The document discusses information security awareness and cyber attacks. It describes common types of cyber attacks like espionage, phishing, and botnets. Specific examples like Stuxnet, Flame, and the Heartland Payment Systems data breach are examined. The document emphasizes the risks of poor password management, unawareness of data importance, and insider threats. It provides guidance on safeguarding devices and data through measures such as strong passwords, antivirus software, and a business continuity plan.

1. Haneen Iemeir
Information Security
Awareness
Information Technology Dept.
By Haneen Iemeir
Haneen Iemeir

2. Haneen Iemeir
Cyber Attacks
 Computer-to-computer attack that
undermines the confidentiality, integrity,
or availability of a computer or
information resident on it
IT Department, Haneen Iemeir
Haneen Iemeir

3. Haneen Iemeir
Examples
Espionage
Organizations-targeted
Personnel-targeted
Kiddies
 Botnets
IT Department, Haneen Iemeir
Haneen Iemeir

4. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

5. Haneen IemeirStuxnet /Iran nuclear
IT Department, Haneen Iemeir
Haneen Iemeir

6. Haneen Iemeir
Flame
It was discovered in 2012 but it had been
operating since 2010.
Attacked Middle East and Asia
Collected sensitive data of regular
individuals, business men and military
personnel.
IT Department, Haneen Iemeir
Haneen Iemeir

7. Haneen IemeirHeartland Payment Systems
Phishing out over 100 million individual card
numbers, costing Heartland more then $140 million
dollars in damages incurred in 2008
Started with PHISHING to a regular customer
IT Department, Haneen Iemeir
Haneen Iemeir

8. Haneen Iemeir
PHISHING.. Simplest example
IT Department, Haneen Iemeir
Haneen Iemeir

9. Haneen Iemeir
Link Clicked .. Oops !
Data is stolen
Software is installed … Malware
Computer is infected and may infect others on
network
IT Department, Haneen Iemeir
Haneen Iemeir

10. Haneen IemeirHow do hackers
GET AWAY WITH IT!
BOTNET
IT Department, Haneen Iemeir
Haneen Iemeir

11. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

12. Haneen Iemeir
Could my PC be a botnet?
IT Department, Haneen Iemeir
Haneen Iemeir

13. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

14. Haneen Iemeir
So WHAT ??
Theft of hard disk data, photos and videos
Destruction to hard disk and data
performance issues
Malfunction of applications
IT Department, Haneen Iemeir
Haneen Iemeir

15. Haneen Iemeir
Most Common Threats
Infected USB
Email phishing, pretend to be some one else
asking you to do something
Social engineering,
https://www.youtube.com/watch?v=HJXJkpir-
ds
Social Networking,
https://www.youtube.com/watch?v=T1EZVFo
Zq4A
IT Department, Haneen Iemeir
Haneen Iemeir

16. Haneen Iemeir
Most Common Threats
Unknown attachments,
https://www.youtube.com/watch?v=5grTJH3B_70
Mobile devices, theft or hack
Hard disk failures
Malicious codes
Accessing business desktop
form outside
IT Department, Haneen Iemeir
Haneen Iemeir

17. Haneen Iemeir
MOST of Most
POOR PASSWORD and ACCESS
management
Unawareness of data importance
INSIDER THREATS
DOWNTIMES !!
On may 2013, it was reported that %58 of
cyber attacks attributed to insider attack
Intentional harm or misuse of access
IT Department, Haneen Iemeir
Haneen Iemeir

18. Haneen Iemeir
WHY ???
An employee having the password of another
employee is not afraid of consequences and
disciplinary actions.
An employee who access data that he/she is NOT
responsible of DO NOT pay care to confidentiality
agreements regarding this data!
Unaware employee can lose data and infect the
network
IT Department, Haneen Iemeir
Haneen Iemeir

19. Haneen Iemeir
Downtime; availability &
Confidentiality
If there is no well-documented business
continuity plan,, you either end up with NO
productivity or paper work will be a total
mess!!
Switching back from paper to information
systems needs authorized procedure and
personnel.
IT Department, Haneen Iemeir
Haneen Iemeir

20. Haneen Iemeir
How to ….
Safeguard my PC and Mobil either at home
or at office?
Protect my integrity,, not allowing anyone
to abuse me?
Pay due-care towards my signed code of
conducts?
IT Department, Haneen Iemeir
Haneen Iemeir

21. Haneen IemeirSafeguards ..
Data classification. To know the importance of
data I access; i.e. when I travel
Do not open emails or
messages from
unknown people, DELETE.
Keep my password secret, complex and changed
periodically; Password Policy
IT Department, Haneen Iemeir
Haneen Iemeir

22. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

23. Haneen Iemeir
Safeguards ..
UPGRADE OS of desktop & mobile,
ANTIVIRUS and other applications.
LOG OFF your computers
after work hours
IT Department, Haneen Iemeir
Haneen Iemeir

24. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

25. Haneen Iemeir
Safeguards ..
Control privileged access to my staff; IT Privilege
Request Form & annual privilege review
Good job description and confidentiality
agreements.
Do not click on unknown LINKS
Use UPDATED Anti-spam
IT Department, Haneen Iemeir
Haneen Iemeir

26. Haneen Iemeir
Safeguards ..
Do NOT use the same password for all your
accounts.
Avoid UNLICENSED software
Close your office when leaving
Pay attention to shoulder surfing
Use secure devices to access business systems
Either from home or via smart phone.
Scan USB before opening it
IT Department, Haneen Iemeir
Haneen Iemeir

27. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

28. Haneen IemeirSafeguards ..
Use SHAREFOLDERs, Sharefolder request form
When implementing new systems,, consult IT for security
and performance issues.
IT Department, Haneen Iemeir
Haneen Iemeir

29. Haneen Iemeir
Business Continuity Plan
Define Critical business procedures
Paper/manual alternative procedure
Downtime period needed to pass before
launching BCP
Who launches the BCP? Decision maker?
How to go back to automatic systems after
recovery?
IT Department, Haneen Iemeir
Haneen Iemeir

30. Haneen Iemeir
Other Security Considerations
Third Party Access
NDA
Policy
IT Department, Haneen Iemeir
Haneen Iemeir

31. Haneen Iemeir
How to tell if I am hacked!!
Browser open websites by its own and you
cannot close them
Antivirus is reporting infected file
Passwords no longer work or they are
locked out.
Suspicious applications on the desktop
Unreasonable slowness of the
system/network
IT Department, Haneen Iemeir
Haneen Iemeir

32. Haneen Iemeir
Report Incidents
All the previous systems
Abuse of credentials
Suspected employee activities
How to report !
http://khccportal/default.aspx
IT Department, Haneen Iemeir
Haneen Iemeir

33. Haneen Iemeir
IT Department, Haneen Iemeir
Haneen Iemeir

34. Haneen Iemeir
Thank You
IT Department, Haneen Iemeir
Haneen Iemeir