How to Secure Your Organisation Data

1. Mr.$OU$Phannarith$ Head$of$CamCERT$ Permanent$Member$of$$Cybercrime$ Law$Working$Group$$ National$ICT$Development$Authority$ OfHice$of$The$Council$of$Ministers$ Email:$phannarith[at]camcert.gov.kh$ $ 1"

2. !  Basic"Understanding"of"Information"Security" !  Malware"Fundamental" !  Protect"Your"Password" !  Social"Engineering"and"Phishing"" !  Suggestion"and"Recommendation" !  Question"and"Answers" . - : @ . ! 2"

4. ConIidentiality"–"of"the"information" Conﬁden'ality- Information"on"the"company"or"organization" should"never"be"accessible"to"users"without" permission" " Integrity"–"of"application"and"information" Accuracy"and"completeness"of"information" are"preserved" " Availability- Integrity- Availability"–"of"the"system" Information"is"accessible"by"authorized"users" when"required" . - : @ . ! 4"

5. Why"Information"Security"is"important?"" Protecting"computer"system"or"its"user"from"threats"that" may"occur"" Threats"and"Damage"will"differ"depending"on"computer" system’s"characteristic"" Protecting"the"system"and"its"users"from"threat"and" minimize"damage" . - : @ . ! 5"

6. Relationship$between$threat,$vulnerability$and$loss$ Threat" Loss" Vulnera bility" Attacker$+$No$Security$Patch$=$Data$Destruction$ . - : @ . ! 6"

7. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$ A"Weakness"in"the" organization,"computer" system"or"network"that"can" be"exploited"by"threat" . - : @ . ! 7"

8. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$ If"vulnerability"exist,"threats" can"attack"your"information" assets" . - : @ . ! 8"

9. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$is$Hixed$ Information"assets"can"be" kept"secure,"even"if"threats" exist." . - : @ . ! 9"

10. •  Do"you"use"license"operating"system"(OS)?" •  Have"you"even"been"update"your"OS?"" •  Have"you"even"been"update"your"daily"use" software?" •  Do"you"update"your"antiavirus"regularly?" . - : @ . ! 10"

11. . - : @ . ! 11"

12. Physical&& The"most" difIicult" part"to" handle" Secure& Hardware& Human&& Your& && So6ware& Data& Policy&&& Standard& . - : @ . ! 12"

13. 13"

14. Malware"or"Malicious" Threats" software" Virus" Worm" Trojans" . - : @ . ! 14"

15. •  Infect"object"on"the"disk"" •  Travel"autonomously"from"PC"to"PC" •  Trigger"by"individual"action"such"as"Open" email"attachment" •  Spread"automatically" •  Install"itself"into"the"PC"and"looking"other" PCs"to"infect" •  Email"worm"need"individual"action"to"spread" •  Network"worm"spread"without"the"need"for" human"interaction" . - : @ . ! 15"

16. •  Install"silently"in"the"PC"by"Email" attachment,"visit"infected"website,"…etc." •  PC"work"normally"without"any"consent" from"the"users" •  They"don’t"selfareplicate,"but"relies"on" connectivity"provided"by"the"Internet" •  There"are"many"kinds"of"Trojans:" •  Backdoor"Trojans" •  Keyalogger"Trojans" •  Banking"Trojans" . - : @ . ! 16"

17. Can-done-anything:-Sending-Spam,- Before" Collec'ng-conﬁden'al-data,-stealing- password,-etc.-and-espcially-connect-PC- with-PC-to-create-an-infected-network- (BOTNET).-- Virus" Worm" Trojans" Now"–"Hybrid"Malware" Virus& Worm& Trojans& . - : @ . ! 17"

18. 18"

19. •  How"often"do"you"change"your"password?" •  Do"you"use"your"name,"telephone,"date"of"birth," as"your"password?" •  Do"you"use"the"same"password"for"every" services?" •  Do"you"share"your"password"with"anybody?" . - : @ . ! 19"

20. Easily"Guessed"Password" •  No"Password"is"set" •  Password"same"as"the"account"name" Dictionary"Attack" •  Prepared"words"that"the"user"is"likely"to"use"as" passwords"in"a"dictionary"Iile"and"attempt"to"Iind" matching"password" Brute"Force"Attack" •  This"is"simple"method"to"try"all"possible"combinations"as" passwords" •  It"take"huge"amount"of"time,"although,"theoretically,"it" can"break"any"password"without"fail" . - : @ . ! 20"

21. Which"password"below"is"your"password?" Top$25$Popular$Password$in$2011$ 1."password" "2."123456 "3."12345678 "4."qwerty" 5."abc123 "6."monkey "7."1234567 "8."letmein" 9."trustno1 "10."dragon "11."baseball "12."111111" 13."Iloveyou "14."master "15."sunshine "16."ashley" 17."bailey "18."passw0rd"19."shadow "20."123123" 21."654321 "22."superman"23."qazwsx "24."michael" 25."football" . - : @ . ! 21"

22. How"to"secure"your"password" . - : @ . ! 22"

23. 23"

24. . - : @ . ! 24"

25. . - : @ . ! 25"

26. . - : @ . ! 26"

27. . - : @ . ! 27"

28. 28"

29. User"antiavirus"and"update"it"regularly"" Install"a"Personal"Firewall" Install"latest"security"update" Don’t"open"an"email"you"do"not"trust" Keep"learning!" . - : @ . ! 29"

30. You"organization"data"security"is"depending"on" the"weakness"link" Don’t"make"yourself"as"the"weakness"link" . - : @ . ! 30"

31. Mr.$OU$Phannarith$ Head$of$CamCERT$ Permanent$Member$of$$Cybercrime$ Law$Working$Group$$ National$ICT$Development$Authority$ OfHice$of$The$Council$of$Ministers$ Email:$phannarith[at]camcert.gov.kh$ $ 31"

How to Secure Your Organisation Data

How to Secure Your Organisation Data

Recommended

More Related Content

Viewers also liked

Viewers also liked(10)

Similar to How to Secure Your Organisation Data

Similar to How to Secure Your Organisation Data(20)

More from Phannarith Ou, G-CISO

More from Phannarith Ou, G-CISO(20)

Recently uploaded

Recently uploaded(20)

How to Secure Your Organisation Data