This document provides an overview of cyber security topics and best practices. It discusses basics of information security, standards like ISO 27001, and how to harden operating systems. It covers password security, securing USB devices, email security, ransomware prevention, safe browsing, social media security, and mobile device security. Key advice includes using strong and unique passwords, encrypting USB drives, backing up data, updating software, and avoiding public Wi-Fi. The document also discusses cyber threats, types of hackers, and security incidents from the past as examples.
This document provides training on cybersecurity best practices for Borough of West Chester personnel. It defines cybersecurity as protecting information and systems from unauthorized access, use, disclosure, disruption or destruction. It outlines common cyber threats like viruses, worms, ransomware, and social engineering. It emphasizes using strong passwords, antivirus software, firewalls, and regular software updates. It also recommends avoiding malicious emails and websites, and backing up important data.
End users face common cybersecurity threats such as phishing attacks, ransomware, password reuse, using unpatched devices, lack of remote security, data leakage via social media, and disabling security controls. Key security measures for end users include setting administrator privileges, downloading and installing security updates, installing antivirus software, activating firewalls, using multi-factor authentication, and creating regular backups. Security awareness is important for end users to avoid risks to company assets from security lapses.
Malicious threats like malware, phishing, and social engineering pose ongoing risks to organizations. To help prevent data breaches and cyberattacks, it is important to take preventive measures such as using antivirus software on all devices, implementing strong password policies and two-factor authentication, filtering web content and email attachments, and keeping devices updated. Employee education is also key to avoiding human errors like falling for phishing scams or inadvertently disclosing sensitive information.
This document provides an overview of network security concepts. It discusses the importance of protecting information assets as the most valuable company assets. It then covers key network security topics like the CIA triad of confidentiality, integrity and availability. It defines threats at both the network and application levels, and discusses how to overcome threats through policies, user awareness training, and security technologies like firewalls, IDS/IPS, antivirus software, VPNs, spam filters and web content filtering. The document aims to educate about network threats and appropriate security controls and protections.
This document provides an overview and objectives for an information security awareness training. It covers topics like electronic communication, email viruses, phishing, internet usage, social networking, password management, and physical security. The training aims to help users understand cybersecurity threats, how to safely use technology, and their role in protecting company information assets. It emphasizes the importance of having strong, unique passwords and avoiding opening attachments or clicking links from unknown sources.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
This document provides training on cybersecurity best practices for Borough of West Chester personnel. It defines cybersecurity as protecting information and systems from unauthorized access, use, disclosure, disruption or destruction. It outlines common cyber threats like viruses, worms, ransomware, and social engineering. It emphasizes using strong passwords, antivirus software, firewalls, and regular software updates. It also recommends avoiding malicious emails and websites, and backing up important data.
End users face common cybersecurity threats such as phishing attacks, ransomware, password reuse, using unpatched devices, lack of remote security, data leakage via social media, and disabling security controls. Key security measures for end users include setting administrator privileges, downloading and installing security updates, installing antivirus software, activating firewalls, using multi-factor authentication, and creating regular backups. Security awareness is important for end users to avoid risks to company assets from security lapses.
Malicious threats like malware, phishing, and social engineering pose ongoing risks to organizations. To help prevent data breaches and cyberattacks, it is important to take preventive measures such as using antivirus software on all devices, implementing strong password policies and two-factor authentication, filtering web content and email attachments, and keeping devices updated. Employee education is also key to avoiding human errors like falling for phishing scams or inadvertently disclosing sensitive information.
This document provides an overview of network security concepts. It discusses the importance of protecting information assets as the most valuable company assets. It then covers key network security topics like the CIA triad of confidentiality, integrity and availability. It defines threats at both the network and application levels, and discusses how to overcome threats through policies, user awareness training, and security technologies like firewalls, IDS/IPS, antivirus software, VPNs, spam filters and web content filtering. The document aims to educate about network threats and appropriate security controls and protections.
This document provides an overview and objectives for an information security awareness training. It covers topics like electronic communication, email viruses, phishing, internet usage, social networking, password management, and physical security. The training aims to help users understand cybersecurity threats, how to safely use technology, and their role in protecting company information assets. It emphasizes the importance of having strong, unique passwords and avoiding opening attachments or clicking links from unknown sources.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
1) Employee training and awareness is a critical element for cybersecurity resilience. Successful programs focus on changing employee behavior and aligning security practices both inside and outside of work.
2) Traditional awareness programs often fail because they are not engaging for employees and do not lead to real behavior change. Effective programs treat security messaging like marketing and use multiple channels, contexts, and reminders to reinforce the message.
3) Measuring outcomes is important for security awareness programs. Objectives should be clearly defined and focused on discrete, measurable goals rather than vague concepts like "increasing awareness."
This document provides an overview of security awareness training. It discusses the importance of security awareness and outlines best practices for using strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. Specific tips are provided in each area, such as using unique, complex passwords and changing them periodically; verifying website security before logging in; being wary of suspicious emails and not using personal email for work. The importance of physical access control, locking screens, and securing documents is also covered.
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. Case studies of real-world cyber attacks show how hackers have stolen millions from banks by exploiting human and technical vulnerabilities. The training emphasizes that security is everyone's responsibility and all employees must follow security protocols to protect MCB networks and data.
This document provides a 12-point summary of tips for protecting educational records and maintaining cyber security compliance at Wilmington University. The tips include locking computers when stepped away from, destroying sensitive documents, using strong and unique passwords, not storing confidential documents in public clouds, and being wary of phishing attempts. Completing a quiz is required to receive credit for reviewing the cyber security training.
Information Security Awareness TrainingRandy Bowman
This document provides an information security awareness training for employees of the Department of Postsecondary Education (DPE). It discusses the goals of ensuring authorized access to information and compliance with security policies. It describes potential security threats like malware, password attacks, and social engineering. It provides tips for protecting data at work through strong passwords, securing devices and data, safe email and internet use, and proper disposal of media. Mobile device and wireless security is covered. New DPE security policies are introduced and the IT director contact information is provided for questions.
The document provides an overview of information security awareness training for employees at XYZ Medical Center. It discusses the importance of protecting electronic protected health information and complying with regulations like HIPAA. Employees are responsible for securely using passwords, email, the internet, and other systems to avoid security breaches. Examples of proper and improper behaviors are also outlined.
The document provides an overview of an employee information security awareness training. It summarizes key topics covered in the training including identifying security risks, developing good security practices, protecting classified and sensitive company information, securing workstations and mobile devices, safe email practices, and guarding against social engineering. It emphasizes the importance of protecting company information and passwords at all times.
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
This document outlines various security training areas including general security awareness, virus protection, accessing systems, password management, and wireless use. It discusses protecting systems from unauthorized access and infection by using trusted sites, keeping antivirus software updated, not sharing login information, using strong passwords, and reporting any suspicious activity. The goal of security is to protect privacy and information on systems.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
This document provides an overview of information technology security awareness training at Northern Virginia Community College. It aims to assist faculty and staff in safely using computing systems and data by understanding security threats and taking reasonable steps to prevent them. Everyone who uses a computer is responsible for security. New employees must complete training within 30 days, and refresher training is required annually. Users have personal responsibilities around reporting violations, securing devices and data, and safe email practices. Security violations can result in consequences like data loss, costs, and disciplinary action. Training must be documented and various delivery methods are outlined.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
This document provides an overview of social engineering attacks. It defines social engineering as manipulating people into giving up confidential information through deception and manipulation. Various social engineering principles are described, including authority, social proof, urgency, and scarcity, which attackers use to carry out successful attacks. Different types of social engineering attacks are also outlined, such as phishing, spear phishing, baiting, DNS spoofing, honey traps, tailgating, shoulder surfing, and impersonation attacks.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cybersecurity involves policies, tools, concepts, and methods to manage risks and protect information stored electronically. It aims to ensure the integrity, confidentiality, and availability of digital information. In the European Union, the objective is to create an open, protected, and secure cyberspace that promotes freedom, democracy, and economic growth. This involves increasing cyber resilience, reducing network failures, developing policies and resources, and establishing international standards. In Spain, cybersecurity aims to guarantee security collaboration between public and private organizations and is a national priority focused on security in cyberspace through defined lines of action, objectives, and principles.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
1. Cyberbullying and online threats are common, with 2 in 5 kids being bullied online and 9 in 10 having their feelings hurt online. The consequences of online threats can sometimes be tragic.
2. Parents should monitor who their children are interacting with online and what types of content they are accessing and discussing to prevent risks.
3. Cyber ethics aim to establish moral principles for appropriate computer and internet use, covering issues like privacy, access rights, and avoiding harmful actions. Following cyber ethics can help people use the internet responsibly.
Web security involves protecting information transmitted over the internet from attacks by preventing, detecting, and responding to threats. The document defines various cybersecurity terms like hackers, viruses, worms, and Trojan horses. It also discusses risks like phishing scams, denial of service attacks, botnets, and ransomware. The key is for internet users to practice basic security measures like using antivirus software and avoiding suspicious links and attachments.
1) Employee training and awareness is a critical element for cybersecurity resilience. Successful programs focus on changing employee behavior and aligning security practices both inside and outside of work.
2) Traditional awareness programs often fail because they are not engaging for employees and do not lead to real behavior change. Effective programs treat security messaging like marketing and use multiple channels, contexts, and reminders to reinforce the message.
3) Measuring outcomes is important for security awareness programs. Objectives should be clearly defined and focused on discrete, measurable goals rather than vague concepts like "increasing awareness."
This document provides an overview of security awareness training. It discusses the importance of security awareness and outlines best practices for using strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. Specific tips are provided in each area, such as using unique, complex passwords and changing them periodically; verifying website security before logging in; being wary of suspicious emails and not using personal email for work. The importance of physical access control, locking screens, and securing documents is also covered.
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cyber Security Awareness training outlines key topics to help employees secure MCB information systems and data from cyber attacks. The training covers password security, email security, safe web browsing, social engineering, and MCB security policies. Case studies of real-world cyber attacks show how hackers have stolen millions from banks by exploiting human and technical vulnerabilities. The training emphasizes that security is everyone's responsibility and all employees must follow security protocols to protect MCB networks and data.
This document provides a 12-point summary of tips for protecting educational records and maintaining cyber security compliance at Wilmington University. The tips include locking computers when stepped away from, destroying sensitive documents, using strong and unique passwords, not storing confidential documents in public clouds, and being wary of phishing attempts. Completing a quiz is required to receive credit for reviewing the cyber security training.
Information Security Awareness TrainingRandy Bowman
This document provides an information security awareness training for employees of the Department of Postsecondary Education (DPE). It discusses the goals of ensuring authorized access to information and compliance with security policies. It describes potential security threats like malware, password attacks, and social engineering. It provides tips for protecting data at work through strong passwords, securing devices and data, safe email and internet use, and proper disposal of media. Mobile device and wireless security is covered. New DPE security policies are introduced and the IT director contact information is provided for questions.
The document provides an overview of information security awareness training for employees at XYZ Medical Center. It discusses the importance of protecting electronic protected health information and complying with regulations like HIPAA. Employees are responsible for securely using passwords, email, the internet, and other systems to avoid security breaches. Examples of proper and improper behaviors are also outlined.
The document provides an overview of an employee information security awareness training. It summarizes key topics covered in the training including identifying security risks, developing good security practices, protecting classified and sensitive company information, securing workstations and mobile devices, safe email practices, and guarding against social engineering. It emphasizes the importance of protecting company information and passwords at all times.
Information Security Awareness
Tips to improve infosec awareness in any organization
To learn more visit http://www.SnapComms.com/solutions/employee-security-awareness
This document outlines various security training areas including general security awareness, virus protection, accessing systems, password management, and wireless use. It discusses protecting systems from unauthorized access and infection by using trusted sites, keeping antivirus software updated, not sharing login information, using strong passwords, and reporting any suspicious activity. The goal of security is to protect privacy and information on systems.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
This document provides an overview of information technology security awareness training at Northern Virginia Community College. It aims to assist faculty and staff in safely using computing systems and data by understanding security threats and taking reasonable steps to prevent them. Everyone who uses a computer is responsible for security. New employees must complete training within 30 days, and refresher training is required annually. Users have personal responsibilities around reporting violations, securing devices and data, and safe email practices. Security violations can result in consequences like data loss, costs, and disciplinary action. Training must be documented and various delivery methods are outlined.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
This document provides an overview of social engineering attacks. It defines social engineering as manipulating people into giving up confidential information through deception and manipulation. Various social engineering principles are described, including authority, social proof, urgency, and scarcity, which attackers use to carry out successful attacks. Different types of social engineering attacks are also outlined, such as phishing, spear phishing, baiting, DNS spoofing, honey traps, tailgating, shoulder surfing, and impersonation attacks.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cybersecurity involves policies, tools, concepts, and methods to manage risks and protect information stored electronically. It aims to ensure the integrity, confidentiality, and availability of digital information. In the European Union, the objective is to create an open, protected, and secure cyberspace that promotes freedom, democracy, and economic growth. This involves increasing cyber resilience, reducing network failures, developing policies and resources, and establishing international standards. In Spain, cybersecurity aims to guarantee security collaboration between public and private organizations and is a national priority focused on security in cyberspace through defined lines of action, objectives, and principles.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
1. Cyberbullying and online threats are common, with 2 in 5 kids being bullied online and 9 in 10 having their feelings hurt online. The consequences of online threats can sometimes be tragic.
2. Parents should monitor who their children are interacting with online and what types of content they are accessing and discussing to prevent risks.
3. Cyber ethics aim to establish moral principles for appropriate computer and internet use, covering issues like privacy, access rights, and avoiding harmful actions. Following cyber ethics can help people use the internet responsibly.
Web security involves protecting information transmitted over the internet from attacks by preventing, detecting, and responding to threats. The document defines various cybersecurity terms like hackers, viruses, worms, and Trojan horses. It also discusses risks like phishing scams, denial of service attacks, botnets, and ransomware. The key is for internet users to practice basic security measures like using antivirus software and avoiding suspicious links and attachments.
The document provides information about cybersecurity awareness and discusses various cyber threats such as computer viruses, social engineering attacks, and preventive measures. The objective is to educate university students on cybersecurity issues. It defines important terms like cyber crime and cyber security. It describes common cyber attacks like ransomware, phishing and social media attacks. It also discusses computer viruses, social engineering techniques, and provides tips to create strong passwords and protect personal information online. The document emphasizes that education and awareness are important to prevent cyber crimes.
The presentation discusses internet security threats and e-payment systems. It covers topics such as current internet security issues, statistics on internet usage, industry responses to security threats, available security tools, common types of attackers like hackers and their techniques, and types of attacks like viruses and denial of service attacks. It also discusses ensuring security for e-businesses and different e-payment types. Maintaining data security, privacy, system reliability and integrity are important concerns for any organization conducting business online.
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
This document discusses cyber crimes and how to secure computers from cyber threats. It is divided into several sections that cover the definition of cyber crimes, types of cyber crimes such as against persons and property, and types of hackers such as black hats and white hats. The document also provides tips for securing computers, including choosing a secure operating system, internet browser, and security software like firewalls, antivirus programs, and using safe internet practices.
Cybersafety is the safe and responsible use of information and communication technology. It is about keeping information safe and secure, but also about being responsible with that information, being respectful of other people online, and using good 'netiquette' (internet etiquette).
Computer viruses, malware, spyware, and Trojan horses are types of malicious software that can harm computers. Viruses spread by infecting files or programs and getting copied to other computers. Malware performs unwanted tasks like displaying ads or stealing data. Spyware monitors users' online activities without consent. Trojan horses deliver malware hidden within seemingly harmless programs or files. Antivirus software and firewalls help prevent infection by viruses, malware, and other cyber threats.
Information security a new era technology_Tahmid Munaz
This presentation was prepared for Voice of Business event sponsored by BangaLion at Dhaka University for MIS students...
So mostly this document was prepared focusing on basic self pre-caution and practices that we can follow...
A presentation to discuss information securities and responsibilities of individual to keep it safe. This specific presentation was contributed by many people. Each of the different area has its own author. I have planned and coordinated with them to compile it into a group presentation.
The downfall to_computers_in_the_21st_centurygracestearns
Computer fraud and identity theft are growing problems, with phishing scams and spyware posing major risks. It is important to take precautions like using antivirus software and being wary of emails from unknown senders. Copyright law protects creative works, and permission is needed to use others' content online. New technologies can enable privacy issues if personal data is not securely handled.
The downfall to_computers_in_the_21st_centurygracestearns
Computer fraud and identity theft are growing problems, with phishing scams and spyware posing major risks. It is important to take precautions like using antivirus software and being wary of emails from unknown senders. Copyright law protects creative works, and permission is needed to use others' content online. New technologies can enable privacy issues if personal data is not securely handled.
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
This document provides tips and guidance on internet safety. It discusses the benefits of internet use but also the risks like malware, phishing and exposure to inappropriate content. It emphasizes that children and adults use the internet differently and parents should be involved in their child's online activities. It provides tips for safe internet practices like using antivirus software, strong passwords, backing up data and installing security updates.
This presentation discusses computer and internet security. It explains that hackers seek personal information like passwords and credit card numbers. It recommends using antivirus software and secure passwords to protect against malware, viruses, and identity theft. Social networking sites can also pose privacy and security risks if too much personal information is shared. The presentation stresses the importance of computer security and maintaining privacy online.
This presentation discusses computer and internet security. It explains that hackers seek personal information like passwords and credit card numbers. It recommends using antivirus software and secure passwords to protect against malware, viruses, and identity theft. Social networking sites can also pose privacy and security risks if too much personal information is shared. The presentation stresses the importance of computer security and limiting what information people share online.
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
This document provides an overview of cyber security threats and best practices for protecting personal information and devices. It discusses what cyber security is, common threats like malware, hackers, and social engineering, and high profile cyber attacks such as those against Target, iCloud, Ashley Madison, and Sony. The document recommends security best practices like installing operating system and software updates, using antivirus software, implementing strong password management, enabling personal firewalls, and knowing how to identify phishing attempts. It also provides guidance on what to do if a device or account becomes compromised, such as disconnecting from the internet, running antivirus scans, resetting passwords, and contacting authorities in some cases.
This document discusses various topics related to cyber safety and security. It defines cyber safety as protecting personal, financial, and online information from theft. It describes identity theft and different methods used like phishing, dumpster diving, and shoulder surfing. It also discusses how websites track users through IP addresses, cookies (including first party, third party, session, and super cookies). The document outlines best practices for protecting confidential information and defines malware like adware, spyware, viruses, worms, and Trojan horses. It describes cyber crimes, cyber stalking, cyber bullying, and different types of cyber security threats.
Similar to Cyber Security Awareness Program.pptx (20)
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
2. Basic InfoSec……..?
Introduction…? My Self …… Yourselves……
Let us stop fussing…….! And see $whoami C:>whoami
Safety is not a slogan, it’s a way of life
Start with YOU and ends with YOU.
Skip these intros and lets see WhatsApp ? What's up in InfoSec World..
Current ongoing in Cyber/Information Security Arena …..!
Look for Threat post , the hacker news….
Still need explanation…… think…..Back to Basics….
Normal User ……. Get more on google..
Information Security Standards (ISO/IEC 27001-2013 ISMS)
11 Domains, 30 Control Objectives, 130 + controls to adopt an international Standard and certification of ISO/IEC-
27001-2013
Center for Internet Security- Benchmarking for security of the various IT System..
How to harden OS/Server/Firewall/Router/Switches.
3. InfoSec/Cyber Security. Start/End….
You/Me/We…!
Basic Practices of System (PC/Laptop/Desktop) handling …..
Start at ….? End up with……? Observe….Cautiously….!
Windows user Task Manager/Even Viewer…. Need more… !
https://docs.microsoft.com/en-us/sysinternals/downloads/
Linux user much more to look @ ps aux/ufw /netstat/system monitor.
End of the working day …..Disconnect (Physically)
7. Cyber Security Threat Landscape..
92% of the Indians/ youth was found to have shared private information online
despite being aware that this is risky.
53% of youngsters trust the virtual world and interact with strangers.
51% of those polled didn’t care about their online privacy at all.
8. Lime Lights of Today may can be….
Password Security
USB Device Security
Data Protection and Destruction
Email Security & Phishing Awareness
Protecting Against Ransom Virus
URL and Safer Web Browsing
Safe Social Networking
Mobile Device Security
9. Threats identification…..Trailing ….
Does your screen name identify you as your actual name…? Administrator…?
Have you ever posted any personal information of yours or anyone else without explicit consent?
Have you ever uploaded your picture of sensitive area of organization, wihtout prior consent of
management.
Have you ever filled out online forms, questionnaires, profile pages considering your official profile ?
Have you ever purchased anything online while sharing your credit /debit cards number insecurely?
Have you ever shared your passwords with someone other ?
Have you ever downloaded and installed software without consulting your team mate.
Have you opened emails from total strangers?
Have you ever agreed to meet in person someone you have only met online?
Have you ever been involved in chat sessions with people using vulgar expressions or sexually explicit
language?
11. Information Hacking History
The first recorded cyber crime was recorded in the year 1820.(France) Loom
Device.
The first spam email took place in year 1978 when it was sent over the Arpanet.
The first Virus was installed on an Apple Computer in year 1982.
(Rich Skrenta wrote first Elk Cloner virus)
(On every 50th boot the Elk Cloner virus would display a short poem)
13. Hacker & Types of Hackers….
1) White Hat – Good guys. Report hacks/vulnerabilities to appropriate people.
2) Black Hat – Only interested in personal goals, regardless of impact.
3) Gray Hat – Somewhere in between.
Script Kiddies
Someone that calls themselves a ‘hacker’ but really isn’t
Ethical Hacker
Someone hired to hack a system to find vulnerabilities and report on them.
Also called a ‘sneaker’
14. Security…. Password…
Why would someone wants to steal your password ?
Passwords are the only keys that prevent unauthorized
entry to many systems.
Password Security Preventions –
1. It should be separate for diff-2 email accounts.
2. Don’t ever reveal your passwords to anyone.
3. Write down in a secure location.
4. Change your passwords if compromised suspected.
5. Add Complexity to passwords .
6. Last but not least for Banking related…Forgot the Password…only if….?
15. How to Make password more Secure…
Choose at least 8 characters, including:
- Uppercase
- Lowercase
- Numbers
- Symbols such as @#$%^&*()!~’”
Avoid simple words
Don’t pick names or nicknames of people….Notice……!
Don’t include repeated characters
Avoid your special person’s like BF/GF name
EXAMPLE: 0mBhUrBhur@v3Sw@h
Note: for Organizations pls always refer a password policy for life cycle of Information
system.
16.
17. Security…… USB Devices….
USB flash drives are hard to track physically, being stored in bags,
backpacks, laptop cases, jackets or left at unattended workstations.
STUXNET (Siemens ICS-SCADA, Programmable Logic Controller)
A survey shows end users most frequently copy:
- Customer Data (25%)
- Financial Information (25%)
- Business Plans (15%)
- Employee Data (13%)
- Source Code (6%)
18. Securing USB Drives…….
- Manually save files with a password.
- Avoid Direct Plug-Ins. (Hold a Shift key and then attach)
- Lock your flash drive with USB Safeguard.
- Encrypting the drive with third party tools like True Crypt.
- Ensure that all USB devices are checked for malware before
they are connected to the network.
19.
20. Data Protection….
Computer data security is the process of preventing and detecting unauthorized
use of your computer data.
It is concerned with 4 main areas – (CIA)
Confidentiality
Integrity
Availability
Authentication
21. System Security Tools/ Websites
Tool - FileAnalyzer
Tool - ComboFix
Tool - Comodo Firewall
Tool - Process Explorer
Tool - Sandboxie
Website - Virustotal.com
Website - Nosharescanner.com
22. •Linux was originally built by Linus Torvalds
at the University of Helsinki in 1991.
•Linux is a Unix-like, Kernel-based OS.
•Flavors – Redhat, Fedora, Ubuntu,
Backtrack, Debian, BSD, Suse, Slackware.
Windows/Linux…
First version of Windows – Windows 3.1 released in 1992 by Microsoft.
Windows is a GUI based operating system
Flavors – Windows 95, 98, ME, NT, XP, 2000, 2003, Vista, 7, 8, 8.1, 10. expecting 11
23. Virus Attack…. Symptoms….
Processes take more resources and time.
Computer beeps with no display.
Drive label changes.
Unable to load OS.
Computer slows down when program starts.
Anti-virus alerts.
Computer freezes frequently or encounters error.
Files & Folders are missing.
Hard Drive is not accessible.
Browser window freezes.
24. Security … Email…. Why….?
Email is important because it creates a fast, reliable form of communication that
is free and easily accessible.
Basic Reasons of attacks on Email Accounts –
- When one discloses his or her password to other person.
- Forgetting to logout from public computers.
- Lack of awareness about legal remedies to sue a bad man.
25. Securing….Email…….
To scan email headers – http://cyberforensics.in
For Latest Email Scams – http://hoax-slayer.com
Tips:
Use a wacky email address
Don’t recycle your password
Know how to catch a phish
Don’t use free Wi-Fi
Never open any Spam/Junk Email
26. Ransomware….. What……?
A Ransomware is a type of malware that locks your files, data or the PC itself and
extorts money from you in order to provide access.
Ransomware is considered “scare virus” as it forces users to pay a fee (or ransom)
by scaring or threatening them.
Example: cyberware, wannacry, petya
For more info, www.yeahhub.com
27. Securing …. Ransomware……
Backup your data.
Show hidden file extensions.
Filter EXEs in email.
Disable file running from AppData/LocalAppData Folders.
Disable RDP (Remote Desktop Protocol).
Patch or Update your software.
Disconnect your Wi-Fi or unplug.
Use System Restore to get back to a known clean state.
Set the BIOS clock back.
Google the leaked private key.
28.
29.
30. Safe Surfing of Internet…. Browsing
Secure web browsing is a game of changing tactics. Just when you think you’ve
made your computer as safe to use as possible, the landscape changes.
Always use HTTPS for banking
transactions.
Builtwith.com, who.is, centralops.net
31. Safe Browsing ..to do…Please
Don’t download free media.
Don’t store your payment information online.
Don’t over share personal information on social media accounts.
Change passwords regularly.
Keep your browser software up-to-date.
Run Anti-Virus software.
Scan downloaded files before executing.
Watch out for phishing.
Don’t Reuse Passwords.
Use HTTPS for banking transactions.
Read Privacy Policies.
Avoid Public or Free Wi-Fi.
Disable Stored Passwords.
32. Social Networking….. Glance…
Today’s world is a global village. Everyone is connected to one another in this vast network
generated by network.
Till date, the world’s largest social networking company, Facebook has 340 million active
users in INDIA (2.85 billion world wide), and the no. of users are increasing every year.
70% - Ages 18-29 Years
77% -Ages 30-49 Years
73% - Ages 50-64 Years
50% -Ages 65+ Year
Total of 77% Women verses 61% Men
33. Securing Social Networking..
Lets not do it…….!
Never post illegal activities.
Avoid Bullying others.
Don’t trash your Seniors/mentors/ Colleges.. And more…..
Don’t post objectionable content from organizational networks.
Don’t post confidential information.
Don’t overlay specific location check-ins.
Never rely on privacy settings 100%.
34. Facebook Security….
Koobface (2009) – A Must see viral video
Zeus – Botnet
LikeJacking – Fake Likes
Facebook Black – JS Malware
Who Viewed Your profile? – Browser Hijacking
Security –
1. For Account Recovering - https://facebook.com/hacked
2. To Report anything - https://www.facebook.com/help/contact/
485974059259751
3. About Safety Check - https://www.facebook.com/about/safetycheck/
35. Security…Mobile Device(Android)
1) Do not save all of your passwords
2) Use Android in-built security
3) Lock your apps (Ex. App Lock)
4) Importance of App Permissions
5) Securing your network (Ex. Hideninja VPN, Wi-Fi Protector)
6) Use Mobile Security App
7) Create Multiple User Account to protect privacy
8) Prepare a Backup of your data
9) Enable Remote Wipe (Ex. 3cx Mobile Device Manager)
10) Track your lost device (Ex. Where’s My Droid, Plan B, SeekDroid Lite,
AntiDroidTheft, Prey AntiTheft)
36. Security Best Practices….
1) Use antivirus software (AVAST, AVG…..)
2) Insert firewalls , pop up blocker (Windows, Comodo)
3) Uninstall unnecessary software (Adwares)
4) Maintain backup (Weekly/Monthly)
5) Check security settings (Netstat)
6) Use secure connection (HTTPS)
7) Open attachments carefully
8) Use strong passwords , don’t give personal identifiable
information (PII) unless required.
37. Some Promises to keep while…. On
internet….
1) I will make my organization secure while using given resources securely
2) I will not submit any of my organization information in public forum.
3) I will segregate my duty and social life on internet.
4) If anyone endorsing me to spread information, please don’t forward it without
verification or trust.
5) I will change password of my sensitive information (personal/official) on
domain of internet/Intranet.
6) I will put my system offline (disconnect form network) if I am not using it..
7) I will contact ISMO/ISO if I found something malacious to IT system of My
organization.
38. Thanks….. But No thanks….
The only system which is truly secure is one which is switched off and
unplugged ,when it is not in use. But otherwise to be safe is Pay
attention and Act smart.
{ Any Enquiry keep in touch with ISMO/ISO }
https://haryanaismo.gov.in
Information Security Management Office, Haryana