Vancouver real estate november 2012 stats package rebgv
 
Mar 2012 1 ID Fort Riley Monthly Newsletter
Mar 2012 1 ID Fort Riley Monthly NewsletterMar 2012 1 ID Fort Riley Monthly Newsletter
Mar 2012 1 ID Fort Riley Monthly Newsletter
 

Similar to Brochure protect operational_info_sm1

Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power pointbodo-con
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Scottish Rite Security Presentation.pptx
Scottish Rite Security Presentation.pptxScottish Rite Security Presentation.pptx
Scottish Rite Security Presentation.pptxjeremylivin
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Security Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Innovation
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Resolver Inc.
 

Similar to Brochure protect operational_info_sm1 (20)

Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Scottish Rite Security Presentation.pptx
Scottish Rite Security Presentation.pptxScottish Rite Security Presentation.pptx
Scottish Rite Security Presentation.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Security Best Practices for Regular Users
Security Best Practices for Regular UsersSecurity Best Practices for Regular Users
Security Best Practices for Regular Users
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
 
IT Security for Small Business
IT Security for Small BusinessIT Security for Small Business
IT Security for Small Business
 

More from Noel Waterman

6 February 2013 1 ABCT Weekly Newsletter
6 February 2013 1 ABCT Weekly Newsletter6 February 2013 1 ABCT Weekly Newsletter
6 February 2013 1 ABCT Weekly NewsletterNoel Waterman
 
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle Noel Waterman
 
MISC Scholarship Guide 2012 2013
MISC Scholarship Guide 2012 2013MISC Scholarship Guide 2012 2013
MISC Scholarship Guide 2012 2013Noel Waterman
 
Jan/Feb 2013 Devil's Corner Newsletter
Jan/Feb 2013 Devil's Corner NewsletterJan/Feb 2013 Devil's Corner Newsletter
Jan/Feb 2013 Devil's Corner NewsletterNoel Waterman
 
30 January 2013 1ABCT Weekly Newsletter
30 January 2013 1ABCT Weekly Newsletter30 January 2013 1ABCT Weekly Newsletter
30 January 2013 1ABCT Weekly NewsletterNoel Waterman
 
25 Jan 2013 Network Meeting
25 Jan 2013 Network Meeting 25 Jan 2013 Network Meeting
25 Jan 2013 Network Meeting Noel Waterman
 
25 Jan 2013 Network Meeting Slides
25 Jan 2013 Network Meeting Slides 25 Jan 2013 Network Meeting Slides
25 Jan 2013 Network Meeting Slides Noel Waterman
 
Beware of Phishing Scams
Beware of Phishing ScamsBeware of Phishing Scams
Beware of Phishing ScamsNoel Waterman
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and MitigationNoel Waterman
 
15 January 2013 1ABCT Weekly Newsletter
15 January 2013 1ABCT Weekly Newsletter15 January 2013 1ABCT Weekly Newsletter
15 January 2013 1ABCT Weekly NewsletterNoel Waterman
 
Fort Riley Combined Scholarship 2012 2013 Application
Fort Riley Combined Scholarship 2012 2013 ApplicationFort Riley Combined Scholarship 2012 2013 Application
Fort Riley Combined Scholarship 2012 2013 ApplicationNoel Waterman
 
9 January 2013 1ABCT Weekly Newsletter
9 January 2013 1ABCT Weekly Newsletter9 January 2013 1ABCT Weekly Newsletter
9 January 2013 1ABCT Weekly NewsletterNoel Waterman
 
3 January 2013 1ABCT Weekly Newsletter
3 January 2013 1ABCT Weekly Newsletter3 January 2013 1ABCT Weekly Newsletter
3 January 2013 1ABCT Weekly NewsletterNoel Waterman
 
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter Noel Waterman
 
19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly NewsletterNoel Waterman
 
19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly NewsletterNoel Waterman
 
Tips for talking with and helping children traumatic event
Tips for talking with and helping children traumatic eventTips for talking with and helping children traumatic event
Tips for talking with and helping children traumatic eventNoel Waterman
 
December 2012 1ID Fort Riley Monthly News Update
December 2012 1ID Fort Riley Monthly News UpdateDecember 2012 1ID Fort Riley Monthly News Update
December 2012 1ID Fort Riley Monthly News UpdateNoel Waterman
 
5 December 2012 1ABCT Weekly Newsletter
5 December 2012 1ABCT Weekly Newsletter5 December 2012 1ABCT Weekly Newsletter
5 December 2012 1ABCT Weekly NewsletterNoel Waterman
 

More from Noel Waterman (20)

6 February 2013 1 ABCT Weekly Newsletter
6 February 2013 1 ABCT Weekly Newsletter6 February 2013 1 ABCT Weekly Newsletter
6 February 2013 1 ABCT Weekly Newsletter
 
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle
Policy 13 Motorcycle, Moped, Motor Scooter, and All-terrain vehicle
 
MISC Scholarship Guide 2012 2013
MISC Scholarship Guide 2012 2013MISC Scholarship Guide 2012 2013
MISC Scholarship Guide 2012 2013
 
Jan/Feb 2013 Devil's Corner Newsletter
Jan/Feb 2013 Devil's Corner NewsletterJan/Feb 2013 Devil's Corner Newsletter
Jan/Feb 2013 Devil's Corner Newsletter
 
30 January 2013 1ABCT Weekly Newsletter
30 January 2013 1ABCT Weekly Newsletter30 January 2013 1ABCT Weekly Newsletter
30 January 2013 1ABCT Weekly Newsletter
 
Teen parenting 2013
Teen parenting 2013Teen parenting 2013
Teen parenting 2013
 
25 Jan 2013 Network Meeting
25 Jan 2013 Network Meeting 25 Jan 2013 Network Meeting
25 Jan 2013 Network Meeting
 
25 Jan 2013 Network Meeting Slides
25 Jan 2013 Network Meeting Slides 25 Jan 2013 Network Meeting Slides
25 Jan 2013 Network Meeting Slides
 
Beware of Phishing Scams
Beware of Phishing ScamsBeware of Phishing Scams
Beware of Phishing Scams
 
Threat and Mitigation
Threat and MitigationThreat and Mitigation
Threat and Mitigation
 
15 January 2013 1ABCT Weekly Newsletter
15 January 2013 1ABCT Weekly Newsletter15 January 2013 1ABCT Weekly Newsletter
15 January 2013 1ABCT Weekly Newsletter
 
Fort Riley Combined Scholarship 2012 2013 Application
Fort Riley Combined Scholarship 2012 2013 ApplicationFort Riley Combined Scholarship 2012 2013 Application
Fort Riley Combined Scholarship 2012 2013 Application
 
9 January 2013 1ABCT Weekly Newsletter
9 January 2013 1ABCT Weekly Newsletter9 January 2013 1ABCT Weekly Newsletter
9 January 2013 1ABCT Weekly Newsletter
 
3 January 2013 1ABCT Weekly Newsletter
3 January 2013 1ABCT Weekly Newsletter3 January 2013 1ABCT Weekly Newsletter
3 January 2013 1ABCT Weekly Newsletter
 
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter
Thunderbolt Blast- Dec 12 Monthly Armor School Newsletter
 
19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter
 
19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter19 December 2012 1ABCT Weekly Newsletter
19 December 2012 1ABCT Weekly Newsletter
 
Tips for talking with and helping children traumatic event
Tips for talking with and helping children traumatic eventTips for talking with and helping children traumatic event
Tips for talking with and helping children traumatic event
 
December 2012 1ID Fort Riley Monthly News Update
December 2012 1ID Fort Riley Monthly News UpdateDecember 2012 1ID Fort Riley Monthly News Update
December 2012 1ID Fort Riley Monthly News Update
 
5 December 2012 1ABCT Weekly Newsletter
5 December 2012 1ABCT Weekly Newsletter5 December 2012 1ABCT Weekly Newsletter
5 December 2012 1ABCT Weekly Newsletter
 

Brochure protect operational_info_sm1

  • 1. Resources National Cyber-Alert System: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076 National Crime Prevention Association: http://www.ncpc.org/ Army Information Assurance Portal: https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite. mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance Homeland Security Cyber Security Tips: http://www.dhs.gov/cybersecurity National Cyber Awareness System: http://www.us-cert.gov/alerts-and-tips/ DoD Chief Information Officer: http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx 12 1
  • 2. BE VIGILANT. REPORT SUSPICIOUS ACTIVITY. Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs 2 11
  • 3. Safe home computing Operations Security (OPSEC) Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success. easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the hard disk space, your fast processor, and your Internet connection. They availability of this information. use these resources to attack other computers on the Internet. The more computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include: originating source. If intruders can't be located, they can't be stopped, and • Deny intelligence and information to terrorists they can't be prosecuted. • Avoid rigid operational routines that produce observable patterns What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist • Install and use anti-virus programs planning cycle and cyber attack methods • Keep your system patched • Integrate OPSEC into organizational security programs and individual personal protection measures • Use care when reading email with attachments • Install and use a firewall program Sample Cyberspace OPSEC procedures: • Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access router to computer networks, equipment, facilities, and documents • Make backups of important files • Password protect or restrict computer access to itineraries, travel plans, personnel rosters, building and base plans, billeting assignments, and • Use strong passwords and change them frequently very important person (VIP) guest lists • Use care when downloading and installing programs • Don’t post personal, work, or family information to open social media • Understand the risk of downloading files and programs websites • Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a person who attempts to connect with you, investigate who they are and why they want to join your social network. • Don’t post sensitive work information or photographs on the internet; always assume a threat adversary is reading your material 10 3
  • 4. Advances in technology increase risk Privacy tips for social networking Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare, information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with the information you share and use privacy settings to protect your Defense measures include: information. • Educate Army computer users on restrictions for use of information technologies Protect personal information • Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of measures information, comments, photos, and videos you share online. • Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements trained (itineraries, rosters, time tables, travel plans); current or future operations (movement of forces, capabilities & limitations, coalition & participating Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and limitations, operational reporting); or communication in support of • Apply the OPSEC review process outlined in AR 530-1 (Operations operations (work email addresses, logins and passwords, details of specific Security) equipment, infrastructure and call signs). • Review their Web Pages and ensure they are OPSEC compliant KNOW YOUR AUDIENCE: Consider who may have access to your profile: • Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers, • Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your readiness, and operational matters audience. • Verify there is a valid mission need to disseminate the information Your privacy is only as protected as your least reliable friend allows it to be. When you choose to share information with friends, those friends can make their own decisions about forwarding your content. Think carefully before sharing. 4 9
  • 5. Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a terrorist or spy obtains critical information, correctly analyzes it, and acts • Installation or facility maps designating points of interest (such as upon it, the compromise of the information may prevent or seriously barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or • Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for • Security operating procedures additional protection because it can be revealed through unclassified indicators. The use of essential elements of friendly information (EEFI) • Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or • Capabilities and intent classified details. • Indicators of unit morale Example of EEFI for threat countermeasures • Information which may undermine leadership • When do security guards or law enforcement change shifts? • Photographs particularly when they are accompanied by descriptive • Are guards armed? captions • Is there a security response team alarm – how quick is the response? • Personal information about patterns and routines • Where is the security alarm / power system – is it protected? • Work email addresses • Are external CCTV cameras operated and are they actually monitored? • How many security guards are there in a specific building (day and What we can do to reduce risk on the internet: night)? • Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas • Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every blog or website, or sending an email evacuation)? • Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed – must they go through a centralized screening location? • If you are threatened as a result of something you have posted or through an open forum such as blog – believe the threat and report it immediately • Avoid posting work email addresses if possible; they can provide targets for phishing attacks • Follow OPSEC policies and procedures • Work with your OPSEC officer 8 5
  • 6. OPSEC in the Blogosphere “Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of personal thoughts and web links, including a mix of what’s happening in a from open-source information.” CRS Report for person’s life. Blogs may include forms of personal diaries or guides for Congress, Sensitive But Unclassified Information and others. Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and other open source information make up pieces of a puzzle, which when combined, can complete a picture of what may become a terrorist’s or How can OPSEC help protect my organization against spy’s target. terrorism? Examples include: Terrorists require intelligence to accomplish their objectives. You can apply the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes, against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects information. of threat weapon systems such as improvised explosive devices • Some photographs include geo-location and date/time information. Terrorists seek—and OPSEC is intended to deny— • Enemies can use this information for propaganda purposes, battle information about: damage assessments, targeting, and refinement of TTPs • What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers • How accessible it is and their families for attack, both overseas and at home • If we are able to replace the item of interest • How vulnerable it is (security weaknesses) • What it is vulnerable to (threat tactics) • What outcome can be achieved if attacked • How easy it is to find or locate 6 7
  • 7. OPSEC in the Blogosphere “Our adversaries derive up to 80% of their intelligence A Blog (short for Web Log) is a frequent, chronological publication of personal thoughts and web links, including a mix of what’s happening in a from open-source information.” CRS Report for person’s life. Blogs may include forms of personal diaries or guides for Congress, Sensitive But Unclassified Information and others. Other Controls: Policy and Options for Scientific and Military blogs, by their nature, attract the attention of a variety of threats to Technical Information, December 29, 2006 include terrorists and spies. Tidbits of information gathered from blogs and other open source information make up pieces of a puzzle, which when combined, can complete a picture of what may become a terrorist’s or How can OPSEC help protect my organization against spy’s target. terrorism? Examples include: Terrorists require intelligence to accomplish their objectives. You can apply the OPSEC process to identify critical information that terrorists can use • Posting sensitive photographs on the internet, such as battle scenes, against you and control those indicators that give away that critical casualties, destroyed or damaged equipment, and especially the effects information. of threat weapon systems such as improvised explosive devices • Some photographs include geo-location and date/time information. Terrorists seek—and OPSEC is intended to deny— • Enemies can use this information for propaganda purposes, battle information about: damage assessments, targeting, and refinement of TTPs • What is important to Army units, personnel, and families • Enemies can also use personal information to target individual soldiers • How accessible it is and their families for attack, both overseas and at home • If we are able to replace the item of interest • How vulnerable it is (security weaknesses) • What it is vulnerable to (threat tactics) • What outcome can be achieved if attacked • How easy it is to find or locate 6 7
  • 8. Vulnerabilities on websites: Critical information is information that is vital to a specified mission. If a terrorist or spy obtains critical information, correctly analyzes it, and acts • Installation or facility maps designating points of interest (such as upon it, the compromise of the information may prevent or seriously barracks, work areas, headquarters, dining facilities) degrade mission success. Critical information can be classified or • Security force schedules and rotation plans unclassified. Classified information requires OPSEC measures for • Security operating procedures additional protection because it can be revealed through unclassified indicators. The use of essential elements of friendly information (EEFI) • Tactics, techniques, and procedures protects critical information because it prevents the release of sensitive or • Capabilities and intent classified details. • Indicators of unit morale Example of EEFI for threat countermeasures • Information which may undermine leadership • When do security guards or law enforcement change shifts? • Photographs particularly when they are accompanied by descriptive • Are guards armed? captions • Is there a security response team alarm – how quick is the response? • Personal information about patterns and routines • Where is the security alarm / power system – is it protected? • Work email addresses • Are external CCTV cameras operated and are they actually monitored? • How many security guards are there in a specific building (day and What we can do to reduce risk on the internet: night)? • Ensure any information you post has no significant value to the enemy • Does the building practice fire drills and where are the assembly areas • Consider the audience when you are posting personal information on a (do they change the assembly areas or keep them the same for every blog or website, or sending an email evacuation)? • Always assume a threat adversary is reading your material • Are mail/packages accepted at night? How are packages processed – must they go through a centralized screening location? • If you are threatened as a result of something you have posted or through an open forum such as blog – believe the threat and report it immediately • Avoid posting work email addresses if possible; they can provide targets for phishing attacks • Follow OPSEC policies and procedures • Work with your OPSEC officer 8 5
  • 9. Advances in technology increase risk Privacy tips for social networking Advancements in technology pose new threats to security of critical Social networking sites like Facebook, Google+, Twitter, Foursquare, information. In order to counter an adversary from employing these LinkedIn, and others are a great way to keep family & friends updated on technologies, we must first know the technologies that exist and how they your life and to connect with colleagues, business associates, and might be used within close proximity of our critical information. communities that share your interests. Make sure you are comfortable with the information you share and use privacy settings to protect your Defense measures include: information. • Educate Army computer users on restrictions for use of information technologies Protect personal information • Work closely with information systems administrators to establish control STOP! THINK! THEN CONNECT. Think carefully about the kinds of measures information, comments, photos, and videos you share online. • Ensure personnel responsible for entry/exit inspections are properly Do not post job related information about: Personnel movements trained (itineraries, rosters, time tables, travel plans); current or future operations (movement of forces, capabilities & limitations, coalition & participating Commander at all levels must: forces); intelligence, reconnaissance & surveillance (TTPs, capabilities and limitations, operational reporting); or communication in support of • Apply the OPSEC review process outlined in AR 530-1 (Operations operations (work email addresses, logins and passwords, details of specific Security) equipment, infrastructure and call signs). • Review their Web Pages and ensure they are OPSEC compliant KNOW YOUR AUDIENCE: Consider who may have access to your profile: • Ensure all Army web sites are registered family, friends, friends of friends, your school, college admissions officers, • Limit details about the organization's specific capabilities, potential employers. Use available privacy settings to manage your readiness, and operational matters audience. • Verify there is a valid mission need to disseminate the information Your privacy is only as protected as your least reliable friend allows it to be. When you choose to share information with friends, those friends can make their own decisions about forwarding your content. Think carefully before sharing. 4 9
  • 10. Safe home computing Operations Security (OPSEC) Home computers are typically not well secured and therefore are often Terrorists select targets that offer the most opportunity for success. easy to break into. Intruders want what you've stored (i.e., credit card Information passed unknowingly by military personnel, and increasingly via numbers, bank account information, passwords) and anything else they cyberspace, is being used by terrorists in their planning efforts. OPSEC find useful. Intruders also want your computer's resources, meaning your denies terrorists information about potential targets and reduces the hard disk space, your fast processor, and your Internet connection. They availability of this information. use these resources to attack other computers on the Internet. The more computers an intruder uses, the harder it is for law enforcement to find the OPSEC focus areas for Antiterrorism include: originating source. If intruders can't be located, they can't be stopped, and • Deny intelligence and information to terrorists they can't be prosecuted. • Avoid rigid operational routines that produce observable patterns What should I do to secure my home computer? • Know terrorist collection methods and techniques as well as the terrorist • Install and use anti-virus programs planning cycle and cyber attack methods • Keep your system patched • Integrate OPSEC into organizational security programs and individual personal protection measures • Use care when reading email with attachments • Install and use a firewall program Sample Cyberspace OPSEC procedures: • Install, use, and enable strong security measures on a home wireless • Coordinate physical security measures to prevent unauthorized access router to computer networks, equipment, facilities, and documents • Make backups of important files • Password protect or restrict computer access to itineraries, travel plans, personnel rosters, building and base plans, billeting assignments, and • Use strong passwords and change them frequently very important person (VIP) guest lists • Use care when downloading and installing programs • Don’t post personal, work, or family information to open social media • Understand the risk of downloading files and programs websites • Install and use a file encryption program and access controls • Be careful who you allow into your social network; if you do not know a person who attempts to connect with you, investigate who they are and why they want to join your social network. • Don’t post sensitive work information or photographs on the internet; always assume a threat adversary is reading your material 10 3
  • 11. BE VIGILANT. REPORT SUSPICIOUS ACTIVITY. Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt. Mike Pryor, 2nd BCT, 82nd Abn. Div. Public Affairs 2 11
  • 12. Resources National Cyber-Alert System: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0076 National Crime Prevention Association: http://www.ncpc.org/ Army Information Assurance Portal: https://www.milsuite.mil/login/Login?goto=https%3A%2F%2Fwww.milsuite. mil%3A443%2Fwiki%2FPortal%3AArmy_Information_Assurance Homeland Security Cyber Security Tips: http://www.dhs.gov/cybersecurity National Cyber Awareness System: http://www.us-cert.gov/alerts-and-tips/ DoD Chief Information Officer: http://dodcio.defense.gov/Home/Topics/InformationAssurance.aspx 12 1