Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Building An Information Security Awareness Program
1. Building an Information Security Awareness Program
Bill Gardner
Assistant Professor
Department of Integrated Science & Technology
Digital Forensics and Information Assurance Program
Marshall University
20. How Often
Image Source: http://www.theproducersperspective.com/my_weblog/2012/11/broadways-2012-quarter-2-report.html/i_love_quarterly_reports_mug-p168055427806712929enw9p_400
21. How Often
Image Source: http://micronarratives.blogspot.com/2010/08/continual-improvement-cycle-quality.html
22. User Awareness Training Must
Be Engaging
Image Source: http://jansimson.com/2011/10/29/omg-that-class-is-so-boring/
23. User Awareness Training Must
Be Engaging
Image Source: https://www.pjrc.com/teensy/projects.html
24. User Awareness Training Must
Be Engaging
Image Source: http://www.cedia.org/in-person-training
25. User Awareness Training Must
Be Engaging
Image Source: https://www.facebook.com/efm.lk/photos/a.132867908531.105751.75172638531/10153169793713532/?type=1&theater
26. User Awareness Training Must
Be Engaging
Image Source: http://pictures.4ever.eu/tag/23829/lot-of-money?pg=2
27. The First Step of User Awareness
Training is Explaining Risk
Image Source: https://www.facebook.com/photo.php?fbid=1415938958687951&set=a.1384739928474521.1073741828.100008155802751&type=1&theater
28. Cost of A Data Breach
Image Source: https://www.facebook.com/photo.php?fbid=10152535939267845&set=a.130149082844.132252.90859152844&type=1&theater
30. Threats
• Russian Business Network
• Chinese Hackers
• Hacktivism
• Cyberwar
Image Source: http://feministmormonhousewivespodcast.org/category/threats/
31. Russian Business Network
• Commonly
abbreviated as RBN
• Multi-faceted
cybercrime
organization
• Specializes in
personal identity theft
for resale. Image Source: http://jeffreycarr.blogspot.com/2013/01/rbn-connection-to-kasperskys-red.html
32. Chinese Hackers
• Hack for nationalistic
reasons.
• Some appear to be state
sponsored or a unofficial
part of the Chinese Army.
• GhostNet
• Google Hack
• APT – Advanced
Persistent Threat
33. Hacktivism
"the nonviolent use of illegal
or legally ambiguous digital
tools in pursuit of political
ends. These tools include
web site defacements,
redirects, denial-of-service
attacks, information theft..."Image Source: http://www.anonymousartofrevolution.com/2013/08/hacktivism-self-defense-for.html
34. Cyberwar
• Cyberwarfare is used to
refer to politically motivated
hacking to conduct
sabotage and espionage.
• Is state sponsored.
• In the 2007 Russia waged
cyberwar against Estonia.
Image Source: http://www.wired.com/2011/07/make-love-not-cyber-war/
35. Most Attacks Are Targeted
• Targeted threats are a
class of malware destined
for one specific
organization or industry
• Targeted attacks may
include threats delivered
via e-mail, port attacks,
zero day exploits or
phishing messages.
36.
37.
38.
39.
40.
41.
42.
43. Who is responsible for security?
Image Source: http://www.caltrate.co.za/everybody-needs-calcium
47. Attachments
Be cautious of e-mail claiming to contain pictures in attached files, as
the files may contain viruses. Only open attachments from known
senders.
49. Social Engineering
• Not all security breaches are the result of technical
attacks.
• In computer and network security people are the
weakest link.
• As he outlines in this book “The Art of Deception”,
convicted computer hacker Kevin Mitnick
penetrated computer networks by tricking people
into giving him passwords and other confidential
information.
50. No Tech Hacking
• Dumpster Diving – Sometimes confidential document
can be found in the trash.
• Tailgating – Following someone through a locked door.
• Shoulder Surfing – Getting passwords or other
confidential information by looking over someone’s
shoulder.
• Google Hacking – Finding passwords or other
confidential information by using Google searches.
• P2P Hacking – Finding passwords or other confidential
information on peer-to-peer networks.
52. Insecure third-party software
• P2P file sharing – Some people share entire hard drive
• Instant Messaging- IM is insecure because it was not designed with
security in mind
53. Adware
Adware or advertising-supported software is any software package
which automatically plays, displays, or downloads advertisements to a
computer after the software is installed or while the application is
being used.
54.
55. Spyware
Some types of adware are also spyware and can be classified as
software that steals personal information when you enter it into
legitimate programs or websites, or logs your keystrokes to steal your
passwords or other personal information.
56. Web Attacks
• IFrame attacks
• Cross site scripting
• Doesn’t require the user to click on anything
• Simply visiting the site will cause an infection
57. Two Examples of Web Attacks
• WV State Bar website: http://www.wvbar.org/
• The WV record: http://www.wvrecord.com/