SlideShare a Scribd company logo

cyber security presentation (1).pdf

W
w4tgrgdyryfh

This document provides information about cybersecurity and threats. It discusses the importance of cybersecurity and some common threats like viruses, worms, Trojan horses, and social engineering. It provides details on specific threats like phishing, man-in-the-middle attacks, and rootkits. The document also offers tips for secure practices like using strong passwords, backing up data, applying software updates, and reporting any suspected cybersecurity incidents. The overall message is that cybersecurity is important to protect individuals and organizations from online threats and risks.

Automotive
1 of 21
Download to read offline
SOCIAL INNOVATION GROUP 10 1 GROUP MEMBERS- H0- Siddarth G4- Medha J2- Samaikya J8- Ram Murthy K0- Sai Pramod
Information Security Awareness Cybersecurity Primer
Importance of Cybersecurity ⦿ The internet allows an attacker to work from anywhere on the planet. ⦿ Risks caused by poor security knowledge and practice: ⚫ Identity Theft ⚫ Monetary Theft ⚫ Legal Ramifications (for yourself and your organization) ⚫ Sanctions or termination if policies are not followed ⦿ According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: ⚫ Web Browser ⚫ IM Clients ⚫ Web Applications ⚫ Excessive User Rights 2
Cybersecurity is Safety Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. 3
User Awareness 4 Cyber-Criminals Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Sell credit card numbers, etc… System Administrators Some scripts appear useful to manage networks… Malware package earns $1K-2K 1 M Email addresses earn $8 10,000 PCs earn $1000 Posts to Downloads Posts to Reports
Leading Threats 5 Viruses Worms Trojan Horses / Logic Bombs Social Engineering Rootkits Botnets / Zombies
Viruses 6 ⦿ A virus attaches itself to a program, file, or disk. ⦿ When the program is executed, the virus activates and replicates itself. ⦿ The virus may be benign or malignant but executes its payload at some point (often upon contact). ⚫ Viruses can cause computer crashes and loss of data. ⦿ In order to recover or prevent virus attacks: ⚫ Avoid potentially unreliable websites/ emails. ⚫ System Restore. ⚫ Re-install operating system. ⚫ Use and maintain anti-virus software. Program A Extra Code Program B infect s
Phishing: Counterfeit Email 10 Phishing: A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail.
Man In The Middle Attack 13 An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server.
Rootkit 14 ⦿ Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. ⦿ May enable: ⚫ Easy access for the hacker (and others)into the enterprise ⚫ Keystroke logger ⦿ Eliminates evidence of break-in. ⦿ Modifies the operating system. Backdoor entry Keystroke Logger Hidden user
Identifying Security Compromises 17 ⦿ Symptoms: ⚫ Antivirus software detects a problem. ⚫ Disk space disappears unexpectedly. ⚫ Pop-ups suddenly appear, sometimes selling security software. ⚫ Files or transactions appear that should not be there. ⚫ The computer slows down to a crawl. ⚫ Unusual messages, sounds, or displays on your monitor. ⚫ Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. ⚫ The mouse pointer moves by itself. ⚫ The computer spontaneously shuts down or reboots. ⚫ Often unrecognized or ignored problems.
Malware detection 18 • Spyware symptoms: • Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance.
Anti-virus and Anti-spyware Software 20 • Anti-virus software detects certain types of malware and can destroy it before any damage is done. • Install and maintain anti-virus and anti-spyware software. • Be sure to keep anti-virus software updated. • Many free and commercial options exist. • Contact your Technology Support Professional for assistance.
Protect your Operating System 22 ⦿ Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. ⦿ The Windows Update feature built into Windows can be set up to automatically download and install updates. ⦿ Avoid logging in as administrator ⦿ Apple provides regular updates to its operating system and software applications. ⦿ Apply Apple updates using the App Store application.
Use Strong Passwords Make passwords easy to remember but hard to guess • USG standards: • Be at least ten characters in length • Must contain characters from at least two of the following four types of characters: – English upper case (A-Z) – English lower case (a-z) – Numbers (0-9) – Non-alphanumeric special characters ($, !, %, ^, …) • Must not contain the user’s name or part of the user’s name • Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. 23
Creating Strong Passwords • A familiar quote can be a good start: • Using the organization standard as a guide, choose the first character of each word: • LIASMWTFOS • Now add complexity the standard requires: • L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4 types). • Or be more creative! 24 “LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare
Avoid Stupid Hacker Tricks ⦿ Be sure to have a good firewall or pop-up blocker installed. ⦿ Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner. ⦿ Never click “yes,” “accept” or even “cancel.” ⦿ Infected USB drives are often left unattended by hackers in public places. 27
Secure Business Transactions 28 ⦿ Always use secure browser to do online activities. ⦿ Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol indicating enhanced security
Backup Important Information 29 ⦿ No security measure is 100% reliable. ⦿ Even the best hardware fails. ⦿ What information is important to you? ⦿ Is your backup: Recent? Off-site & Secure? Process Documented? Encrypted? Tested?
Cyber Incident Reporting 30 If you suspect a cybersecurity incident, notify your organization’s help desk or the USG ITS help desk immediately. Be prepared to supply the details you know and contact information. 1. Do not attempt to investigate or remediate the incident on your own. 2. Inform other users of the system and instruct them to stop work immediately. 3. Unless instructed, do not power down the machine. 4. Unless instructed, do not remove the system from the network. The cybersecurity incident response team will contact you as soon as possible to gather additional information. Each USG organization is required to have a specific plan to handle cybersecurity incidents. Refer to local policies, standards and guidelines for specific information.
13 Thank you

Recommended

Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
Jisc
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 

Recommended

Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
Jisc
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
Dnyaneshwar Beedkar
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
211 Check
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Cyber security
Cyber securityCyber security
Cyber security
Harsh verma
 
Cloud security
Cloud securityCloud security
Cloud security
Niharika Varshney
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
RajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 

More Related Content

What's hot

Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 

What's hot (20)

Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Software security
Software securitySoftware security
Software security
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Information security
Information securityInformation security
Information security
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
IoT security
IoT securityIoT security
IoT security
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Security threats
Security threatsSecurity threats
Security threats
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 

Similar to cyber security presentation (1).pdf

USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
sumita02
 

Similar to cyber security presentation (1).pdf (20)

Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
IT security awareness
IT security awarenessIT security awareness
IT security awareness
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.ppt
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information Security
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
Seven Effective Habits When Using The Internet
Seven Effective Habits When Using The InternetSeven Effective Habits When Using The Internet
Seven Effective Habits When Using The Internet
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Cyber security
Cyber securityCyber security
Cyber security
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 

Recently uploaded

The Future of Autonomous Vehicles | civilthings.com | Detailed information
The Future of Autonomous Vehicles | civilthings.com | Detailed informationThe Future of Autonomous Vehicles | civilthings.com | Detailed information
The Future of Autonomous Vehicles | civilthings.com | Detailed information
gettygaming1
 
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
psavhef
 
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
amvovau
 

Recently uploaded (10)

Core technology of Hyundai Motor Group's EV platform 'E-GMP'
Core technology of Hyundai Motor Group's EV platform 'E-GMP'Core technology of Hyundai Motor Group's EV platform 'E-GMP'
Core technology of Hyundai Motor Group's EV platform 'E-GMP'
 
The Future of Autonomous Vehicles | civilthings.com | Detailed information
The Future of Autonomous Vehicles | civilthings.com | Detailed informationThe Future of Autonomous Vehicles | civilthings.com | Detailed information
The Future of Autonomous Vehicles | civilthings.com | Detailed information
 
Tyre Industrymarket overview with examples of CEAT
Tyre Industrymarket overview with examples of CEATTyre Industrymarket overview with examples of CEAT
Tyre Industrymarket overview with examples of CEAT
 
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
一比一原版SDSU毕业证圣地亚哥州立大学毕业证成绩单如何办理
 
gtyccccccccccccccccccccccccccccccccccccccccccccccccccccccc
gtycccccccccccccccccccccccccccccccccccccccccccccccccccccccgtyccccccccccccccccccccccccccccccccccccccccccccccccccccccc
gtyccccccccccccccccccccccccccccccccccccccccccccccccccccccc
 
Why Isn't Your BMW X5's Comfort Access Functioning Properly Find Out Here
Why Isn't Your BMW X5's Comfort Access Functioning Properly Find Out HereWhy Isn't Your BMW X5's Comfort Access Functioning Properly Find Out Here
Why Isn't Your BMW X5's Comfort Access Functioning Properly Find Out Here
 
Advanced Technology for Auto Part Industry Inventory Solutions
Advanced Technology for Auto Part Industry Inventory SolutionsAdvanced Technology for Auto Part Industry Inventory Solutions
Advanced Technology for Auto Part Industry Inventory Solutions
 
Essential Maintenance Tips For Commercial Vans.
Essential Maintenance Tips For Commercial Vans.Essential Maintenance Tips For Commercial Vans.
Essential Maintenance Tips For Commercial Vans.
 
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
一比一原版BC毕业证波士顿学院毕业证成绩单如何办理
 
Wondering if Your Mercedes EIS is at Fault Here’s How to Tell
Wondering if Your Mercedes EIS is at Fault Here’s How to TellWondering if Your Mercedes EIS is at Fault Here’s How to Tell
Wondering if Your Mercedes EIS is at Fault Here’s How to Tell
 

cyber security presentation (1).pdf

  • 1. SOCIAL INNOVATION GROUP 10 1 GROUP MEMBERS- H0- Siddarth G4- Medha J2- Samaikya J8- Ram Murthy K0- Sai Pramod
  • 3. Importance of Cybersecurity ⦿ The internet allows an attacker to work from anywhere on the planet. ⦿ Risks caused by poor security knowledge and practice: ⚫ Identity Theft ⚫ Monetary Theft ⚫ Legal Ramifications (for yourself and your organization) ⚫ Sanctions or termination if policies are not followed ⦿ According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: ⚫ Web Browser ⚫ IM Clients ⚫ Web Applications ⚫ Excessive User Rights 2
  • 4. Cybersecurity is Safety Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology. 3
  • 5. User Awareness 4 Cyber-Criminals Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> generate spam Sell credit card numbers, etc… System Administrators Some scripts appear useful to manage networks… Malware package earns $1K-2K 1 M Email addresses earn $8 10,000 PCs earn $1000 Posts to Downloads Posts to Reports
  • 6. Leading Threats 5 Viruses Worms Trojan Horses / Logic Bombs Social Engineering Rootkits Botnets / Zombies
  • 7. Viruses 6 ⦿ A virus attaches itself to a program, file, or disk. ⦿ When the program is executed, the virus activates and replicates itself. ⦿ The virus may be benign or malignant but executes its payload at some point (often upon contact). ⚫ Viruses can cause computer crashes and loss of data. ⦿ In order to recover or prevent virus attacks: ⚫ Avoid potentially unreliable websites/ emails. ⚫ System Restore. ⚫ Re-install operating system. ⚫ Use and maintain anti-virus software. Program A Extra Code Program B infect s
  • 8. Phishing: Counterfeit Email 10 Phishing: A seemingly trustworthy entity asks for sensitive information such as SSN, credit card numbers, login IDs or passwords via e-mail.
  • 9. Man In The Middle Attack 13 An attacker pretends to be your final destination on the network. When a person tries to connect to a specific destination, an attacker can mislead him to a different service and pretend to be that network access point or server.
  • 10. Rootkit 14 ⦿ Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. ⦿ May enable: ⚫ Easy access for the hacker (and others)into the enterprise ⚫ Keystroke logger ⦿ Eliminates evidence of break-in. ⦿ Modifies the operating system. Backdoor entry Keystroke Logger Hidden user
  • 11. Identifying Security Compromises 17 ⦿ Symptoms: ⚫ Antivirus software detects a problem. ⚫ Disk space disappears unexpectedly. ⚫ Pop-ups suddenly appear, sometimes selling security software. ⚫ Files or transactions appear that should not be there. ⚫ The computer slows down to a crawl. ⚫ Unusual messages, sounds, or displays on your monitor. ⚫ Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. ⚫ The mouse pointer moves by itself. ⚫ The computer spontaneously shuts down or reboots. ⚫ Often unrecognized or ignored problems.
  • 12. Malware detection 18 • Spyware symptoms: • Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance.
  • 13. Anti-virus and Anti-spyware Software 20 • Anti-virus software detects certain types of malware and can destroy it before any damage is done. • Install and maintain anti-virus and anti-spyware software. • Be sure to keep anti-virus software updated. • Many free and commercial options exist. • Contact your Technology Support Professional for assistance.
  • 14. Protect your Operating System 22 ⦿ Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. ⦿ The Windows Update feature built into Windows can be set up to automatically download and install updates. ⦿ Avoid logging in as administrator ⦿ Apple provides regular updates to its operating system and software applications. ⦿ Apply Apple updates using the App Store application.
  • 15. Use Strong Passwords Make passwords easy to remember but hard to guess • USG standards: • Be at least ten characters in length • Must contain characters from at least two of the following four types of characters: – English upper case (A-Z) – English lower case (a-z) – Numbers (0-9) – Non-alphanumeric special characters ($, !, %, ^, …) • Must not contain the user’s name or part of the user’s name • Must not contain easily accessible or guessable personal information about the user or user’s family, such as birthdays, children’s names, addresses, etc. 23
  • 16. Creating Strong Passwords • A familiar quote can be a good start: • Using the organization standard as a guide, choose the first character of each word: • LIASMWTFOS • Now add complexity the standard requires: • L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4 types). • Or be more creative! 24 “LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS” William Shakespeare
  • 17. Avoid Stupid Hacker Tricks ⦿ Be sure to have a good firewall or pop-up blocker installed. ⦿ Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner. ⦿ Never click “yes,” “accept” or even “cancel.” ⦿ Infected USB drives are often left unattended by hackers in public places. 27
  • 18. Secure Business Transactions 28 ⦿ Always use secure browser to do online activities. ⦿ Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol indicating enhanced security
  • 19. Backup Important Information 29 ⦿ No security measure is 100% reliable. ⦿ Even the best hardware fails. ⦿ What information is important to you? ⦿ Is your backup: Recent? Off-site & Secure? Process Documented? Encrypted? Tested?
  • 20. Cyber Incident Reporting 30 If you suspect a cybersecurity incident, notify your organization’s help desk or the USG ITS help desk immediately. Be prepared to supply the details you know and contact information. 1. Do not attempt to investigate or remediate the incident on your own. 2. Inform other users of the system and instruct them to stop work immediately. 3. Unless instructed, do not power down the machine. 4. Unless instructed, do not remove the system from the network. The cybersecurity incident response team will contact you as soon as possible to gather additional information. Each USG organization is required to have a specific plan to handle cybersecurity incidents. Refer to local policies, standards and guidelines for specific information.