SlideShare a Scribd company logo

Security_Awareness_Primer.pptx

Download as PPTX, PDF
F
Faith Shimba

IS and CS Security

Internet
1 of 32
1
IMPORTANCE OF CYBERSECURITY 2  The internet allows an attacker to work from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and your organization)  Sanctions or termination if policies are not followed  According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
CYBERSECURIT Y IS SAFETY 3 Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
USER AWARENESS 4 Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Sell credit card numbers, etc… System Administrators Some scripts appear useful to manage networks… Malware package earns $1K-2K 1 M Email addresses earn $8 10,000 PCs earn $1000 Posts to
LEADING THREATS Viruses Worms Trojan Horses / Logic Bombs Social Engineering Rootkits Botnets / Zombies 5
VIRUSES  A virus attaches itself to a program, file, or disk.  When the program is executed, the virus activates and replicates itself.  The virus may be benign or malignant but executes its payload at some point (often upon contact).  Viruses can cause computer crashes and loss of data.  In order to recover or prevent virus attacks:  Avoid potentially unreliable websites/emails.  System Restore.  Re-install operating system.  Use and maintain anti-virus software. 6 Program A Extra Code Program B infects
WORMS Independent program that replicates itself and sends copies from computer to computer across network connections. Upon arrival, the worm may be activated to replicate. 7 To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@u.edu
LOGIC BOMBS AND TROJAN HORSES Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons.  Examples:  Software which malfunctions if maintenance fee is not paid.  Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system.  Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. 8
SOCIAL ENGINEERING Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. 9 Phone Call: This is John, the System Administrator. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some lovely software patches! I have come to repair your machine…
PHISHING: COUNTERFEIT EMAIL Phishing: A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail. 10
PHARMING: COUNTERFEIT WEB PAGES The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner. The counterfeit web page looks like the real thing  Extracts account information 11 Misspelled Wiping over, but not clicking the link may reveal a different address. With whom? Copyright date is old
BOTNET 12  A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies.
MAN IN THE MIDDLE ATTACK An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server. 13
ROOTKIT  Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)into the enterprise  Keystroke logger  Eliminates evidence of break-in.  Modifies the operating system. 14
PASSWORD CRACKING Dictionary Attack and Brute Force 15 Pattern Calculation Result Time to Guess (2.6x1018 tries/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
GEORGIA DATA BREACH NOTIFICATION LAW O.C.G.A. §§10-1-910, -911, -912 An unauthorized acquisition of electronic data that compromises the security, confidentiality or integrity of “personal information.” Personal Information Social Security Number. Driver’s license or state ID number. Information permitting access to personal accounts. Account passwords or PIN numbers or access codes. Any of the above in connection with a person’s name if the information is sufficient to perform identity theft against the individual. 16
IDENTIFYING SECURITY COMPROMISES  Symptoms:  Antivirus software detects a problem.  Disk space disappears unexpectedly.  Pop-ups suddenly appear, sometimes selling security software.  Files or transactions appear that should not be there.  The computer slows down to a crawl.  Unusual messages, sounds, or displays on your monitor.  Stolen laptop: 1 stolen every 53 seconds; 97% never recovered.  The mouse pointer moves by itself.  The computer spontaneously shuts down or reboots.  Often unrecognized or ignored problems. 17
MALWARE DETECTION • Spyware symptoms: • Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance. 18
BEST PRACTICES TO AVOID THESE THREATS uses multiple layers of defense to address technical, personnel and operational issues. 19 User Account Controls
ANTI-VIRUS AND ANTI- SPYWARE SOFTWARE • Anti-virus software detects certain types of malware and can destroy it before any damage is done. • Install and maintain anti-virus and anti- spyware software. • Be sure to keep anti- virus software updated. • Many free and commercial options exist. • Contact your Technology Support Professional for 20
HOST-BASED FIREWALLS • A firewall acts as a barrier between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents many hacker connections to your computer. • Firewalls filter network packets that enter or leave your computer 21
PROTECT YOUR OPERATING SYSTEM  Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator  Apple provides regular updates to its operating system and software applications.  Apply Apple updates using the App Store application. 22
USE STRONG PASSWORDS Make passwords easy to remember but hard to guess USG standards: Be at least ten characters in length Must contain characters from at least two of the following four types of characters:  English upper case (A-Z)  English lower case (a-z)  Numbers (0-9)  Non-alphanumeric special characters ($, !, %, ^, …) Must not contain the user’s name or part of the user’s name Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. 23
CREATIN G STRONG PASSWO RDS A familiar quote can be a good start: Using the organization standard as a guide, choose the first character of each word:  LIASMWTFOS Now add complexity the standard requires:  L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4 types). Or be more creative! 24 “LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare
PASSWORD GUIDELINES Never use admin, root, administrator, or a default account or password for administrative access. A good password is:  Private: Used by only one person.  Secret: It is not stored in clear text anywhere, including on Post-It® notes!  Easily Remembered: No need to write it down.  Contains the complexity required by your organization.  Not easy to guess by a person or a program in a reasonable time, such as several weeks.  Changed regularly: Follow organization standards. Avoid shoulder surfers and enter your credentials carefully! If a password is entered in the username field, those attempts usually appear in system logs. 25
AVOID SOCIAL ENGINEERING AND MALICIOUS SOFTWARE Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust. 26
AVOID STUPID HACKER TRICKS Be sure to have a good firewall or pop-up blocker installed. Pop-up blockers do not always block ALL pop-ups so always close a pop- up window using the ‘X’ in the upper corner. Never click “yes,” “accept” or even “cancel.” Infected USB drives are often left unattended by hackers in public places. 27
SECURE BUSINESS TRANSACTIONS  Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. 28 https:// Symbol indicating enhanced security
BACKUP IMPORTA NT INFORMAT ION  No security measure is 100% reliable.  Even the best hardware fails.  What information is important to you?  Is your backup: Recent? Off-site & Secure? Process Documented? Encrypted? Tested? 29
CYBER INCIDEN T REPORT ING 30 If you suspect a cybersecurity incident, notify your organization’s help desk immediately. Be prepared to supply the details you know and contact information. •Do not attempt to investigate or remediate the incident on your own. •Inform other users of the system and instruct them to stop work immediately. •Unless instructed, do not power down the machine. •Unless instructed, do not remove the system from the network. The cybersecurity incident response team will contact you as soon as possible to gather additional information. Each organization is required to have a specific plan to handle cybersecurity incidents. Refer to local policies, standards and guidelines for specific information.
FRAUD  Organizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)  Average scheme lasts 18 months, costs $159,000  25% costs exceed $1M  Smaller companies suffer greater average dollar losses than large companies ESSENTIALS OF CORPORATE FRAUD, T L COENEN, 2008, JOHN WILEY & SONS 31 Internal Fraud Recovery $0 Recovered Recovery<=25% Substantial Recovery
FRAUD DISCOVERY Tips are the most common way fraud is discovered. Tips come from:  Employee/Coworkers 64%,  Anonymous 18%,  Customer 11%,  Vendor 7% If you suspect possible fraud, report it anonymously to the USG ethics hot line at 877-516-3466. ESSENTIALS OF CORPORATE FRAUD, T L COENEN, 2008, JOHN WILEY & SONS 32 0 5 10 15 20 25 30 35 40 Tip By Accident Internal Audit Internal Controls External Audit Notified by Police % How Fraud is Discovered

Recommended

Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxssuser04fcec
 
UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptDiveshK4
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information SecurityWorldTrade3
 
User security awareness
User security awarenessUser security awareness
User security awarenessK. A. M Lutfullah
 

Recommended

Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxssuser04fcec
 
UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptDiveshK4
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information SecurityWorldTrade3
 
User security awareness
User security awarenessUser security awareness
User security awarenessK. A. M Lutfullah
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
IT security awareness
IT security awarenessIT security awareness
IT security awarenessDr. Ramkumar Lakshminarayanan
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityAdeel Younas
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101Mache Aggie
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxDhruvsinhbhati
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSyed Irshad Ali
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)लक्ष्मण गिरी
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxFarhanaMariyam1
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptricagip499
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 

More Related Content

Similar to Security_Awareness_Primer.pptx

Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101Mache Aggie
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxDhruvsinhbhati
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxFarhanaMariyam1
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptricagip499
 

Similar to Security_Awareness_Primer.pptx (20)

Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
IT security awareness
IT security awarenessIT security awareness
IT security awareness
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.ppt
 

Recently uploaded

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 

Security_Awareness_Primer.pptx

  • 1. 1
  • 2. IMPORTANCE OF CYBERSECURITY 2  The internet allows an attacker to work from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and your organization)  Sanctions or termination if policies are not followed  According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
  • 3. CYBERSECURIT Y IS SAFETY 3 Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
  • 4. USER AWARENESS 4 Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Sell credit card numbers, etc… System Administrators Some scripts appear useful to manage networks… Malware package earns $1K-2K 1 M Email addresses earn $8 10,000 PCs earn $1000 Posts to
  • 5. LEADING THREATS Viruses Worms Trojan Horses / Logic Bombs Social Engineering Rootkits Botnets / Zombies 5
  • 6. VIRUSES  A virus attaches itself to a program, file, or disk.  When the program is executed, the virus activates and replicates itself.  The virus may be benign or malignant but executes its payload at some point (often upon contact).  Viruses can cause computer crashes and loss of data.  In order to recover or prevent virus attacks:  Avoid potentially unreliable websites/emails.  System Restore.  Re-install operating system.  Use and maintain anti-virus software. 6 Program A Extra Code Program B infects
  • 7. WORMS Independent program that replicates itself and sends copies from computer to computer across network connections. Upon arrival, the worm may be activated to replicate. 7 To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@u.edu
  • 8. LOGIC BOMBS AND TROJAN HORSES Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons.  Examples:  Software which malfunctions if maintenance fee is not paid.  Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system.  Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. 8
  • 9. SOCIAL ENGINEERING Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. 9 Phone Call: This is John, the System Administrator. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some lovely software patches! I have come to repair your machine…
  • 10. PHISHING: COUNTERFEIT EMAIL Phishing: A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail. 10
  • 11. PHARMING: COUNTERFEIT WEB PAGES The link provided in the e-mail leads to a counterfeit webpage which collects important information and submits it to the owner. The counterfeit web page looks like the real thing  Extracts account information 11 Misspelled Wiping over, but not clicking the link may reveal a different address. With whom? Copyright date is old
  • 12. BOTNET 12  A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies.
  • 13. MAN IN THE MIDDLE ATTACK An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server. 13
  • 14. ROOTKIT  Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)into the enterprise  Keystroke logger  Eliminates evidence of break-in.  Modifies the operating system. 14
  • 15. PASSWORD CRACKING Dictionary Attack and Brute Force 15 Pattern Calculation Result Time to Guess (2.6x1018 tries/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
  • 16. GEORGIA DATA BREACH NOTIFICATION LAW O.C.G.A. §§10-1-910, -911, -912 An unauthorized acquisition of electronic data that compromises the security, confidentiality or integrity of “personal information.” Personal Information Social Security Number. Driver’s license or state ID number. Information permitting access to personal accounts. Account passwords or PIN numbers or access codes. Any of the above in connection with a person’s name if the information is sufficient to perform identity theft against the individual. 16
  • 17. IDENTIFYING SECURITY COMPROMISES  Symptoms:  Antivirus software detects a problem.  Disk space disappears unexpectedly.  Pop-ups suddenly appear, sometimes selling security software.  Files or transactions appear that should not be there.  The computer slows down to a crawl.  Unusual messages, sounds, or displays on your monitor.  Stolen laptop: 1 stolen every 53 seconds; 97% never recovered.  The mouse pointer moves by itself.  The computer spontaneously shuts down or reboots.  Often unrecognized or ignored problems. 17
  • 18. MALWARE DETECTION • Spyware symptoms: • Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance. 18
  • 19. BEST PRACTICES TO AVOID THESE THREATS uses multiple layers of defense to address technical, personnel and operational issues. 19 User Account Controls
  • 20. ANTI-VIRUS AND ANTI- SPYWARE SOFTWARE • Anti-virus software detects certain types of malware and can destroy it before any damage is done. • Install and maintain anti-virus and anti- spyware software. • Be sure to keep anti- virus software updated. • Many free and commercial options exist. • Contact your Technology Support Professional for 20
  • 21. HOST-BASED FIREWALLS • A firewall acts as a barrier between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents many hacker connections to your computer. • Firewalls filter network packets that enter or leave your computer 21
  • 22. PROTECT YOUR OPERATING SYSTEM  Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator  Apple provides regular updates to its operating system and software applications.  Apply Apple updates using the App Store application. 22
  • 23. USE STRONG PASSWORDS Make passwords easy to remember but hard to guess USG standards: Be at least ten characters in length Must contain characters from at least two of the following four types of characters:  English upper case (A-Z)  English lower case (a-z)  Numbers (0-9)  Non-alphanumeric special characters ($, !, %, ^, …) Must not contain the user’s name or part of the user’s name Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. 23
  • 24. CREATIN G STRONG PASSWO RDS A familiar quote can be a good start: Using the organization standard as a guide, choose the first character of each word:  LIASMWTFOS Now add complexity the standard requires:  L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4 types). Or be more creative! 24 “LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare
  • 25. PASSWORD GUIDELINES Never use admin, root, administrator, or a default account or password for administrative access. A good password is:  Private: Used by only one person.  Secret: It is not stored in clear text anywhere, including on Post-It® notes!  Easily Remembered: No need to write it down.  Contains the complexity required by your organization.  Not easy to guess by a person or a program in a reasonable time, such as several weeks.  Changed regularly: Follow organization standards. Avoid shoulder surfers and enter your credentials carefully! If a password is entered in the username field, those attempts usually appear in system logs. 25
  • 26. AVOID SOCIAL ENGINEERING AND MALICIOUS SOFTWARE Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust. 26
  • 27. AVOID STUPID HACKER TRICKS Be sure to have a good firewall or pop-up blocker installed. Pop-up blockers do not always block ALL pop-ups so always close a pop- up window using the ‘X’ in the upper corner. Never click “yes,” “accept” or even “cancel.” Infected USB drives are often left unattended by hackers in public places. 27
  • 28. SECURE BUSINESS TRANSACTIONS  Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. 28 https:// Symbol indicating enhanced security
  • 29. BACKUP IMPORTA NT INFORMAT ION  No security measure is 100% reliable.  Even the best hardware fails.  What information is important to you?  Is your backup: Recent? Off-site & Secure? Process Documented? Encrypted? Tested? 29
  • 30. CYBER INCIDEN T REPORT ING 30 If you suspect a cybersecurity incident, notify your organization’s help desk immediately. Be prepared to supply the details you know and contact information. •Do not attempt to investigate or remediate the incident on your own. •Inform other users of the system and instruct them to stop work immediately. •Unless instructed, do not power down the machine. •Unless instructed, do not remove the system from the network. The cybersecurity incident response team will contact you as soon as possible to gather additional information. Each organization is required to have a specific plan to handle cybersecurity incidents. Refer to local policies, standards and guidelines for specific information.
  • 31. FRAUD  Organizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)  Average scheme lasts 18 months, costs $159,000  25% costs exceed $1M  Smaller companies suffer greater average dollar losses than large companies ESSENTIALS OF CORPORATE FRAUD, T L COENEN, 2008, JOHN WILEY & SONS 31 Internal Fraud Recovery $0 Recovered Recovery<=25% Substantial Recovery
  • 32. FRAUD DISCOVERY Tips are the most common way fraud is discovered. Tips come from:  Employee/Coworkers 64%,  Anonymous 18%,  Customer 11%,  Vendor 7% If you suspect possible fraud, report it anonymously to the USG ethics hot line at 877-516-3466. ESSENTIALS OF CORPORATE FRAUD, T L COENEN, 2008, JOHN WILEY & SONS 32 0 5 10 15 20 25 30 35 40 Tip By Accident Internal Audit Internal Controls External Audit Notified by Police % How Fraud is Discovered

Editor's Notes

  1. Security: The way in which we protect access to our computers and information. E.g. Anti-virus software, firewall Safety: The we behave while using the internet. E.g. Safe email behavior, safe software downloading behavior Stress the difference and the importance of both together to provide a safe and secure computing environment.
  2. Users must be aware of the threats that exist in order to properly detect and prevent them.
  3. Viruses Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet. Computer viruses are often hidden in what appear to be useful or entertaining programs or e-mail attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in e-mail to friends and colleagues.
  4. Worms Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as email.
  5. Logic Bomb Malware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database. Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination. Trojan Horses A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later. The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.
  6. Social Engineering can occur in-person, over the phone, in emails or fake web pages. Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. The next two slides discuss two types of Social Engineering: phishing and pharming.
  7. Phishing: A type of Social Engineering. The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a counterfeit website. Typically the e-mail and the web site looks like they are part of a trusted organization with whom the user is familiar.
  8. Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.
  9. When your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to locate and eradicate. Zombie: a compromised computer which may host pornography, illegal music and/or movies Botnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks.
  10. Man in the middle attackers can deploy decoy wireless access points near legitimate ones but pretend to be legitimate. The decoy access point resembles the legitimate one, fooling unwitting users into giving up their credentials.
  11. RootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
  12. This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password. Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation. At this stage just discuss the attacks and comparisons to password lengths and patterns. Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
  13. . NIST also recommends including criminal records, student grades, passport numbers, mortgage numbers, civil court numbers, date/place of birth, and more.
  14. Windows and Mac OS X have host-based firewall software built-in. Be sure to always have it on. It is necessary to have software firewalls on each computer even if you have a hardware firewall protecting your network. If your hardware firewall is compromised by a hacker or by malicious code of some kind, you don’t want the intruder or malicious program to have unlimited access to your computers and the information on those computers. Every computer in the network should have its own software firewall enabled. Windows and Mac OS X operating systems have a built-in firewall, which can be easily located in the control panel on the PC or System Preferences on the Mac. Ensure it is always turned on. For other commercial operating systems, the operations manual should have instructions about the firewall options. For an optional implementation of firewall security, commercial third-party firewall software can be installed.
  15. Make passwords according to organization standards. USG has set a minimum.
  16. Email Attachments Attachments should be opened only from trusted senders. If you are not expecting an email attachment from the sender, it’s a good idea to call and confirm, before opening the attachment. Spam email often asks for sensitive information. Links in emails Never click on link in email attachment, except only when you are expecting it. If you are not expecting an email link from the sender, it’s a good idea to call and confirm, before clicking the email link. If you hover the cursor over an email’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match. Trustworthy Web Pages Software download should be done only from trusted websites like Microsoft for Windows updates and Office application updates. Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.
  17. A pop-up blocker should be installed (many browsers have them as add-ons), but they do not always block all pop-ups Do not respond to pop ups while working online. For example, a malicious pop up message may say that you have a virus on the system. Close it by clicking on X in the upper right corner. If you click OK, it might install spyware or other malicious code.‘ Infected USB drives are often left unattended by hackers in public places. They intend for unsuspecting people to take the USB home or to the office and unknowingly install the worm or malicious code.
  18. Always use secure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. Look for https and/or lock or secure symbol
  19. Backup should be done (at least)once a week. If possible, store to a removable media. The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB). Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month. Backup data should be tested periodically to ensure reliability.
  20. Cyber incident reporting standards are detailed the IT handbook. These are general standards and are operationalized by guidelines specific to the organization.
  21. Tips on fraud are most frequent method of discovering it. The percentages given for where the tips come from are percentages of total tips, not total fraud discoveries.