SlideShare a Scribd company logo

Introduction to information security

Harish Jangid
Harish Jangid

Intro to infosec

Technology
1 of 13
Download to read offline
Introduction to Information Security 1. Introduction to Cyber Security 2. Security of a Facility 3. Importance of Network Security 4. Protecting Yourself and Your Information 5. Social Engineering – The Greatest Threat 6. Email – Fool Me Once… 7. How to Defend Against Malicious Websites 8. How to Protect your Mobile Device 9. Good Information Security Practices Introduction to Cyber Security Introduction 1. What is Cyber Security? All the processes and practices we implement to protect networks, computers, applications and data from attacks on the C-I-A triad (Confidentiality, Integrity and Availability) 2. Why Do We Care? Estimates upwards of 250 BILLION dollars of loss associated with Cyber Crime (McAfee estimates almost one trillion. 3. Every year, the Director of National Intelligence publishes an unclassified 11World wide Threat Assessment." The year 201S report was published listing "Cyber ' is the first (and greatest} threat listed. Know Your Enemy 1. Who commits cyber crim 2. ► Organized Crime Traditional mafia is outsourcing cybercrime to Freelance 3. Criminals-Billions of dollars at stake 4. ► Terrorists ISIS attacks on military sites Pose threats to national security secrets, but also the existing 5. infrastructure 6. ► Foreign Nations Stuxnet, Sony attacks 7. ► Insiders Estimated 1.2 Billion in losses 8. ► Hacktivists Anonymous 9. ► Common Thieves Why did you rob the bank? that’s where the money is
Protecting your C-1-A, also known as "Covering Your Assets!" ► Confidentiality: Prevent unauthorized disclosure of information ► Integrity: Prevent unauthorized modification of information or files ► Availability: Ensuring timely access to resources Security of a Facility Protect... the Facility ► The safety of our employees is PRIORITY NUMBER ONE! ►Often a successful attack originates with the attacker on the premise ► Attackers can use a physical attack to lower a company's Défense (Sounding the fire alarm, causing the building to be evacuated). ► Regulations/Laws apply even in the event of an emergency. Sensitive Data must continue to be protected ► Physical access can lead to theft, or allow us to launch a network or other attack Importance of Network Security Protect ...the Network ► Network Attacks are the most common technical threat to a network ► Can range from eavesdropping on data transfer to Denial of Service ► Can cause compliance and regulatory issues ► Can lead to compromise of customer data resulting in loss of revenue and law suits ► Our systems can be used to attack others What can we do? ► Use secure protocols when transmitting data {HTTPS instead of HTTP} ► Protect physical access to your system ► Don't connect systems to the network without the knowledge of the security team ► Don't bring media to work from home without prior approval ► Scan all files before download ► Download from trusted sites ► Encrypt mail and other sensitive files
Protecting Yourself and Your Information Protect...Identities ► We live in world of information sharing. ► What is Pl!? Personally, Identifiable Information. ► Over 17 million people were victims of identity theft in 2014. this number on the rise. ► Any information that can lead to locating and contacting an individual and identifying that individual uniquely ► Full Name, Mothers maiden Name ► Social Security Number ► Address, Phone Number ► Vehicle Registration Number ► Biometrics ► Other uniquely identifying characteristics LEGEND SOCIAL SECURITY NUMBER PARENT CONTACT INFORMATION CITIZEN (email address, physical address, Telephone and mobile numbers) GOVERNMENT -ISSUED IDENTIFICATION EMPLOYEE (driver’s license, password birth certificate, Library card) BIRTH DATE, BIRTH PLACE CONSUMER ONLINE INFORMATION INVESTOR (facebook, social media passwords, PIN; s) GEOLOCATION PATIENT (smartphones, GPS, camera) VERIFICATION DATA INTERNET USER (mothers maiden name, pet’s and kid’s Names, high school, password’s) MEDICAL RECORDS INFORMATION HOBBYIST (prescriptions, medical records, exams, images) ACCOUNT NUMBER VOLUNTEER (bank, insurance, investments, credit cards)
What can We do? ► Secure your social security number (SSN). Don't carry your social security card in your wallet or write your number on your checks. ► Don't respond to unsolicited requests for personal by phone, mail, or online. ► Watch out for shoulder surfers specifically with coded-access to buildings when using ATMs ► Review your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions. ► Shred receipts, credit offers, account statements, and expired cards. to prevent dumpster divers from getting your personal information. ► Store personal information in a safe place at home and at work. ► Install firewalls and virus-detection software on your home computer. What Can We Do?
Social Engineering – The Greatest Threat Protect Against…Social Engineering Protect Against...Social Engineering ► Social Engineering may present the greatest threat to confidentiality today ► Phishing ► Pretexting ► Baiting ► Quid Pro Quo ► Tailgating
What Can we Do? ► Require multifactor authentication ► Trust no one! ► Follow company policy ► Don't succumb to pressure ► Install anti-malware ► Don't leave valuable information on your desk ► When in doubt, call your security team Email – Fool Me Once… Protect...Against Phony Emails ►Often email attachments are means of distributing malicious code ► Many viruses will "read “an-infected user's email list and replicate itself to those users. Just because an email indicates it originates with a trusted source doesn’t mean that is true ►Often by clicking these links, your system becomes infected and you too, will be propagating 'those links. ►Links may redirect to sites that seem legitimate but are used for phishing
What to do? ► DO NOT CLICK ON LINKS IN MESSAGES ► Verify with known parties ► Check the email address-does it really match the text of the email? Use known links and contacts outside those provided in the email ► Do not download files from unsolicited sources ► Watch for poor grammar, misspellings, urgent messages, pleas for money, etc
How to Defend Against Malicious Websites Protect...against Malicious websites ►Rogue websites are used to collect information, intercept information, and distribute malicious software ► Browser Hijacking: if a site won't allow you to access any other site, be suspicious! Has your homepage or search engine been modified without your permission. ► Sites inundated with Buy Now offers and pop-ups, indicates trouble. ► Often free downloads install spyware or other applications on your system. ► Sites that say they have Scanned your computer and have detected viruses should always be treated with suspicion ► Poorly built sites where it is difficult to find the information you are looking for. If every link seems to lead to an conduct your business advertisement, find a more legitimate site to contact your business
What do we do? ► Avoid suspicious sites ► Don't download files from peer to peer sites ► Use secure protocols (HTTPS) ► Don't IGNORE SECURITY WARNINGS ► Don't change browser security settings unless instructed to do so by the security team How to Protect your Mobile Device Protect…. Mobile Device ►Portability makes them vulnerable ►Application often share information with other application or organizations. ►Contacts and other sensitive information are often available ►Bluetooth is inherently insecure Protect...Mobile Devices ► Use Strong Passwords or passcodes ► Disable Bluetooth when not In use ► Don't enable information sharing between apps unless necessary ► Enable remote wipe function and consider the "Find your device option" ► Backup and protect your data ►Don't connect to a work system or the network unless you have express permission ► Be cautious about what you share-text is not inherently secure ► Download only secure applications ► Don't ''Jallbreak" or root your device. ► Report anything suspicious to the security team
Good Information Security Practices Other best Practices ► Always Logoff or lock your system if you leave (even for a minute) ► Keep systems patched and up to date
► Use strong passwords and protect them ► Encrypt sensitive files
► Watch what you share ► Disable insecure mechanisms if possible ► Never let someone have access to your system under your credentials ► Be wary of individuals looking for information or access ► Don't forget physical security ► Report any potential breach to your security team ► THINK THINK THINK!!! Regards, Secure100mb

Recommended

Cyber Safety Class 9
Cyber Safety Class 9Cyber Safety Class 9
Cyber Safety Class 9
NehaRohtagi1
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
Nazish Jamali
 
Cyber law (identity theft)
Cyber law (identity theft)Cyber law (identity theft)
Cyber law (identity theft)
Jermaine Smith
 
Presentation on cyber safety
Presentation on cyber safetyPresentation on cyber safety
Presentation on cyber safety
MOHAMMADZAINULABIDEE3
 
Online Safety and Security
Online Safety and Security Online Safety and Security
Online Safety and Security
Arah Louise
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Marite Rojas Ojeda
 

Recommended

Cyber Safety Class 9
Cyber Safety Class 9Cyber Safety Class 9
Cyber Safety Class 9
NehaRohtagi1
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
Nazish Jamali
 
Cyber law (identity theft)
Cyber law (identity theft)Cyber law (identity theft)
Cyber law (identity theft)
Jermaine Smith
 
Presentation on cyber safety
Presentation on cyber safetyPresentation on cyber safety
Presentation on cyber safety
MOHAMMADZAINULABIDEE3
 
Online Safety and Security
Online Safety and Security Online Safety and Security
Online Safety and Security
Arah Louise
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Marite Rojas Ojeda
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
Luc Beirens
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
Amit Arya
 
Cyber Crime And Security
Cyber Crime And SecurityCyber Crime And Security
Cyber Crime And Security
Shaheda Afreen
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacynetapprad
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.
Hussain777
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
Parveen Bala
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Uday Bhaskarwar
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Yasmin Ismail
 
Cyber crime among students
Cyber crime among studentsCyber crime among students
Cyber crime among studentsjune21harsh
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
FaMulan2
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
NetLockSmith
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Anchit Rajawat
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
xlilmermaidx
 
Cyber Security for Babies
Cyber Security for BabiesCyber Security for Babies
Cyber Security for Babies
VISHNUVNAIR13
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
Kanishk Raj
 
Information security
Information securityInformation security
Information security
IshaRana14
 

More Related Content

What's hot

Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
Luc Beirens
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
Amit Arya
 
Cyber Crime And Security
Cyber Crime And SecurityCyber Crime And Security
Cyber Crime And Security
Shaheda Afreen
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacynetapprad
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.
Hussain777
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
Parveen Bala
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Uday Bhaskarwar
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
Abzetdin Adamov
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Yasmin Ismail
 
Cyber crime among students
Cyber crime among studentsCyber crime among students
Cyber crime among studentsjune21harsh
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
FaMulan2
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
NetLockSmith
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Anchit Rajawat
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
xlilmermaidx
 
Cyber Security for Babies
Cyber Security for BabiesCyber Security for Babies
Cyber Security for Babies
VISHNUVNAIR13
 

What's hot (20)

Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
 
Cyber Crime And Security
Cyber Crime And SecurityCyber Crime And Security
Cyber Crime And Security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
 
Research paper on cyber security.
Research paper on cyber security.Research paper on cyber security.
Research paper on cyber security.
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cyber crime among students
Cyber crime among studentsCyber crime among students
Cyber crime among students
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
 
Nat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) PostersNat'l Cyber Security Awareness Month (NCSAM) Posters
Nat'l Cyber Security Awareness Month (NCSAM) Posters
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
How to stay safe online
How to stay safe onlineHow to stay safe online
How to stay safe online
 
Cyber Security for Babies
Cyber Security for BabiesCyber Security for Babies
Cyber Security for Babies
 

Similar to Introduction to information security

End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
Kanishk Raj
 
Information security
Information securityInformation security
Information security
IshaRana14
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
Sukhdev48
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
VaishnaviKhandelwal6
 
Cyber security 101
Cyber security 101Cyber security 101
Cyber security 101Travis Good
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
zahid_ned
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
cyber crime and security
cyber crime and securitycyber crime and security
cyber crime and securityAjay Singh
 
Internet security
Internet securityInternet security
Internet security
Mohamed El-malki
 
Internet Security.pptx
Internet Security.pptxInternet Security.pptx
Internet Security.pptx
havaneb872
 
SAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfSAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdf
ssusera0b94b
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
Dhruvsinhbhati
 
IT Threats and Computer Security
IT Threats and Computer SecurityIT Threats and Computer Security
IT Threats and Computer Security
KongChunLeong1
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
ssuserd1e24b
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
santosh26kumar2003
 
Cybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxCybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptx
Mustafa Amiri
 
Cyber modified
Cyber modifiedCyber modified
Cyber modified
vjom
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
UmaraZahidLecturer
 

Similar to Introduction to information security (20)

End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 
Information security
Information securityInformation security
Information security
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
 
Cyber security 101
Cyber security 101Cyber security 101
Cyber security 101
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
cyber crime and security
cyber crime and securitycyber crime and security
cyber crime and security
 
Internet security
Internet securityInternet security
Internet security
 
Internet Security.pptx
Internet Security.pptxInternet Security.pptx
Internet Security.pptx
 
SAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfSAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdf
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
 
IT Threats and Computer Security
IT Threats and Computer SecurityIT Threats and Computer Security
IT Threats and Computer Security
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
Cybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxCybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptx
 
Cyber modified
Cyber modifiedCyber modified
Cyber modified
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
 

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

Introduction to information security

  • 1. Introduction to Information Security 1. Introduction to Cyber Security 2. Security of a Facility 3. Importance of Network Security 4. Protecting Yourself and Your Information 5. Social Engineering – The Greatest Threat 6. Email – Fool Me Once… 7. How to Defend Against Malicious Websites 8. How to Protect your Mobile Device 9. Good Information Security Practices Introduction to Cyber Security Introduction 1. What is Cyber Security? All the processes and practices we implement to protect networks, computers, applications and data from attacks on the C-I-A triad (Confidentiality, Integrity and Availability) 2. Why Do We Care? Estimates upwards of 250 BILLION dollars of loss associated with Cyber Crime (McAfee estimates almost one trillion. 3. Every year, the Director of National Intelligence publishes an unclassified 11World wide Threat Assessment." The year 201S report was published listing "Cyber ' is the first (and greatest} threat listed. Know Your Enemy 1. Who commits cyber crim 2. ► Organized Crime Traditional mafia is outsourcing cybercrime to Freelance 3. Criminals-Billions of dollars at stake 4. ► Terrorists ISIS attacks on military sites Pose threats to national security secrets, but also the existing 5. infrastructure 6. ► Foreign Nations Stuxnet, Sony attacks 7. ► Insiders Estimated 1.2 Billion in losses 8. ► Hacktivists Anonymous 9. ► Common Thieves Why did you rob the bank? that’s where the money is
  • 2. Protecting your C-1-A, also known as "Covering Your Assets!" ► Confidentiality: Prevent unauthorized disclosure of information ► Integrity: Prevent unauthorized modification of information or files ► Availability: Ensuring timely access to resources Security of a Facility Protect... the Facility ► The safety of our employees is PRIORITY NUMBER ONE! ►Often a successful attack originates with the attacker on the premise ► Attackers can use a physical attack to lower a company's Défense (Sounding the fire alarm, causing the building to be evacuated). ► Regulations/Laws apply even in the event of an emergency. Sensitive Data must continue to be protected ► Physical access can lead to theft, or allow us to launch a network or other attack Importance of Network Security Protect ...the Network ► Network Attacks are the most common technical threat to a network ► Can range from eavesdropping on data transfer to Denial of Service ► Can cause compliance and regulatory issues ► Can lead to compromise of customer data resulting in loss of revenue and law suits ► Our systems can be used to attack others What can we do? ► Use secure protocols when transmitting data {HTTPS instead of HTTP} ► Protect physical access to your system ► Don't connect systems to the network without the knowledge of the security team ► Don't bring media to work from home without prior approval ► Scan all files before download ► Download from trusted sites ► Encrypt mail and other sensitive files
  • 3. Protecting Yourself and Your Information Protect...Identities ► We live in world of information sharing. ► What is Pl!? Personally, Identifiable Information. ► Over 17 million people were victims of identity theft in 2014. this number on the rise. ► Any information that can lead to locating and contacting an individual and identifying that individual uniquely ► Full Name, Mothers maiden Name ► Social Security Number ► Address, Phone Number ► Vehicle Registration Number ► Biometrics ► Other uniquely identifying characteristics LEGEND SOCIAL SECURITY NUMBER PARENT CONTACT INFORMATION CITIZEN (email address, physical address, Telephone and mobile numbers) GOVERNMENT -ISSUED IDENTIFICATION EMPLOYEE (driver’s license, password birth certificate, Library card) BIRTH DATE, BIRTH PLACE CONSUMER ONLINE INFORMATION INVESTOR (facebook, social media passwords, PIN; s) GEOLOCATION PATIENT (smartphones, GPS, camera) VERIFICATION DATA INTERNET USER (mothers maiden name, pet’s and kid’s Names, high school, password’s) MEDICAL RECORDS INFORMATION HOBBYIST (prescriptions, medical records, exams, images) ACCOUNT NUMBER VOLUNTEER (bank, insurance, investments, credit cards)
  • 4. What can We do? ► Secure your social security number (SSN). Don't carry your social security card in your wallet or write your number on your checks. ► Don't respond to unsolicited requests for personal by phone, mail, or online. ► Watch out for shoulder surfers specifically with coded-access to buildings when using ATMs ► Review your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions. ► Shred receipts, credit offers, account statements, and expired cards. to prevent dumpster divers from getting your personal information. ► Store personal information in a safe place at home and at work. ► Install firewalls and virus-detection software on your home computer. What Can We Do?
  • 5. Social Engineering – The Greatest Threat Protect Against…Social Engineering Protect Against...Social Engineering ► Social Engineering may present the greatest threat to confidentiality today ► Phishing ► Pretexting ► Baiting ► Quid Pro Quo ► Tailgating
  • 6. What Can we Do? ► Require multifactor authentication ► Trust no one! ► Follow company policy ► Don't succumb to pressure ► Install anti-malware ► Don't leave valuable information on your desk ► When in doubt, call your security team Email – Fool Me Once… Protect...Against Phony Emails ►Often email attachments are means of distributing malicious code ► Many viruses will "read “an-infected user's email list and replicate itself to those users. Just because an email indicates it originates with a trusted source doesn’t mean that is true ►Often by clicking these links, your system becomes infected and you too, will be propagating 'those links. ►Links may redirect to sites that seem legitimate but are used for phishing
  • 7. What to do? ► DO NOT CLICK ON LINKS IN MESSAGES ► Verify with known parties ► Check the email address-does it really match the text of the email? Use known links and contacts outside those provided in the email ► Do not download files from unsolicited sources ► Watch for poor grammar, misspellings, urgent messages, pleas for money, etc
  • 8. How to Defend Against Malicious Websites Protect...against Malicious websites ►Rogue websites are used to collect information, intercept information, and distribute malicious software ► Browser Hijacking: if a site won't allow you to access any other site, be suspicious! Has your homepage or search engine been modified without your permission. ► Sites inundated with Buy Now offers and pop-ups, indicates trouble. ► Often free downloads install spyware or other applications on your system. ► Sites that say they have Scanned your computer and have detected viruses should always be treated with suspicion ► Poorly built sites where it is difficult to find the information you are looking for. If every link seems to lead to an conduct your business advertisement, find a more legitimate site to contact your business
  • 9.
  • 10. What do we do? ► Avoid suspicious sites ► Don't download files from peer to peer sites ► Use secure protocols (HTTPS) ► Don't IGNORE SECURITY WARNINGS ► Don't change browser security settings unless instructed to do so by the security team How to Protect your Mobile Device Protect…. Mobile Device ►Portability makes them vulnerable ►Application often share information with other application or organizations. ►Contacts and other sensitive information are often available ►Bluetooth is inherently insecure Protect...Mobile Devices ► Use Strong Passwords or passcodes ► Disable Bluetooth when not In use ► Don't enable information sharing between apps unless necessary ► Enable remote wipe function and consider the "Find your device option" ► Backup and protect your data ►Don't connect to a work system or the network unless you have express permission ► Be cautious about what you share-text is not inherently secure ► Download only secure applications ► Don't ''Jallbreak" or root your device. ► Report anything suspicious to the security team
  • 11. Good Information Security Practices Other best Practices ► Always Logoff or lock your system if you leave (even for a minute) ► Keep systems patched and up to date
  • 12. ► Use strong passwords and protect them ► Encrypt sensitive files
  • 13. ► Watch what you share ► Disable insecure mechanisms if possible ► Never let someone have access to your system under your credentials ► Be wary of individuals looking for information or access ► Don't forget physical security ► Report any potential breach to your security team ► THINK THINK THINK!!! Regards, Secure100mb