SlideShare a Scribd company logo

User security awareness

K. A. M Lutfullah
K. A. M Lutfullah

User Awareness and Practices

Technology
1 of 38
User Awareness and Practices K. A. M Lutfullah
Process People Technology Systems must be built to technically adhere to policy People must understand their responsibilities regarding policy Policies should be communicated, maintained and enforced Processes must developed to show how policies will be followed
Security awareness is nothing but a knowledge of potential threats. Its an advantage of knowing what types of threats / security issues and # of incidents, our organization may face in day-to-day operation. It’s not possible ensure 100% security through technology, unless provide adequate information security awareness. Personal responsibility are the key of success of any information security program.
 Internet allows an attacker to attack from anywhere in the planet.  Risks caused by weak security practice and knowledge:  Identity Theft  Monetary Theft  Legal Ramifications (for people and organization)  Could result termination if company policies are not followed  According to www.SANS.org , the top vulnerabilities for cyber criminal medias are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
Security: We must protect our computers as well as data in the same way that we secure the doors of our home. Safety: We must improve our habit and the way of behavior, that protect us against risks and threats that comes through technology.
“In absence of work delegation, people share their password with others which they forgot to change after the crisis” “It’s a frightening fact, but nine out of ten end- users would unwillingly open or execute a dangerous virus-carrying email attachment” “Nine out of ten end-users revealed their password on request in exchange for a free pen” These things don’t happen as a result of malicious intent, but rather a lack of awareness of security risks.
1. Passwords on Post-it Notes 2. Leaving computer open, unprotected & unattended 3. Opening e-mail attachments from strangers 4. Weak password etiquette 5. In case of lost / theft of laptop 6. Blabber mouths 7. Plug and play device installation without protection 8. Not reporting of security violations 9. Always behind the times (the patch procrastinator) 10. Unaware of internal threats
Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Spammer: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks… Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000
 Virus  Worm  Trojan Horse / Logic Bomb  Social Engineering  Rootkits  Botnets / Zombies
 A virus attaches itself to a program, file, or disk  When the program is executed, the virus activates and replicates itself  The virus may be benign or malignant but executes its payload at some point (often upon contact)  Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code Program B infects
 Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
 Logic Bomb: Malware logic executes upon certain conditions. Program is often used for legitimate reasons.  Software which malfunctions if maintenance fee is not paid  Employee triggers a database erase when he is fired.  Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system.  Download a game: Might be fun but has hidden part that emails your password file without you knowing.
 Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
 Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords.
 The link provided in the e-mail leads to a fake webpage which collects important information and submits it to the owner.  The fake web page looks like the real thing  Extracts account information
 A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies
 An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.
 Upon penetrating a computer, a hacker installs a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)  Keystroke logger  Eliminates evidence of break-in  Modifies the operating system
Pattern Calculation Result Time to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
 Restricted data includes:  Social Security Number  Driver’s license # or state ID #  Financial account number (credit/debit) and access code/password  DNA profile (Statute 939.74)  Biometric data  In US, HIPAA protects:  Health status, treatment, or payment
 Symptoms:  Antivirus software detects a problem  Pop-ups suddenly appear (may sell security software)  Disk space disappears  Files or transactions appear that should not be there  System slows down to a crawl  Unusual messages, sounds, or displays on your monitor  Stolen laptop (1 in 10 stolen in laptop lifetime)  Your mouse moves by itself  Your computer shuts down and powers off by itself  Often not recognized
 Spyware symptoms:  Change to your browser homepage/start page  Ending up on a strange site when conducting a search  System-based firewall is turned off automatically  Lots of network activity while not particularly active  Excessive pop-up windows  New icons, programs, favorites which you did not add  Frequent firewall alerts about unknown programs trying to access the Internet  Bad/slow system performance
Defense in depth uses multiple layers of defense to address technical, personnel and operational issues.
 Anti-virus software detects malware and can destroy it before any damage is done  Install and maintain anti-virus and anti- spyware software  Be sure to keep anti-virus software updated  Many free and pay options exist
 A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer.  Filters packets that enter or leave your computer
 Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator
Merry Christmas Bad Password Good Password Merry Xmas mErcHr2yOu MerryChrisToYou MerChr2You MerryJul MaryJul Mary*Jul ,stuzc,sd Jq46Sjqw (Keypad shift Right …. Up) (Abbreviate) (Lengthen) (convert vowels to numeric) M5rryXm1s MXemrays (Intertwine Letters) Glad*Jes*Birth (Synonym)
Combine 2 unrelated words Mail + phone = m@!lf0n3 Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u
 Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin  A good password is:  private: it is used and known by one person only  secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal  easily remembered: so there is no need to write it down  at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation  not guessable by any program in a reasonable time, for instance less than one week.  changed regularly: a good change policy is every 3 months  Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
 Do not open email attachments unless you are expecting the email with the attachment and you trust the sender.  Do not click on links in emails unless you are absolutely sure of their validity.  Only visit and/or download software from web pages you trust.
 Be sure to have a good firewall or pop-up blocker installed  Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.  Never click “yes,” “accept” or even “cancel”  Infected USB drives are often left unattended by hackers in public places.
 Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security
 No security measure is 100%  What information is important to you?  Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?
 These are best practices involving Information Security.  Most of these practices are the Standards.  Use these practices at home and at work to keep safe and secure.  Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.
User security awareness

Recommended

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 

Recommended

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Securityawareness
SecurityawarenessSecurityawareness
SecurityawarenessJayfErika
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Business Data Security: Know the Facts
Business Data Security: Know the FactsBusiness Data Security: Know the Facts
Business Data Security: Know the FactsADP, LLC
 

More Related Content

What's hot

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Securityawareness
SecurityawarenessSecurityawareness
SecurityawarenessJayfErika
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018jubke
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Carol Montgomery Adams
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 

What's hot (20)

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4Security Awareness Training from KnowBe4
Security Awareness Training from KnowBe4
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 

Viewers also liked

End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Business Data Security: Know the Facts
Business Data Security: Know the FactsBusiness Data Security: Know the Facts
Business Data Security: Know the FactsADP, LLC
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security fieldAhmed Musaad
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013salleh1n
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityGareth Davies
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Viewers also liked (16)

End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Business Data Security: Know the Facts
Business Data Security: Know the FactsBusiness Data Security: Know the Facts
Business Data Security: Know the Facts
 
Introduction to information security field
Introduction to information security fieldIntroduction to information security field
Introduction to information security field
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
 
Security Basics - Internet Safety
Security Basics - Internet SafetySecurity Basics - Internet Safety
Security Basics - Internet Safety
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to User security awareness

UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptDiveshK4
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information SecurityWorldTrade3
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptxFaith Shimba
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxssuser04fcec
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101Mache Aggie
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPScougarcps
 
Ethical hacking.docx
Ethical hacking.docxEthical hacking.docx
Ethical hacking.docxHabeebUllah10
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital SecurityRichard Homa
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.pptAsif Raza
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 

Similar to User security awareness (20)

UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.ppt
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information Security
 
IT security awareness
IT security awarenessIT security awareness
IT security awareness
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
IT Security Seminar Cougar CPS
IT Security Seminar Cougar CPSIT Security Seminar Cougar CPS
IT Security Seminar Cougar CPS
 
Ethical hacking.docx
Ethical hacking.docxEthical hacking.docx
Ethical hacking.docx
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital Security
 
Computer security
Computer securityComputer security
Computer security
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 

More from K. A. M Lutfullah

Scammers are Exploiting Coronavirus Fears to Phish Users
Scammers are Exploiting Coronavirus Fears to Phish UsersScammers are Exploiting Coronavirus Fears to Phish Users
Scammers are Exploiting Coronavirus Fears to Phish UsersK. A. M Lutfullah
 
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...K. A. M Lutfullah
 
Slingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersSlingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersK. A. M Lutfullah
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security riskK. A. M Lutfullah
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkK. A. M Lutfullah
 
Introduction to computer history
Introduction to computer historyIntroduction to computer history
Introduction to computer historyK. A. M Lutfullah
 
Introduction to computer hardware
Introduction to computer hardwareIntroduction to computer hardware
Introduction to computer hardwareK. A. M Lutfullah
 

More from K. A. M Lutfullah (8)

Scammers are Exploiting Coronavirus Fears to Phish Users
Scammers are Exploiting Coronavirus Fears to Phish UsersScammers are Exploiting Coronavirus Fears to Phish Users
Scammers are Exploiting Coronavirus Fears to Phish Users
 
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...
 
Slingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routersSlingshot APT - Critical Vulnerability through routers
Slingshot APT - Critical Vulnerability through routers
 
Five habits that might be a cyber security risk
Five habits that might be a cyber security riskFive habits that might be a cyber security risk
Five habits that might be a cyber security risk
 
Job characteristics model
Job characteristics modelJob characteristics model
Job characteristics model
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 
Introduction to computer history
Introduction to computer historyIntroduction to computer history
Introduction to computer history
 
Introduction to computer hardware
Introduction to computer hardwareIntroduction to computer hardware
Introduction to computer hardware
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

User security awareness

  • 1. User Awareness and Practices K. A. M Lutfullah
  • 2. Process People Technology Systems must be built to technically adhere to policy People must understand their responsibilities regarding policy Policies should be communicated, maintained and enforced Processes must developed to show how policies will be followed
  • 3. Security awareness is nothing but a knowledge of potential threats. Its an advantage of knowing what types of threats / security issues and # of incidents, our organization may face in day-to-day operation. It’s not possible ensure 100% security through technology, unless provide adequate information security awareness. Personal responsibility are the key of success of any information security program.
  • 4.
  • 5.  Internet allows an attacker to attack from anywhere in the planet.  Risks caused by weak security practice and knowledge:  Identity Theft  Monetary Theft  Legal Ramifications (for people and organization)  Could result termination if company policies are not followed  According to www.SANS.org , the top vulnerabilities for cyber criminal medias are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
  • 6. Security: We must protect our computers as well as data in the same way that we secure the doors of our home. Safety: We must improve our habit and the way of behavior, that protect us against risks and threats that comes through technology.
  • 7. “In absence of work delegation, people share their password with others which they forgot to change after the crisis” “It’s a frightening fact, but nine out of ten end- users would unwillingly open or execute a dangerous virus-carrying email attachment” “Nine out of ten end-users revealed their password on request in exchange for a free pen” These things don’t happen as a result of malicious intent, but rather a lack of awareness of security risks.
  • 8. 1. Passwords on Post-it Notes 2. Leaving computer open, unprotected & unattended 3. Opening e-mail attachments from strangers 4. Weak password etiquette 5. In case of lost / theft of laptop 6. Blabber mouths 7. Plug and play device installation without protection 8. Not reporting of security violations 9. Always behind the times (the patch procrastinator) 10. Unaware of internal threats
  • 9.
  • 10. Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Spammer: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks… Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000
  • 11.  Virus  Worm  Trojan Horse / Logic Bomb  Social Engineering  Rootkits  Botnets / Zombies
  • 12.  A virus attaches itself to a program, file, or disk  When the program is executed, the virus activates and replicates itself  The virus may be benign or malignant but executes its payload at some point (often upon contact)  Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code Program B infects
  • 13.  Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
  • 14.  Logic Bomb: Malware logic executes upon certain conditions. Program is often used for legitimate reasons.  Software which malfunctions if maintenance fee is not paid  Employee triggers a database erase when he is fired.  Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system.  Download a game: Might be fun but has hidden part that emails your password file without you knowing.
  • 15.  Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
  • 16.  Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords.
  • 17.  The link provided in the e-mail leads to a fake webpage which collects important information and submits it to the owner.  The fake web page looks like the real thing  Extracts account information
  • 18.  A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies
  • 19.  An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.
  • 20.  Upon penetrating a computer, a hacker installs a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)  Keystroke logger  Eliminates evidence of break-in  Modifies the operating system
  • 21. Pattern Calculation Result Time to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
  • 22.  Restricted data includes:  Social Security Number  Driver’s license # or state ID #  Financial account number (credit/debit) and access code/password  DNA profile (Statute 939.74)  Biometric data  In US, HIPAA protects:  Health status, treatment, or payment
  • 23.  Symptoms:  Antivirus software detects a problem  Pop-ups suddenly appear (may sell security software)  Disk space disappears  Files or transactions appear that should not be there  System slows down to a crawl  Unusual messages, sounds, or displays on your monitor  Stolen laptop (1 in 10 stolen in laptop lifetime)  Your mouse moves by itself  Your computer shuts down and powers off by itself  Often not recognized
  • 24.  Spyware symptoms:  Change to your browser homepage/start page  Ending up on a strange site when conducting a search  System-based firewall is turned off automatically  Lots of network activity while not particularly active  Excessive pop-up windows  New icons, programs, favorites which you did not add  Frequent firewall alerts about unknown programs trying to access the Internet  Bad/slow system performance
  • 25.
  • 26. Defense in depth uses multiple layers of defense to address technical, personnel and operational issues.
  • 27.  Anti-virus software detects malware and can destroy it before any damage is done  Install and maintain anti-virus and anti- spyware software  Be sure to keep anti-virus software updated  Many free and pay options exist
  • 28.  A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer.  Filters packets that enter or leave your computer
  • 29.  Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator
  • 30. Merry Christmas Bad Password Good Password Merry Xmas mErcHr2yOu MerryChrisToYou MerChr2You MerryJul MaryJul Mary*Jul ,stuzc,sd Jq46Sjqw (Keypad shift Right …. Up) (Abbreviate) (Lengthen) (convert vowels to numeric) M5rryXm1s MXemrays (Intertwine Letters) Glad*Jes*Birth (Synonym)
  • 31. Combine 2 unrelated words Mail + phone = m@!lf0n3 Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u
  • 32.  Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin  A good password is:  private: it is used and known by one person only  secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal  easily remembered: so there is no need to write it down  at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation  not guessable by any program in a reasonable time, for instance less than one week.  changed regularly: a good change policy is every 3 months  Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
  • 33.  Do not open email attachments unless you are expecting the email with the attachment and you trust the sender.  Do not click on links in emails unless you are absolutely sure of their validity.  Only visit and/or download software from web pages you trust.
  • 34.  Be sure to have a good firewall or pop-up blocker installed  Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.  Never click “yes,” “accept” or even “cancel”  Infected USB drives are often left unattended by hackers in public places.
  • 35.  Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security
  • 36.  No security measure is 100%  What information is important to you?  Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?
  • 37.  These are best practices involving Information Security.  Most of these practices are the Standards.  Use these practices at home and at work to keep safe and secure.  Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.