SlideShare a Scribd company logo

Baking Security into the Company Culture (2017)

Download as PPTX, PDF
M
Mike Kleviansky

Securing company assets is a shared responsibility. It requires People, Process and Technology to be effective. This non-technical slide deck is compulsory viewing for all company staff. It is designed to educate staff about security risks, building an in-house security culture, and explains how humans are the weakest link in the security chain. While the slides are self explanatory, detailed slide notes to significantly enhance the presentation, are available on request. To receive your complimentary slide notes, please email mikek@m-net.com.au with title "Baking Security - Notes". Alternatively, if you would like this session professionally presented to your organisation please email: mikek@m-net.com.au with title "Baking Security - Presentation".

Education
1 of 21
0 Baking Security into the Company Culture (an interactive security awareness session to educate staff and foster a security culture) Mike Kleviansky 2017
1 Objective of this Presentation • Gain high level understanding of Information Security • Understand that Security is centred around: PPT • Appreciate that Security is a shared responsibility • Understand common security threats • Understand how you can help mitigate security risks
2 High Level View of IT Security Office 2 Assets Access to Local and Network Data Knowledgeable Staff Cloud Data Office 1 Assets Office Connectivity Friendly Staff Data Centre Third Party Support
3 IT Security Technology is configured by humans Human error is the main cause of security and data breaches!
4 Information Security is a Shared Responsibility Hacker People IT/Security Technology Company Assets Securing Company Assets requires = People + Process + Technology Process
5 The IT Department’s Responsibility Disk/Data Encryption Firewall IDS/IPS Cloud Security Identity and Access Management Define policies and procedures, configure systems/devices, secure, manage operations, etc. Updates OS Patching Risk Analysis Technology can secure infrastructure, systems, applications and data but is configured by people and managed by process
6 Your Responsibility as a Staff Member Corporate Network Strong Passwords USB Beware Follow P & P Wifi is NOT Secure Don’t leave Printouts Unattended Lock screens Physically Secure devices Adhere to Policies and Procedures Be aware of common risks, use common sense and adhere to policies and procedures Malware Beware No sensitive data? Apply privacy settings
7 Common Threat Identification Attack database applications Make systems unavailable Keep trying username/passwords Exploit in Vendor Software YOU have some control of this area Technical Department control this area
8 10 security actions to minimise risk
9 1. Adhere to Company Policies and Procedures
10 2. Strong Passwords are good, but Passphrase is Better • Passwords are a first line of defence! • Make sure your password is secure! • More than 8 characters • Combination of alpha (a-z), Uppercase (A-Z), numeric (0-9) and special (!@#$) • Weak passwords: • password1, mikekleviansky, mikek • Strong passwords: • P@$$:w0rd!, M!k3:KL3v!@nsky, !23:P@$$w0rd, • A passphrase is more effective than a password • Mike Kleviansky is a contract CIO  MkiacCIO2017 • MK:Is:@:G:G • Mnimkaila18ssi2017 • Jack and Jill went up the hill again  JaJwutha • Don’t use same password on different sites • Change passwords on a regular basis (90 days) • Don’t cache passwords in a browser Password please? What is more effective than a passphrase? Answer:Two-factorAuthentication
11 3. An unlocked screen/device is an open invitation! • If your screen is unlocked you are inviting potential trouble! • An unlocked screen is equivalent to no password (in some instances) • Portable devices (e.g. notebook) should be secured at a desk where applicable • Set an inactivity timer to automatically lock your screen • Do you leave the front door open when you pop down to the shops? If your desk is unattended  Lock your screen: CTRL+ALT+DEL, or WIN + L
12 4. USB Storage can be infected and/or stolen • Portable USB storage is not secure: • Data can be infected with malware • Data can be easily stolen • Never insert unauthorised portable devices • Anti Virus software should always scan USB drives by default (or drives disabled) Portable devices (when inserted) are an extension of your desktop environment so secure them
13 5. Phishing for personal information • Phishing - email from “reputable company” to gain personal information • Spear phishing – email from known or trusted sender to gain personal information • Whaling – email that targets high-profile end user in order to gain personal information It is easier to trick someone into clicking a malicious link than hacking into a system masquerade trust contextual
14 5a. Phishing Examples contextual masquerade trust
15 6. Malware is Malicious Software Malware is designed to disrupt, damage or gain authorised access to a computer system Internet Downloads!
16 7. Secure physical devices or risk data loss C:businessE:client data F:Backups DATA = OR Protect your devices against data loss: do NOT store sensitive data locally or encrypt data
17 8. Do not leave printer output unattended • Sensitive data is vulnerable, regardless of the format (softcopy, hardcopy, visual) • Unattended printouts on a printer can be stolen and easily digitally recorded Data on disk Data on screen Data printout Recorded data
18 9. Public Wi-Fi is not Secure Public Cafe The Office VPN Don't trust public Wi-Fi hotspots when dealing with work or personal matters e.g banking
19 10. Apply privacy settings What information does an institution (e.g. bank) require to validate your identity? The less you publish about yourself online, the better. What is published online, stays online, and may be used against you: • Identity theft • Social Engineering (using your details for personal gain) • Negative publicity and branding • Blackmail • Job application rejection John Smith 16/11/1978 Sydney Grammar marybjane@gmail.com 2 Smith Street, Smithfield
20 In Summary … The key takeaways from this session are: • Security and cyber security is a shared responsibility! People, Process and Technology • Humans are the number 1 cause of cyber security breaches • Know your key security responsibilities: secure password, locked screens, etc. • Be able to identify common threats such as Malware, email attachments • Physical security cannot be ignored • Keep it private when it comes to online security • Use common sense at all times

Recommended

Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1Onno Hansen-Staszyński
 
IT Security DOs and DONTs
IT Security DOs and DONTsIT Security DOs and DONTs
IT Security DOs and DONTsIT Tech
 
001 ho basic computer
001 ho basic computer001 ho basic computer
001 ho basic computerFranklin Sondakh
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
B3: Backup & its relevance
B3: Backup & its relevanceB3: Backup & its relevance
B3: Backup & its relevanceRevolucion
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Abso lutely!
Abso lutely!Abso lutely!
Abso lutely!De La Salle-College of Saint Benilde
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presencegueste0b5fe
 

Recommended

Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1Onno Hansen-Staszyński
 
IT Security DOs and DONTs
IT Security DOs and DONTsIT Security DOs and DONTs
IT Security DOs and DONTsIT Tech
 
001 ho basic computer
001 ho basic computer001 ho basic computer
001 ho basic computerFranklin Sondakh
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
B3: Backup & its relevance
B3: Backup & its relevanceB3: Backup & its relevance
B3: Backup & its relevanceRevolucion
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Abso lutely!
Abso lutely!Abso lutely!
Abso lutely!De La Salle-College of Saint Benilde
 
Anti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net PresenceAnti Whaling Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presencegueste0b5fe
 
Judy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationJudy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationGreater Cleveland PC Users Group
 
Security Article
Security ArticleSecurity Article
Security Articlemsullivan1981
 
Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and ToolsHeidi Alexander
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for LibrariansNational Information Standards Organization (NISO)
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for LibrariansNational Information Standards Organization (NISO)
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpointcarlyxxjo55
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protectionTommy Vandepitte
 
What is Browser Sandbox Protection?
What is Browser Sandbox Protection?What is Browser Sandbox Protection?
What is Browser Sandbox Protection?Quick Heal Technologies Ltd.
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Digital security
Digital securityDigital security
Digital securityvaleriadelbosque
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Online reputation
Online reputationOnline reputation
Online reputationesl2m
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 

More Related Content

What's hot

Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and ToolsHeidi Alexander
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpointcarlyxxjo55
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Andrew Schwabe
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protectionTommy Vandepitte
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013kumar641
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Online reputation
Online reputationOnline reputation
Online reputationesl2m
 

What's hot (20)

Judy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationJudy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 Presentation
 
Security Article
Security ArticleSecurity Article
Security Article
 
Practical Encryption Tips and Tools
Practical Encryption Tips and ToolsPractical Encryption Tips and Tools
Practical Encryption Tips and Tools
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for Librarians
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for Librarians
 
Im260 computer hacking powerpoint
Im260 computer hacking powerpointIm260 computer hacking powerpoint
Im260 computer hacking powerpoint
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
 
What is Browser Sandbox Protection?
What is Browser Sandbox Protection?What is Browser Sandbox Protection?
What is Browser Sandbox Protection?
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Digital security
Digital securityDigital security
Digital security
 
Stepping Up conference 2013
Stepping Up conference 2013Stepping Up conference 2013
Stepping Up conference 2013
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Online reputation
Online reputationOnline reputation
Online reputation
 

Similar to Baking Security into the Company Culture (2017)

itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygieneEricK Gasana
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness trainingSandeep Taileng
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptxLuckySaigon1
 
Better to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityBetter to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityEric Kavanagh
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 

Similar to Baking Security into the Company Culture (2017) (20)

itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptx
 
Better to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and SecurityBetter to Ask Permission? Best Practices for Privacy and Security
Better to Ask Permission? Best Practices for Privacy and Security
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 

Recently uploaded

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 

Recently uploaded (20)

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 

Baking Security into the Company Culture (2017)

  • 1. 0 Baking Security into the Company Culture (an interactive security awareness session to educate staff and foster a security culture) Mike Kleviansky 2017
  • 2. 1 Objective of this Presentation • Gain high level understanding of Information Security • Understand that Security is centred around: PPT • Appreciate that Security is a shared responsibility • Understand common security threats • Understand how you can help mitigate security risks
  • 3. 2 High Level View of IT Security Office 2 Assets Access to Local and Network Data Knowledgeable Staff Cloud Data Office 1 Assets Office Connectivity Friendly Staff Data Centre Third Party Support
  • 4. 3 IT Security Technology is configured by humans Human error is the main cause of security and data breaches!
  • 5. 4 Information Security is a Shared Responsibility Hacker People IT/Security Technology Company Assets Securing Company Assets requires = People + Process + Technology Process
  • 6. 5 The IT Department’s Responsibility Disk/Data Encryption Firewall IDS/IPS Cloud Security Identity and Access Management Define policies and procedures, configure systems/devices, secure, manage operations, etc. Updates OS Patching Risk Analysis Technology can secure infrastructure, systems, applications and data but is configured by people and managed by process
  • 7. 6 Your Responsibility as a Staff Member Corporate Network Strong Passwords USB Beware Follow P & P Wifi is NOT Secure Don’t leave Printouts Unattended Lock screens Physically Secure devices Adhere to Policies and Procedures Be aware of common risks, use common sense and adhere to policies and procedures Malware Beware No sensitive data? Apply privacy settings
  • 8. 7 Common Threat Identification Attack database applications Make systems unavailable Keep trying username/passwords Exploit in Vendor Software YOU have some control of this area Technical Department control this area
  • 9. 8 10 security actions to minimise risk
  • 10. 9 1. Adhere to Company Policies and Procedures
  • 11. 10 2. Strong Passwords are good, but Passphrase is Better • Passwords are a first line of defence! • Make sure your password is secure! • More than 8 characters • Combination of alpha (a-z), Uppercase (A-Z), numeric (0-9) and special (!@#$) • Weak passwords: • password1, mikekleviansky, mikek • Strong passwords: • P@$$:w0rd!, M!k3:KL3v!@nsky, !23:P@$$w0rd, • A passphrase is more effective than a password • Mike Kleviansky is a contract CIO  MkiacCIO2017 • MK:Is:@:G:G • Mnimkaila18ssi2017 • Jack and Jill went up the hill again  JaJwutha • Don’t use same password on different sites • Change passwords on a regular basis (90 days) • Don’t cache passwords in a browser Password please? What is more effective than a passphrase? Answer:Two-factorAuthentication
  • 12. 11 3. An unlocked screen/device is an open invitation! • If your screen is unlocked you are inviting potential trouble! • An unlocked screen is equivalent to no password (in some instances) • Portable devices (e.g. notebook) should be secured at a desk where applicable • Set an inactivity timer to automatically lock your screen • Do you leave the front door open when you pop down to the shops? If your desk is unattended  Lock your screen: CTRL+ALT+DEL, or WIN + L
  • 13. 12 4. USB Storage can be infected and/or stolen • Portable USB storage is not secure: • Data can be infected with malware • Data can be easily stolen • Never insert unauthorised portable devices • Anti Virus software should always scan USB drives by default (or drives disabled) Portable devices (when inserted) are an extension of your desktop environment so secure them
  • 14. 13 5. Phishing for personal information • Phishing - email from “reputable company” to gain personal information • Spear phishing – email from known or trusted sender to gain personal information • Whaling – email that targets high-profile end user in order to gain personal information It is easier to trick someone into clicking a malicious link than hacking into a system masquerade trust contextual
  • 16. 15 6. Malware is Malicious Software Malware is designed to disrupt, damage or gain authorised access to a computer system Internet Downloads!
  • 17. 16 7. Secure physical devices or risk data loss C:businessE:client data F:Backups DATA = OR Protect your devices against data loss: do NOT store sensitive data locally or encrypt data
  • 18. 17 8. Do not leave printer output unattended • Sensitive data is vulnerable, regardless of the format (softcopy, hardcopy, visual) • Unattended printouts on a printer can be stolen and easily digitally recorded Data on disk Data on screen Data printout Recorded data
  • 19. 18 9. Public Wi-Fi is not Secure Public Cafe The Office VPN Don't trust public Wi-Fi hotspots when dealing with work or personal matters e.g banking
  • 20. 19 10. Apply privacy settings What information does an institution (e.g. bank) require to validate your identity? The less you publish about yourself online, the better. What is published online, stays online, and may be used against you: • Identity theft • Social Engineering (using your details for personal gain) • Negative publicity and branding • Blackmail • Job application rejection John Smith 16/11/1978 Sydney Grammar marybjane@gmail.com 2 Smith Street, Smithfield
  • 21. 20 In Summary … The key takeaways from this session are: • Security and cyber security is a shared responsibility! People, Process and Technology • Humans are the number 1 cause of cyber security breaches • Know your key security responsibilities: secure password, locked screens, etc. • Be able to identify common threats such as Malware, email attachments • Physical security cannot be ignored • Keep it private when it comes to online security • Use common sense at all times