CyberSecurity Awareness Memo

CyberSecurity Awareness Memo



CyberSecurity Awareness Memo

CyberSecurity Awareness Memo



Total Views
Views on SlideShare
Embed Views



2 Embeds 35 28 7



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


15 of 6 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

CyberSecurity Awareness Memo CyberSecurity Awareness Memo Document Transcript

  • This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or 7 Critical Cyber Security Management System requirements • Advanced threat identification • Risk Management based decisions • Rapid incident response • Effective Governance Before you can address CyberCrime risks you need to understand what a CyberSecurity is. CyberCrime Defined by Canadian Law is as follows; (1) Crimes in which the computer is the target of the criminal activity; (2) Crimes in which the computer is a tool used to commit the crime, and; (3) Crimes in which the use of the computer is an incidental aspect of the commission of the crime. Tips that will prevent Cyber Criminals from making you a victim! • Keep Your Secrets Secret - How safe you and your organization remains will depend on you and other employees taking care on the Internet. Take a look at your online profile. How much information about you is out there? Is there enough information to parse together for a social engineer attack? i.e. your name, you eMail address, your employer, your job title, the names of friends, your associates, your parents, your children’s names. • Passwords That Work - Good security practices create a strong password • Use at least eight characters; more is better. • Use characters from at least three of the following groups: • English upper case letters • English lower case letters • Westernized Arabic numerals (0,1,2,...) • Non-alphanumeric (special) characters such as punctuation symbols • Don't use any part of the account identifier (logon ID, Operator ID, etc.). • Don't use a proper name or any word in the dictionary without altering it in some way. • Don't use obvious phrases or sequences such as "GOBUFFS" or "12345". • Don't reuse a password you have used before; construct a new password each time you change it. • Patches, Updates, and Security Software - When you get notices from your software vendors to update your software, you should apply it. Most operating systems and browser updates include security patches. Systems and devices belonging to your organization will be maintained automatically or manually behind the scenes by your awesome support group in IT. • Be Smart - If a "friend" emails and asks for a password or other information, call or email (in a separate email) that friend to verify that they were really who contacted you. The same goes for banks and businesses. Remember that legitimate businesses won't email you asking for passwords or account numbers. • Effective vulnerability management • Technology independent platforms and software • Independently verifiable & audited risk mitigating controls