Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Awareness Training by Wilfrid Laurier University

10,792 views

Published on

Published in: Business, Technology, Education
  • Be the first to comment

Information Security Awareness Training by Wilfrid Laurier University

  1. 1. Information Security Awareness Training
  2. 2. Why Information Security? Information is a valuable asset for all kinds of business More and more information related crimes happen Information leakage, damage will impact, even finish business
  3. 3. Do’s and don’ts Do use licensed and supported software Do have anti-virus tool, keep it up to date, and scan portable media before usage
  4. 4. Verify your Anti-virus is up to date
  5. 5. Verify your Anti-virus is up to date
  6. 6. Do’s and don’ts (continued) Do have your Personal Firewall set to ON
  7. 7. Verify your Personal Firewall is ON
  8. 8. Verify your Personal Firewall is ON
  9. 9. Verify your Personal Firewall is ON
  10. 10. Verify your Personal Firewall is ON
  11. 11. Configure Screen Saver
  12. 12. Configure Screen Saver
  13. 13. Do’s and don’ts (continued) Do keep Windows XP security patches up to date Do keep software up to date Do choose a strong password, change it periodically, and make sure that you are the only person that knows it
  14. 14. Pa55VV0RD!! Don't use your login name in any form Don’t use word or words contained in any language dictionary Don't use numbers significant to you or someone close to you, or associated with the University Don't use passwords based on simple keyboard patterns Remember it or keep it in a protected place, such as a locked safe
  15. 15. Do’s and don’ts (continued) Do use Laurier’s resources for business purposes, please! Do lock your screen/computer when unattended For laptop users, do keep your eyes on it, use chain locks when necessary Do contact the ITS Help Desk when necessary Do report incidents, abnormal things to designated people, and leave the scene untouched if don’t know what to do Do back up your documents Do think about IT security on a regular basis
  16. 16. Do’s and don’ts (continued) Do not shut down security applications on your computer, including anti-virus tool, Firewall, automated update etc Do not let unknown people touch your computer, feel free to challenge his/her ID when necessary Do not give out your password to anyone, including ITS staff Do not provide your password in an email reply Do not connect personal computing devices to the WLU wired network Do not use insecure wireless connections Do not open an email attachment unless you are certain of the veracity of its contents Do not open an unknown website or URL unless you are certain of its veracity
  17. 17. Example
  18. 18. Example
  19. 19. Example
  20. 20. Example
  21. 21. Example
  22. 22. Social Engineering Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insiders The goal of social engineering is to trick someone into providing valuable information or access to that information
  23. 23. Suggestion 1 If you cannot personally identify a caller who asks for personal information about you or anyone else, for information about your computer system, or for any other sensitive information, do not provide the information. Insist on verifying the caller’s identity by calling them back at their proper telephone number as listed in telephone directory. This procedure creates minimal inconvenience to legitimate activity when compared with the scope of potential losses.
  24. 24. Suggestion 2 Remember that passwords are sensitive. A password for your personal account should be known ONLY to you. Systems administrators or maintenance technicians who need to do something to your account will not require your password. They have their own password with system privileges that will allow them to work on your account without the need for you to reveal your password. If a system administrator or maintenance technician asks you for your password, be suspicious.
  25. 25. Suggestion 3 Systems maintenance technicians from outside vendors who come on site should be accompanied by the local site administrator. If the site administrator is not familiar to you, or if the technician comes alone, it is wise to give a call to your known site administrator to check if the technician should be there. Unfortunately, many people are reluctant to do this because it makes them look paranoid, and it is embarrassing to show that they do not trust a visitor.
  26. 26. Thanks for your time ! Any questions or suggestions? To download this slides, go to computersecurity.wlu.ca, Security Awareness Training Recommend : Tips of The Day Guidelines to Password Selection Grant Li Ex. 2797 Email: gli@wlu.ca

×