Your SlideShare is downloading. ×
Itsa end user 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Itsa end user 2013

214
views

Published on

Security Awareness for End-User

Security Awareness for End-User


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
214
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • http://www.dailytelegraph.com.au/news/national/travellers-experiencing-delays-as-jetstar-and-virgin-australia-check-in-system-fails/story-fndo2iwh-1226514147528
  • Anda tidak boleh memegang firewall dan sistem pengesanan pencerobohan bertanggungjawab. Anda hanya boleh memegang RAKYAT bertanggungjawab
  • One of the most common causes is physical failure of the media the data is stored on. You probably have everything saved on your PCs hard drive. That hard drive will not live forever. Hard drives, where all of your files are stored on your computer, contain moving parts. Over time, those moving parts wear out and fail. If it is a catastrophic physical failure, it may be impossible for any files to be recovered from the hard drive.Another bad storage media are floppy disks. They are good for temporary storage and maybe transporting information, but not for permanent data storage. When they needed to access it that the floppy was bad and the data inaccessible. Another possible cause for data loss is power failure or spikes. It can result in loss of the document you are currently working on because you did not save it before the power failed and your PC shut down, or in loss of your entire hard drive .Data loss through virus attacks. There are plenty of nasty computer viruses out there that will delete files on an infected machine.
  • Transcript

    • 1. IT SECURITY AWARENESS END USER GOVERNMENT OFFICER + Institut Perkhidmatan Awam
    • 2. COURSE MODULES Module 1 •Information Security Basics Module 2 •General Security Threats and Its Counter Measures AM Module 3 •Online Security Threats and Its Counter measures Module 4 •Incident Handling and Reporting PM
    • 3. OTHER EXPECTATIONS There will be “NO” practical session through out the Information Security Awareness Training – End Users
    • 4. FOLLOW UP COURSES
    • 5. WHY ARE YOU HERE?! RECOGNIZE • What types of security issues and incidents KNOW • Which actions to take in the event of security breach IDENTIFY • The major sources of security vulnerabilities LEARN • Security precautions BECOME • A reliable source for security information BE PREPARED • To Protect, Detect, React when incident occur
    • 6. COURSE MODULES • Information Security BasicsModule 1 • General Security Threats and Its Counter MeasuresModule 2 • Online Security Threats and Its Counter measuresModule 3 • Incident Handling and ReportingModule 4
    • 7. INFORMATION SECURITY BASICS COVERS… Module 1 + Real World Security Threats + What Is Information Security? + Security Policy + Brunei‟s Law: The Computer Misuse Act
    • 8. REAL SECURITY THREATS Module 1 2 Brunei Govt Agencies Likely Victims of Cyber Espionage March 31st 2009 (Brudirect.com) Two Brunei government agencies could be among the victims of the latest international cyber-espionage network which has managed to hack into the computer systems of governments and private organizations around the world, gaining access to classified documents and other information, according to a report by Canadian researchers released yesterday. RTB News Site: Hacked by Kosova Hackers Group October 17th 2009 (news.brunei.fm) RTB News site was hacked by hackers claiming themselves as Albanian Cyber Warriors. As of 5:50 am the “BSP launched virtual Office – KACALIMA” headline was changed to “Hacked By Kosova Hackers Group”. Be Wary of New Telephone Scam February 25, 2010 (Borneo Bulletin) Bandar Seri Begawan - A new telephone scam has emerged in the country and this time the crooks are using name of financial institutions to try to make a quick buck.
    • 9. REAL SECURITY THREATS Module 1
    • 10. REAL SECURITY THREATS Module 1 Real Security Threats
    • 11. REAL SECURITY THREATS Module 1
    • 12. The Attacks (Airlines) REAL SECURITY THREATS Module 1
    • 13. The Attacks (ATM Machines) REAL SECURITY THREATS Module 1
    • 14. The Attacks (Websites) REAL SECURITY THREATS Module 1
    • 15. The Attacks (Password) REAL SECURITY THREATS Module 1
    • 16. REAL SECURITY THREATS Module 1 + Increasing number of attacks + Security exploits spread in minutes and hours rather than days or weeks + “Script Kiddies” have access to sophisticated tools + Serious hackers have even better tools + Falling prey to scam and phishing
    • 17. CLASSIFICATION OF THREATS Module 1 INTENTIONAL + Destruction + Sabotage + Vandalism + Fraud + Espionage + Malware + Vengeful Acts UNINTENTIONAL + Negligence + Ignorance + Accidents, Errors + Technical Failures + Acts of God/ Nature
    • 18. WHAT IS INFORMATION SECURITY? Module 1 “ Information security is all about protecting the Confidentiality, Integrity, and Availability of information “
    • 19. WHAT IS INFORMATION SECURITY? Module 1 Communications + Conversations − Telephone − Cell phone − Face to face + Messages - Email - Fax - Video - Instant - Physical Electronic Files + Software files + Data files Paper Documents + Printed materials + Hand written notes + Photographs Recordings + Video recordings + Audio recordings
    • 20. INFORMATION CLASSIFICATION Module 1 PUBLIC INTERNAL USE CONFIDENTIAL RESTRICTED RISK LEVEL NONE ROUTINE MODERATE GREATEST SENSITIVITY LEVEL OPEN OR UNCLASSIFIED LOW-MEDIUM HIGH HIGH-CRITICAL EXAMPLES + Marketing brochures + Published annual + Interviews with news + Press releases + Employee Handbook + Telephone Directory + Organization Charts + Policies and Standards + Personnel records + Customer records + Unit business plans + Budget information + Strategic Plans + Online access codes such as passwords or pins + Credit card listings
    • 21. INFORMATION SECURITY ASSURANCE Module 1 + Information is an important strategic and operation asset. + Damages and misuse of information may have disastrous consequences to the entire organization + The advent of internet and networking capabilities has made access to information much easier.
    • 22. A LAYERED APPROACH TO SECURITY Module 1 SECURITY PEOPLE POLICIESTECHNOLOGY + Culture of Security + Nurturing Security Responsibility + Rewarding reform and participation + Experience + Training an education + Encryption + Authentication + Firewall + Security Camera + Processes of Security + Rewards and penalties + Acceptable use
    • 23. SECURITY POLICY Module 1 The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive Information.
    • 24. COMPLIANCE TO SECURITY POLICY Module 1 + To protect information assets + To provide a framework and set the information security goals for an organization to work towards success + Help to reduce risks + Help to keep your job
    • 25. The Consequences POOR SECURITY Module 1 + Kills your productivity + Damage files + Expose computer‟s contents + Lose control over your computer + Lose Reputation and Trust + Your personal information and privacy may be compromised
    • 26. BRUNEI’S LAW Module 1 His Majesty the Sultan and Yang Di-Pertuan hereby declares Computer Misuse Order 2000 conferred by subsection (3) of section 83 of the Constitution of Brunei Darussalam. Subjected Offenses + Unauthorized access to computer material + Access with intent to commit or facilitate commission of offence + Unauthorized modification of computer material + Unauthorized use or interception of computer service + Unauthorized obstruction of use of computer + Unauthorized disclosure of access code
    • 27. FINE QUOTE Module 1 You can't hold firewalls and intrusion detection systems accountable. You can only hold PEOPLE accountable. Daryl White, DOI CIO
    • 28. ANY QUESTION? Module 1
    • 29. COURSE MODULES • Information Security BasicsModule 1 • General Security Threats and Its Counter MeasuresModule 2 • Online Security Threats and Its Counter measuresModule 3 • Incident Handling and ReportingModule 4
    • 30. GENERAL SECURITY THREATS & ITS COUNTERMEASURES COVERS Module 2 + Physical Security – Workplace Security and Personnel Risk + Social Engineering & Identity Theft + Securing Classified Information + Protecting Portable Data & Devices + Data Backup & Media Sanitization + Software Piracy and Copyright Infringement
    • 31. Unauthorized Entry WORKPLACE SECURITY ACCESS CONTROL Module 2 + Tailgating When an unauthorized person enters a secure area by following closely behind an authorized cardholder. + Piggybacking When an authorized person gains access to a secure area and allows others to follow e.g. by holding open a secured door.
    • 32. WORKPLACE SECURITY BEST PRACTICES Module 2 + Post a security guard at the main building entrance or at entrances to specific offices. + Install a metal detector or CCTV (closed-circuit television) camera or other device to monitor people coming in all building entrances. + Ensure the office area to be secured against unauthorized person, e.g. by digital lock door, swipe card access, security cameras, alarm system, etc. + Have staff follow strict access control procedures, don' t allow exceptions.
    • 33. WATCH WHO’S COMING Module 2 + GUESTS must be checked in/out and escorted through the proper procedures. + Politely ask anyone suspicious “May I help you?” + REPORT any suspicious unescorted person or stranger at once. + DO NOT LEND the keys to your office or your access card to anyone. + ID Badges worn at all times in visible location.. + PREVENT access of unauthorized visitors (tailgating and piggybacking). + REVOKE access immediately when an employee or contractor is terminated or leaves for any reason
    • 34. PERSONNEL RISK: THE INSIDER Module 2 + Insider Attacks are More Likely to be Successful + Insider is indispensable because knowledge of critical system + Preparing for an Insider Attack is “Uncomfortable” + The Insider Threat the Greatest Challenge
    • 35. WHO ARE THE INSIDER?? Module 2 + Employees (Disgruntled, Paid informants, Coerced, Former) + Contractors + Business Partner + Subcontractor + Consultants
    • 36. WHAT THEY CAN DO?? Module 2 + Attack the network + Attack the information + Export the information + Allow others to have access
    • 37. WHAT YOU CAN DO? Module 2 ASK…. + for identification + for a number where you can return their call + them why they need this information + them who has authorized the request and let them know that you will verify the authorization
    • 38. WATCH FOR THESE BAD GUYS Module 2 + Shoulder Surfing Looking over someone‟s shoulder when the enter password or PIN Code + Dumpster Diving The active search for interesting stuff that others have thrown away
    • 39. DEALING WITH THREATS Module 2 + Lock or shut down your workstation when you‟re away. + No sensitive information is kept visible on the desk. + Never share or lend password. + Gossip is often considered harmless, be conscious of what you are talking about. + If happen to be visited by clients, the computer display must not be visible to them.
    • 40. SOCIAL ENGINEER: GET TO KNOW HIM… Module 2 + A SOCIAL ENGINEER is a person who will deceive or con others into divulging information that they wouldn‟t normally share. The goal of social engineering is to trick someone into providing valuable information.
    • 41. TYPES OF SOCIAL ENGINEER Module 2 Computer Based + Spyware + Spam + Spoof Websites + Hoaxes Human Based + By Phone + Impersonation - Important user - Techs support - Important person
    • 42. IDENTITY THEFT Module 2 + Identity theft is when criminal obtains and uses a consumer‟s personal information for his/her fraudulent usage.
    • 43. HOW DO THEY DO IT? Module 2 Using LOW and HIGH tech methods : + Shoulder surfing at ATMs + Steal your mail + Dumpster diving + Checking credit card mail
    • 44. SIMPLE WAYS TO PROTECT YOURSELF Module 2 + Destroy private records and statements + Secure your mail + Safeguard your smart ID number + Do not leave a paper trail + Know who you are dealing with + Be more defensive with personal information + Monitor your credit transaction/ review the statement carefully
    • 45. SECURING CONFIDENTIAL INFORMATION Module 2 + Make sure NOT to save it to default location. + ENCRYPT all confidential information (with the help of your IT support). + Arrange professionally administered and regular backups. + Store printed/media containing CONFIDENTIAL information in locked file cabinets or drawers. + LIMIT access to the file cabinets or drawers if possible even to the storage area. + Computer SHOULDN‟T be left logged on when unattended, please enable your screen-password or lock your account.
    • 46. PROTECTING PAPER DOCUMENTS Module 2 + Don't leave sensitive documents in clear sight in work areas. + When printed, should be cleared from printers immediately. + Shred sensitive documents when they are no longer needed. + Don’t make unnecessary copy of the documents + Don't leave the originals after using photocopier, fax machines, etc.
    • 47. PROTECTING PORTABLE DEVICES Module 2 + Laptop or portable devices are largest security threat. + The characteristics of these devices contribute to be the target of thieves. + Exposure of critical information. + Sensitive data is also often carried on portable devices. + Theft or stolen devices +Subject to theft or loss of data. Account Numbers? Password of your ATM?
    • 48. PORTABLE DEVICES: PHYSICAL SECURITY Module 2 + NEVER leave any media unattended. + PUT all media contain important data in a safe place. + If you must leave it in a car - put it in the TRUNK. + Use a CARRYING CASE + LOCK it in a desk or in an office that can be locked. + Buy a CABLE LOCKING device for laptop and use it!
    • 49. PORTABLE DEVICES: DATA SECURITY Module 2 + CONSIDER to store important data to a different location. + ENABLE screen-saver password control. + Multi Factor Identification access measures i.e. Fingerprint, face Recognition and etc. + Regularly BACK UP data.
    • 50. DATA BACKUP Module 2 + Use other RELIABLE media such as external H/D, CD/DVD Rom, USB drive. + Another way is to back up to your ANOTHER hard drive. + It is NOT advisable to put your data to an “online” backup storage. + It‟s a BAD idea to back up to your floppy disks. + MUST TEST for restoration after backup. + Backup your data REGULARLY!
    • 51. WHY SHOULD I ?? Module 2 + User error (deliberately or not). + Hardware failure and software failure. “There are only two types of hard drives - the ones that have failed and the ones that will fail.“ + Never keep your data to a temporary storage for too long E.g. Floppy disks is good temporary storage media but not for permanent data storage. + Possible cause for data loss is power failure or spikes. + Data loss through virus attacks.
    • 52. MEDIA SANITIZATION & INFORMATION DISPOSITION Module 2 + It is the process for removing confidential data from storage media, with reasonable assurance that the data cannot be retrieved and reconstructed. Why? + Eliminating the risk of data falling into the wrong hands + Protecting confidential information + Re-usable Media
    • 53. MEDIA SANITIZATION METHODS Module 2 + Overwriting Using a program to write onto the media where it is common practice to overwrite the media three times. + Degaussing Magnetically erasing data from magnetic media + Destruction Shredding or burning media.
    • 54. SOFTWARE PIRACY AND COPYRIGHT INFRINGEMENT Module 2 + Copyright Infringement The unauthorized duplication of copyrighted material, such as books, music, movies, artwork, photographs, and other types of intellectual property, as such materials are known. + Software Piracy Unauthorized copying, distributing or downloading of copyrighted software.
    • 55. WHAT YOU SHOULD KNOW Module 2 + 3 categories of software licenses i.e., Freeware, Shareware and Commercial. + Software piracy contributes to lost sales, jobs, wages. + Unlicensed software is one of the prime sources of computer viruses. + No warranties or support for unlicensed software. + Can put yourself and company at risk by pirating a product protected by copyright law. + When software is copyright-protected, and the copyright is enforceable for 95 years. + SOFTWARE PIRACY IS ILLEGAL AND THEFT!
    • 56. PENALTIES Module 2 In most countries, organizations can be held liable when employees copy or download unauthorized software. + Penalties include damages, fines and even criminal sentences + In the United States, infringers face civil damages up to $150,000 for each program copied
    • 57. WHAT YOU SHOULD DO?? Module 2 + OBEY to policy! + ENSURE that you only obtain software through APPROVED methods and install it in accordance with LICENSING of the specific software. + If you are NOT the copyright owner, you MAY NOT copy, distribute, modify, or display it. + DO NOT share any copyrighted materials unless you have permission to do so!
    • 58. Module 2 If commercial software is not an option, Go for OPENSOURCE Opensource = Freebies
    • 59. CASE STUDY Module 2 The left one is genuine
    • 60. ANY QUESTION? Module 2
    • 61. COURSE MODULES • Information Security BasicsModule 1 • General Security Threats and Its Counter MeasuresModule 2 • Online Security Threats and Its Counter measuresModule 3 • Incident Handling and ReportingModule 4
    • 62. USE OF COMPUTER & INTERNET COVERS Module 3 + Securing your Computer + Email Safety Practices + Internet Security Threats & Its Countermeasure
    • 63. SECURING YOUR COMPUTER Module 3 From What and Who? + Hackers + Malware : - Viruses and worms - Trojan horse - Spyware - Botnet/Zombies - Rootkit - Phishing + Digital download and file sharing
    • 64. WHO ARE THEY? Module 3 + HACKER : Intruder and Criminal + HACKER : Script Kiddies + HACKER : Brilliant Programmer + HACKER : Security Expert
    • 65. MALWARE Module 3 + Short for MALicious softWARE, software designed specifically to damage or disrupt a system, malware includes computer Viruses, Worms, Trojan horses, Spyware, Rootkit, etc.
    • 66. VIRUSES Module 3 + Old “traditional” viruses usually require human interaction. - E.g. by clicking the attachment + Typically just attach themselves to programs & documents, and then depend on humans to propagate. + It exhibit many different symptoms + This is changing…
    • 67. WORMS Module 3 + Slow down networks and Internet + Sasser, Blaster are examples + Scary part – often autonomously without human intervention + Replicated Automatically without human help + Spread because of vulnerability or „holes‟ in software
    • 68. TROJAN HORSE Module 3 + Program that appears to be a “good” program, but isn‟t. + Might do what it is supposed to, plus more! + They are not self-replicating but if infected it allow to download other malware.
    • 69. WELL KNOWN TROJAN HORSES Module 3 + Back Orifice 2000 (BO2K) + SubSeven + NetBus + Ghost Rat (used in GhostNet “cyber spying” operation)
    • 70. BEHIND GHOSTNET MALWARE Module 3
    • 71. SPYWARE Module 3 + Software that collects information about you. + Related to ADWARE = „Advertising Software‟ + Example: Toolbar programs - Once the toolbar program is installed, it can collect anything it wants to. - Record websites, names & passwords + Even if you remove them, they leave “bread crumbs” so that they re-install themselves.
    • 72. HOW DO YOU GET INFECTED?? Module 3 + Downloading unknown file attachment + Illegal copies of software + Freeware/shareware and bulletin board programs + Infected disks from shops + Introduction of viruses to shared systems (networked)
    • 73. COMMON GIVEAWAYS Module 3 + Strange behavior on computer system which was previously OK. + Can cause system unstable; - Blue Screen of Death - Error when attempt to shutdown or reboot your computer + Bad network traffic is detected.
    • 74. HOW TO PREVENT Module 3 + Don’t open/answer or forward unexpected email attachments Delete Immediately. + Click “CANCEL" (instead of "ok") or close unexpected dialogue boxes when using the web. + Run antivirus & antispyware software which is automatically updated*. + Don't copy or run software from non-trusted sources. + Choose secure passwords and change them regularly. + Keep your operating system and software UP-TO-DATE * + Protect your system by firewall* + Keep backups of your important stuff*
    • 75. SCAM & PHISHING Module 3 + Phishing is a fraudulent attempt, usually made through email, to steal your personal information. + Phishing emails usually appear to come from a well-known organization and ask for your personal information such as: - Credit Card Number - Account Number & Password + Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.
    • 76. SCAM & PHISHING Module 3 www.antiphishing.org
    • 77. PASSWORD MANAGEMENT Module 3
    • 78. WHY NEED A STRONG PASSWORD?? Module 3 Problem/Dilemma: + User need to remember + It‟s transferable + Easy to guess + Not secure + Employing identical password
    • 79. HOW TO CREATE A STRONG PASSWORD?? Module 3 + Be 6 to 10 characters in length + Combination of - capital letters (A…Z) - lower case letters (a…z) - numbers (0-9) - special characters (!, *, &, %, $, #,@) + Not based on a dictionary word, a proper name, or dates + Be a short phrase (such as Up&AtM@7!) + Make an easy to remember password + Don‟t make it so obvious for - e.g. car plate no., your nickname, your daughter / son‟s names
    • 80. METHODS OF PASSWORD CONSTRUCTION Module 3 THE VANITY PLATE I feel great If33lg8! Indomee are # 1 1nd0m33R#1 COMPOUND WORDS Belacan Hitam B3l@c@nH!+@M Cacah Tempuyak C@c@h+3mpuy@k PHRASES Mun paham bisai M&P4mB5@! Jack and Jill went up the hill to fetch a pail of water J&Jwu+h2f@p0W
    • 81. WAYS TO STEAL YOUR PASSWORD Module 3
    • 82. MANAGING YOUR PASSWORD Module 3 + DO NOT SHARE your password with anyone, anytime! + NEVER TO WRITE your password on any papers. + If you ever receive a telephone call from someone claiming to need your password, REPORT it immediately. + When you receive technical assistance, ENTER YOUR PASSWORD YOURSELF. Do not reveal it. + BE CAREFUL about typing your password into a strange computer, a strange program, web site, or server. + DO NOT USE the same password & REPLACE Your Strong Password When It Wears Out + If you have to keep it somewhere, make sure to keep it in a SECURE LOCATION.
    • 83. EMAIL THREAT Module 3 + Email can be forged + Attachment with malicious contents + Email viruses + Hidden file extensions + Spam + Scam and Phishing + Hoaxes or urban legend
    • 84. SPAM MAIL Module 3
    • 85. EMAIL HOAX Module 3
    • 86. ESSENTIAL EMAIL ETIQUETTE Module 3 + Use an appropriate subject. + Address recipients properly. + To protect their privacy, enter their address in the “BCC”. + Use an appropriate tone. + Avoid irony and sarcasm. + Re-read your message before sending. + Keep message brief and to the point.
    • 87. SAFE EMAIL PRACTICES Module 3 + NEVER forward chain and unsolicited mail. + NEVER use personal email for corporate use. + WATCH OUT for internet hoaxes and computer virus myths. + DON’T forge messages. + DON’T forward emails unless with authorization. + DO NOT click on a suspicious link. In some cases, doing so may cause malicious software to be downloaded to your computer. + DELETE the suspicious email message.
    • 88. DEALING WITH ATTACHMENTS Module 3 + KNOW your sender! + WATCH OUT for these kinds of extensions : .bat , .com , .exe , .vbs, .Zip, .Pif and .Scr. + BEWARE of the double extension for e.g. mypic.jpg.vbs + Scan with UPDATED anti-virus before you open any attachments. + AVOID sending attachment if the information can be typed in. + Best to send as TEXT rather than .doc + Apparently safe file types include .GIF, .JPG,.TIF,.BMP,.MPG,.AVI, .TXT, .PDF,.RTF
    • 89. INTERNET SECURITY THREATS & ITS COUNTERMEASURES Module 3 Popular Features: + World Wide Web + Email + Online Shopping + Social Network Service + Video-Conferencing
    • 90. WEB BROWSING Module 3 + Pop-ups When browsing to certain sites, another browser window appears as a pop- up (sometimes without a frame or controls). + Cookies Keep information about your sessions with websites. They are little files placed on your computer by the website host. + The Cache (Temporary Internet Files) When browsing, copies of pictures and web pages are copied to your local machine in the cache, a folder for temporary Internet files
    • 91. CLEAN YOUR BROWSER Module 3 + Use a pop-up blocker in conjunction with your browser. + Clear cookies from the browser regularly. + The cache may be purged (emptied) regularly, if you wish.
    • 92. CLEAN YOUR BROWSER Module 3 Online Shopping benefits + You don‟t need to go anywhere + The Internet is always open - 24 x 7 + Bargains can be numerous online GOOD deals + Convenient
    • 93. SPOT THE DIFFERENCE Module 3 www.eqold.com www.egold.com
    • 94. HHMMMM…. Module 3 ?
    • 95. TIPS FOR SAFE SHOPPING Module 3 + USE a secure browser + Shop companies you KNOW + Keep password PRIVATE + Pay by CREDIT or CHARGE card + Print a COPY of your order + Review the RETURN policy + Watch out for HIDDEN cost + Be SKEPTICAL
    • 96. THE DANGER OF ONLINE COMMUNICATION Module 3 + Identity can be mysterious + You don‟t know who else might be seeing the conversation + Vulnerable to certain attacks + Software contain vulnerabilities + Inappropriate security settings
    • 97. SOCIAL NETWORK SERVICES Module 3 A social network service focuses on building online communities of people who share interests and/or activities, or who are interested in exploring the interests and activities of others. Most social network services are web based and provide a variety of ways for users to interact, such as e-mail and instant messaging services.
    • 98. PROS OF SOCIAL NETWORKING SERVICE Module 3 + Encourage new ways to communicate and share information. + Business decision makers are now preferring communication channels that are two-way dialogs, channels that resemble social networking applications. This is a great way for businesses to advertise their products. + Social networking allow us to identify and connect to friends and strangers.
    • 99. CONS OF SOCIAL NETWORKING SERVICE Module 3 + Invasion of Privacy + Potential for misuse + Risk for child safety + Vulnerable to any attacks
    • 100. CYBER CRIME Module 3 Even more dangerous: + Cyberstalking + Cyberbullying + Cyberharrassment
    • 101. COMMUNICATE SAFELY Module 3 + Be conscious of what information to reveal, never give out personal information about yourself. + Verify identity of the person you talking to. + Never believe everything you read. + Don’t respond to flaming, if situation become hostile, log off or surf elsewhere. + Use genderless screen name. + Posting makes your email public.. + If someone makes threat, report to moderator or website operator. + Never confront stalker/harasser.
    • 102. IF IT GETS WORSEN… Module 3 + Save evidence + Try to identify the culprit + Contact police if there are threats of violence, extortion or sexual exploitation.
    • 103. CASE STUDY Module 3 You have logon to a terminal with your own password but then your colleague need to use the pc urgently. Will you let him use the terminal without logging off? What should you do?
    • 104. ANY QUESTION? Module 3
    • 105. COURSE MODULES • Information Security BasicsModule 1 • General Security Threats and Its Counter MeasuresModule 2 • Online Security Threats and Its Counter measuresModule 3 • Incident Handling and ReportingModule 4
    • 106. EMERGENCY! WHAT TO DO? Module 4 + Don‟t Panic + Never pull the plug or shutdown the computer. + Start taking notes. + Notify upper management/IT department. + Call in the CERT team. + Someone in the company should be the point person in case the public becomes aware of the situation. + Give support to your CERT. + Conduct briefings and meetings after the clean-up.
    • 107. TYPES OF INCIDENT BASED ON SEVERITY Module 4 + LOW Loss of passwords, unauthorized sharing of passwords, successful/unsuccessful scans/probes, hardware misuse. + MEDIUM Property destruction, illegal download of music/files or unauthorized software, unauthorized use of system for personal data, acts by disgruntled employees, illegal hardware access/trespass, theft (minor). + HIGH Child pornography, pornography, personal theft, property destruction, break- in, illegal software download, malicious code ( viruses, worms, Trojan horses, malicious scripts,…), changes to system hardware, software, or firmware, violation of law.
    • 108. Depends on the party REPORT PROCEDURES Module 4 + Users: In their interest to report the incident, usually to the “help desk”(IT department). + System administrators: Report to CSIRT (Computer Security Incident Response Team) in the organization or CERT Team.
    • 109. WHAT TO REPORT? Module 4 + Date and Time of incident + Location of the incident + Type of computer + Application that were running at that time + What did you do before incident happen? + What do you see?
    • 110. POINT OF CONTACTS Module 4
    • 111. ANY QUESTION? Module 3
    • 112. REMEMBER!