2. Overview
What is Information and Computer Security?
“Top 10 List” of Good Computer Security Practices
What is Information and
Computer Security?
3. … the protection of computing systems and the data that they
store or access.
Desktop computers Confidential data
Laptop computers Restricted data
Servers Personal information
Smartphones Archives
Pen drives Databases
4. Isn’t this just an IT Problem?
Why do I need to learn about
computer security?
Everyone who uses a computer needs to
understand how to keep his or her computer and
data secure.
5. • 10% of security safeguards are technical
• 90% of security safeguards rely on us – the
user - to adhere to good computing practices
Good security practices follow the
“90/10” rule
6. • Embarrassment to yourself and/or the Institution
• Having to recreate lost data
• Identity theft
• Data corruption or destruction
• Loss of patient, employee, and public trust
• Costly reporting requirements and penalties
• Disciplinary action (up to expulsion or termination)
• Unavailability of vital data
What are the consequences of
security violations?
9. 1. Don’t keep restricted data
on portable devices.
2. Back-up your data.
• Make backups a regular task, ideally at least
once a day.
• Backup data to removable media such as
portable hard drives, CDs, DVDs, or a USB
memory stick.
• Store backup media safely and separately
from the equipment. Remember, your data
is valuable… don’t keep your backups in the
same physical location as your computer!
10. Data Backups (… continued)
• How effective would you be if your email, word processing
documents, excel spreadsheets and contact database were
wiped out?
• How many hours would it take to rebuild that information
from scratch?
11. 3. Use cryptic passwords that can’t be easily
guessed and protect your passwords - don’t
write them down and don’t share them!
12. 4. Make sure your computer has anti-virus, anti-
spyware and firewall protection as well as all
necessary security patches.
5. Don’t install unknown or unsolicited programs on
your computer.
“I’ll just keep finding new ways to break in!”
13. 6. Practice safe e-mailing ~
• Don’t open, forward, or reply to suspicious e-mails
• Don’t open e-mail attachments or click on website addresses
• Delete spam
• Encrypt confidential emails using various methods
14. 7. Practice safe Internet use ~
• Accessing any site on the internet could be tracked
back to your name and location.
• Accessing sites with questionable content often
results in spam or release of viruses.
• And it bears repeating…
Don’t download unknown
or unsolicited programs!
15. 8. & 9. Physically secure your area and data when unattended ~
• Secure your files and portable equipment - including memory
sticks.
• Secure laptop computers with a lockdown cable.
• Never share your ID badge, access codes, cards, or key devices
(e.g. Axiom card)
16. 10. Lock your screen
• For a PC ~
<ctrl> <alt> <delete> <enter> OR
<> <L>
• For a Mac ~
Configure screensaver with your
password Create a shortcut to activate
screensaver
• Use a password to start up or wake-up your
computer.
17. Which workstation security
safeguards are YOU responsible
for following and/or protecting?
a) User ID
b) Password
c) Log-off programs
d) Lock up office or work area (doors, windows)
e) All of the above
18. Which workstation security
safeguards are YOU responsible
for following and/or protecting?
a) User ID
b) Password
c) Log-off programs
d) Lock up office or work area (doors, windows)
e) All of the above
19. The mouse on your computer screen starts to move
around on its own and click on things on your desktop.
What do you do?
a) Show a faculty member or other students
b) Unplug network cable
c) Unplug your mouse
d) Report the incident to the SOC or System administrator
e) Turn your computer off
f) Run anti-virus software
g) All of the above
20. The mouse on your computer screen starts to move
around on its own and click on things on your desktop.
What do you do?
This is a security incident!
Immediately report the problem to whomever supports your computer, and
to CSIRT if the incident occurs while you are on duty and working on Public
institution
Since it is possible that someone is controlling the computer remotely, it is
best if you can unplug the network cable until you can get help.
21. What can an attacker do to your
computer?
a) Hide programs that launch attacks
b) Generate large volumes of unwanted traffic, slowing down the entire system
c) Distribute illegal software from your computer
d) Access restricted information (e.g. identity theft)
e) Record all of your keystrokes and get your passwords
A compromised computer can be used for all kinds of surprising things.
22. Other Good practices
Managing Restricted Data
• Know where data is stored.
• Destroy restricted data which
is no longer needed ~
Protect restricted data that you keep ~
back-up your data regularly
Restricted data includes:
• People personal information
• Health or medical information
• Social security numbers
• Date of birth
• Financial information (credit card
number, bank account number)
• Proprietary data and copyrighted
information
• Student records
• Information subject to a non-disclosure
agreement
23. Reporting Security Incidents
Immediately report anything unusual, suspected security incidents, or
breaches to whomever supports your computer, or CSIRT if it involves
a government institution.
CSIRT Customer Support:
Dial 4045
Loss or theft of any computing device with sensitive information MUST be reported immediately to
the Natioanl Police.
24. Thank you & God Bless You
Presented by Erick N GASANA
EC-council ECSA, CEH, CHFI certified