How to Secure Your Organisation Data

732 views

Published on

Published in: Education
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
732
On SlideShare
0
From Embeds
0
Number of Embeds
174
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

How to Secure Your Organisation Data

  1. 1. Mr.$OU$Phannarith$Head$of$CamCERT$Permanent$Member$of$$Cybercrime$Law$Working$Group$$National$ICT$Development$Authority$OfHice$of$The$Council$of$Ministers$Email:$phannarith[at]camcert.gov.kh$$ 1"
  2. 2. !  Basic"Understanding"of"Information"Security" !  Malware"Fundamental" !  Protect"Your"Password" !  Social"Engineering"and"Phishing"" !  Suggestion"and"Recommendation" !  Question"and"Answers". - : @ . ! 2"
  3. 3. 3"
  4. 4. ConIidentiality"–"of"the"information" Confidenality- Information"on"the"company"or"organization" should"never"be"accessible"to"users"without" permission" " Integrity"–"of"application"and"information" Accuracy"and"completeness"of"information" are"preserved" " Availability- Integrity- Availability"–"of"the"system" Information"is"accessible"by"authorized"users" when"required". - : @ . ! 4"
  5. 5. Why"Information"Security"is"important?"" Protecting"computer"system"or"its"user"from"threats"that" may"occur"" Threats"and"Damage"will"differ"depending"on"computer" system’s"characteristic"" Protecting"the"system"and"its"users"from"threat"and" minimize"damage". - : @ . ! 5"
  6. 6. Relationship$between$threat,$vulnerability$and$loss$ Threat" Loss" Vulnera bility" Attacker$+$No$Security$Patch$=$Data$Destruction$. - : @ . ! 6"
  7. 7. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$ A"Weakness"in"the" organization,"computer" system"or"network"that"can" be"exploited"by"threat". - : @ . ! 7"
  8. 8. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$ If"vulnerability"exist,"threats" can"attack"your"information" assets". - : @ . ! 8"
  9. 9. Information$ Threats$ Assets$ Something"that"can"potentially" Information"stored"in"any" cause"damage"to"information"" Countermeasure$ manner"which"recognized"as" assets" ‘valuable’"to"the"organization"" Vulnerability$is$Hixed$ Information"assets"can"be" kept"secure,"even"if"threats" exist.". - : @ . ! 9"
  10. 10. •  Do"you"use"license"operating"system"(OS)?" •  Have"you"even"been"update"your"OS?"" •  Have"you"even"been"update"your"daily"use" software?" •  Do"you"update"your"antiavirus"regularly?". - : @ . ! 10"
  11. 11. . - : @ . ! 11"
  12. 12. Physical&& The"most" difIicult" part"to" handle" Secure& Hardware& Human&& Your& && So6ware& Data& Policy&&& Standard&. - : @ . ! 12"
  13. 13. 13"
  14. 14. Malware"or"Malicious" Threats" software" Virus" Worm" Trojans". - : @ . ! 14"
  15. 15. •  Infect"object"on"the"disk"" •  Travel"autonomously"from"PC"to"PC" •  Trigger"by"individual"action"such"as"Open" email"attachment" •  Spread"automatically" •  Install"itself"into"the"PC"and"looking"other" PCs"to"infect" •  Email"worm"need"individual"action"to"spread" •  Network"worm"spread"without"the"need"for" human"interaction". - : @ . ! 15"
  16. 16. •  Install"silently"in"the"PC"by"Email" attachment,"visit"infected"website,"…etc." •  PC"work"normally"without"any"consent" from"the"users" •  They"don’t"selfareplicate,"but"relies"on" connectivity"provided"by"the"Internet" •  There"are"many"kinds"of"Trojans:" •  Backdoor"Trojans" •  Keyalogger"Trojans" •  Banking"Trojans". - : @ . ! 16"
  17. 17. Can-done-anything:-Sending-Spam,- Before" Collecng-confidenal-data,-stealing- password,-etc.-and-espcially-connect-PC- with-PC-to-create-an-infected-network- (BOTNET).-- Virus" Worm" Trojans" Now"–"Hybrid"Malware" Virus& Worm& Trojans&. - : @ . ! 17"
  18. 18. 18"
  19. 19. •  How"often"do"you"change"your"password?" •  Do"you"use"your"name,"telephone,"date"of"birth," as"your"password?" •  Do"you"use"the"same"password"for"every" services?" •  Do"you"share"your"password"with"anybody?". - : @ . ! 19"
  20. 20. Easily"Guessed"Password" •  No"Password"is"set" •  Password"same"as"the"account"name" Dictionary"Attack" •  Prepared"words"that"the"user"is"likely"to"use"as" passwords"in"a"dictionary"Iile"and"attempt"to"Iind" matching"password" Brute"Force"Attack" •  This"is"simple"method"to"try"all"possible"combinations"as" passwords" •  It"take"huge"amount"of"time,"although,"theoretically,"it" can"break"any"password"without"fail". - : @ . ! 20"
  21. 21. Which"password"below"is"your"password?" Top$25$Popular$Password$in$2011$ 1."password" "2."123456 "3."12345678 "4."qwerty" 5."abc123 "6."monkey "7."1234567 "8."letmein" 9."trustno1 "10."dragon "11."baseball "12."111111" 13."Iloveyou "14."master "15."sunshine "16."ashley" 17."bailey "18."passw0rd"19."shadow "20."123123" 21."654321 "22."superman"23."qazwsx "24."michael" 25."football". - : @ . ! 21"
  22. 22. How"to"secure"your"password". - : @ . ! 22"
  23. 23. 23"
  24. 24. . - : @ . ! 24"
  25. 25. . - : @ . ! 25"
  26. 26. . - : @ . ! 26"
  27. 27. . - : @ . ! 27"
  28. 28. 28"
  29. 29. User"antiavirus"and"update"it"regularly"" Install"a"Personal"Firewall" Install"latest"security"update" Don’t"open"an"email"you"do"not"trust" Keep"learning!". - : @ . ! 29"
  30. 30. You"organization"data"security"is"depending"on" the"weakness"link" Don’t"make"yourself"as"the"weakness"link". - : @ . ! 30"
  31. 31. Mr.$OU$Phannarith$Head$of$CamCERT$Permanent$Member$of$$Cybercrime$Law$Working$Group$$National$ICT$Development$Authority$OfHice$of$The$Council$of$Ministers$Email:$phannarith[at]camcert.gov.kh$$ 31"

×