SlideShare a Scribd company logo

IT security awareness

Download as PPT, PDF
Dr. Ramkumar Lakshminarayanan
Dr. Ramkumar Lakshminarayanan

This document discusses various cybersecurity risks and best practices. It describes how attackers can compromise computers through vulnerabilities in web browsers, applications, and weak user access rights. Common cyber attacks like viruses, worms, Trojans, and botnets are also explained. The document recommends implementing security measures like firewalls, antivirus software, and strong passwords to help defend against these threats. Regular software updates and awareness of social engineering tactics are also emphasized as important aspects of cybersecurity defense.

1 of 34
 The internet allows an attacker to attack from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not followed  According to www.SANS.org , the top vulnerabilities available for a cyber criminal are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks… Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000
Virus Worm Trojan Horse / Logic Bomb Social Engineering Rootkits Botnets / Zombies
 A virus attaches itself to a program, file, or disk  When the program is executed, the virus activates and replicates itself  The virus may be benign or malignant but executes its payload at some point (often upon contact)  Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code infects Program B
Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
Logic Bomb: Malware logic executes upon certain conditions. Program is often used for legitimate reasons. • Software which malfunctions if maintenance fee is not paid • Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system. • Download a game: Might be fun but has hidden part that emails your password file without you knowing.
Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords.
The link provided in the e-mail leads to a fake webpage which collects important information and submits it to the owner. The fake web page looks like the real thing • Extracts account information
 A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies
An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.
 Upon penetrating a computer, a hacker installs a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)  Keystroke logger  Eliminates evidence of break-in  Modifies the operating system
Pattern Calculation Result Time to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
 Symptoms:  Antivirus software detects a problem  Pop-ups suddenly appear (may sell security software)  Disk space disappears  Files or transactions appear that should not be there  System slows down to a crawl  Unusual messages, sounds, or displays on your monitor  Stolen laptop (1 in 10 stolen in laptop lifetime)  Your mouse moves by itself  Your computer shuts down and powers off by itself  Often not recognized
Spyware symptoms: • Change to your browser homepage/start page • Ending up on a strange site when conducting a search • System-based firewall is turned off automatically • Lots of network activity while not particularly active • Excessive pop-up windows • New icons, programs, favorites which you did not add • Frequent firewall alerts about unknown programs trying to access the Internet • Bad/slow system performance
Defense in depth uses multiple layers of defense to address technical, personnel and operational issues.
Anti-virus software detects malware and can destroy it before any damage is done Install and maintain anti-virus and anti-spyware software Be sure to keep anti-virus software updated Many free and pay options exist
A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer. Filters packets that enter or leave your computer
 Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator
Merry Christmas Bad Password (Intertwine Letters) Good Password Merry Xmas (Lengthen) MerryChrisToYou MerChr2You mErcHr2yOu MerryJul MaryJul Mary*Jul (Keypad shift Right …. Up) ,stuzc,sd Jq46Sjqw (Abbreviate) (Synonym) (convert vowels to numeric) M5rryXm1s MXemrays Glad*Jes*Birth
Combine 2 unrelated words Mail + phone = m@!lf0n3 Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u
Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin A good password is: • private: it is used and known by one person only • secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal • easily remembered: so there is no need to write it down • at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation • not guessable by any program in a reasonable time, for instance less than one week. • changed regularly: a good change policy is every 3 months Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust.
 Be sure to have a good firewall or pop-up blocker installed  Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.  Never click “yes,” “accept” or even “cancel”  Infected USB drives are often left unattended by hackers in public places.
 Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security
 No security measure is 100%  What information is important to you?  Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?
 Organizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)  Average scheme lasts 18 months, costs $159,000  25% costs exceed $1M  Smaller companies suffer greater average $ losses than large companies Internal Fraud Recovery $0 Recovered Recovery<=25% Substantial Recovery
40 35 30 25 20 15 10 5 0 Tip By Accident Internal Audit Internal Controls External Audit Notified by Tips are most common way fraud is discovered. Tips come from: • Employee/Coworkers 64%, • Anonymous 18%, • Customer 11%, • Vendor 7% If you notice possible fraud, CONTACT: ?????????? Police % How Fraud is Discovered
Additional Slides to insert How is information security confidentiality to be handled? Show table of how information confidentiality is categorized and treated. Is there specific legal actions all employees should be concerned with? Physical security – how are the rooms laid out and how is security handled? Handling information at home on home computer – any special restrictions? On fraud slide, specify contact if fraud is suspected.
These are best practices involving Information Security. • Most of these practices are from the National Institute of Standards and Technology. Use these practices at home and at work to keep safe and secure. Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.

Recommended

End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Arjith K Raj
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 

Recommended

End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Arjith K Raj
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Computer security
Computer securityComputer security
Computer security
Ayesha Arshad
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101Progressive Integrations
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Soo Chin Hock
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 
Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)
Dr. Ramkumar Lakshminarayanan
 

More Related Content

What's hot

Computer security
Computer securityComputer security
Computer security
Ayesha Arshad
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Soo Chin Hock
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Computer security
Computer securityComputer security
Computer security
Univ of Salamanca
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam
 

What's hot (20)

Computer security
Computer securityComputer security
Computer security
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Computer security
Computer securityComputer security
Computer security
 
Computer security
Computer securityComputer security
Computer security
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 

Viewers also liked

Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)
Dr. Ramkumar Lakshminarayanan
 
Windows mobile programming
Windows mobile programmingWindows mobile programming
Windows mobile programming
Dr. Ramkumar Lakshminarayanan
 
Create Android App using web view (in tamil)
Create Android App using web view (in tamil)Create Android App using web view (in tamil)
Create Android App using web view (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Hardware Interface in Android (in tamil)
Hardware Interface in Android (in tamil)Hardware Interface in Android (in tamil)
Hardware Interface in Android (in tamil)
Dr. Ramkumar Lakshminarayanan
 

Viewers also liked (6)

Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)Creating Sample Android App (in tamil)
Creating Sample Android App (in tamil)
 
Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)Android app - Creating Live Wallpaper (tamil)
Android app - Creating Live Wallpaper (tamil)
 
Windows mobile programming
Windows mobile programmingWindows mobile programming
Windows mobile programming
 
Create Android App using web view (in tamil)
Create Android App using web view (in tamil)Create Android App using web view (in tamil)
Create Android App using web view (in tamil)
 
Hardware Interface in Android (in tamil)
Hardware Interface in Android (in tamil)Hardware Interface in Android (in tamil)
Hardware Interface in Android (in tamil)
 
Normalisation revision
Normalisation revisionNormalisation revision
Normalisation revision
 

Similar to IT security awareness

UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.ppt
DiveshK4
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information Security
WorldTrade3
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
CAS
 
User security awareness
User security awarenessUser security awareness
User security awareness
K. A. M Lutfullah
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
RajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
ssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
sumita02
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101
Mache Aggie
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
Faith Shimba
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
ssuser04fcec
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Adeel Younas
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Joel May
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital Security
Richard Homa
 
Securing Your Small Business Network
Securing Your Small Business NetworkSecuring Your Small Business Network
Securing Your Small Business Network
Anindita Ghatak
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
Daniel Versola
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
Muniba Bukhari
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
NorthCoastHDI
 

Similar to IT security awareness (20)

UserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.pptUserSecurityAwarenessUniversityTemplate.ppt
UserSecurityAwarenessUniversityTemplate.ppt
 
End User Security Awareness - Information Security
End User Security Awareness - Information SecurityEnd User Security Awareness - Information Security
End User Security Awareness - Information Security
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Genysis security 101
Genysis security 101Genysis security 101
Genysis security 101
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!Viruses Spyware and Spam, Oh My!
Viruses Spyware and Spam, Oh My!
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
CSC103 Digital Security
CSC103 Digital SecurityCSC103 Digital Security
CSC103 Digital Security
 
Securing Your Small Business Network
Securing Your Small Business NetworkSecuring Your Small Business Network
Securing Your Small Business Network
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 

More from Dr. Ramkumar Lakshminarayanan

IT Security Awareness Posters
IT Security Awareness PostersIT Security Awareness Posters
IT Security Awareness Posters
Dr. Ramkumar Lakshminarayanan
 
Concurrency control
Concurrency controlConcurrency control
Concurrency control
Dr. Ramkumar Lakshminarayanan
 
Web technology today
Web technology todayWeb technology today
Web technology today
Dr. Ramkumar Lakshminarayanan
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
Dr. Ramkumar Lakshminarayanan
 
Phonegap for Android
Phonegap for AndroidPhonegap for Android
Phonegap for Android
Dr. Ramkumar Lakshminarayanan
 
Create and Sell Android App (in tamil)
Create and Sell Android App (in tamil)Create and Sell Android App (in tamil)
Create and Sell Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Android Tips (Tamil)
Android Tips (Tamil)Android Tips (Tamil)
Android Tips (Tamil)
Dr. Ramkumar Lakshminarayanan
 
Android Animation (in tamil)
Android Animation (in tamil)Android Animation (in tamil)
Android Animation (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Creating List in Android App (in tamil)
Creating List in Android App (in tamil)Creating List in Android App (in tamil)
Creating List in Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Single Touch event view in Android (in tamil)
Single Touch event view in Android (in tamil)Single Touch event view in Android (in tamil)
Single Touch event view in Android (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Android Application using seekbar (in tamil)
Android Application using seekbar (in tamil)Android Application using seekbar (in tamil)
Android Application using seekbar (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Rating Bar in Android Example
Rating Bar in Android ExampleRating Bar in Android Example
Rating Bar in Android Example
Dr. Ramkumar Lakshminarayanan
 
Creating Image Gallery - Android app (in tamil)
Creating Image Gallery - Android app (in tamil)Creating Image Gallery - Android app (in tamil)
Creating Image Gallery - Android app (in tamil)
Dr. Ramkumar Lakshminarayanan
 
GPS in Android (in tamil)
GPS in Android (in tamil)GPS in Android (in tamil)
GPS in Android (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Using many languages in single Android App (in tamil)
Using many languages in single Android App (in tamil)Using many languages in single Android App (in tamil)
Using many languages in single Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
SQLite in Android App (in tamil)
SQLite in Android App (in tamil)SQLite in Android App (in tamil)
SQLite in Android App (in tamil)
Dr. Ramkumar Lakshminarayanan
 
Shared Preference in Android App
Shared Preference in Android AppShared Preference in Android App
Shared Preference in Android App
Dr. Ramkumar Lakshminarayanan
 
Data Storage in Android App
Data Storage in Android AppData Storage in Android App
Data Storage in Android App
Dr. Ramkumar Lakshminarayanan
 

More from Dr. Ramkumar Lakshminarayanan (20)

Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
 
IT Security Awareness Posters
IT Security Awareness PostersIT Security Awareness Posters
IT Security Awareness Posters
 
Concurrency control
Concurrency controlConcurrency control
Concurrency control
 
Web technology today
Web technology todayWeb technology today
Web technology today
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
 
Phonegap for Android
Phonegap for AndroidPhonegap for Android
Phonegap for Android
 
Create and Sell Android App (in tamil)
Create and Sell Android App (in tamil)Create and Sell Android App (in tamil)
Create and Sell Android App (in tamil)
 
Android Tips (Tamil)
Android Tips (Tamil)Android Tips (Tamil)
Android Tips (Tamil)
 
Android Animation (in tamil)
Android Animation (in tamil)Android Animation (in tamil)
Android Animation (in tamil)
 
Creating List in Android App (in tamil)
Creating List in Android App (in tamil)Creating List in Android App (in tamil)
Creating List in Android App (in tamil)
 
Single Touch event view in Android (in tamil)
Single Touch event view in Android (in tamil)Single Touch event view in Android (in tamil)
Single Touch event view in Android (in tamil)
 
Android Application using seekbar (in tamil)
Android Application using seekbar (in tamil)Android Application using seekbar (in tamil)
Android Application using seekbar (in tamil)
 
Rating Bar in Android Example
Rating Bar in Android ExampleRating Bar in Android Example
Rating Bar in Android Example
 
Creating Image Gallery - Android app (in tamil)
Creating Image Gallery - Android app (in tamil)Creating Image Gallery - Android app (in tamil)
Creating Image Gallery - Android app (in tamil)
 
GPS in Android (in tamil)
GPS in Android (in tamil)GPS in Android (in tamil)
GPS in Android (in tamil)
 
Using many languages in single Android App (in tamil)
Using many languages in single Android App (in tamil)Using many languages in single Android App (in tamil)
Using many languages in single Android App (in tamil)
 
SQLite in Android App (in tamil)
SQLite in Android App (in tamil)SQLite in Android App (in tamil)
SQLite in Android App (in tamil)
 
Shared Preference in Android App
Shared Preference in Android AppShared Preference in Android App
Shared Preference in Android App
 
Data Storage in Android App
Data Storage in Android AppData Storage in Android App
Data Storage in Android App
 
Part 7
Part 7Part 7
Part 7
 

Recently uploaded

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 

Recently uploaded (20)

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 

IT security awareness

  • 1.
  • 2.  The internet allows an attacker to attack from anywhere on the planet.  Risks caused by poor security knowledge and practice:  Identity Theft  Monetary Theft  Legal Ramifications (for yourself and companies)  Termination if company policies are not followed  According to www.SANS.org , the top vulnerabilities available for a cyber criminal are:  Web Browser  IM Clients  Web Applications  Excessive User Rights
  • 3. Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology.
  • 4.
  • 5. Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users who know how to execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Criminals: Create & sell bots -> spam Sell credit card numbers,… System Administrators Some scripts are useful to protect networks… Malware package=$1K-2K 1 M Email addresses = $8 10,000 PCs = $1000
  • 6. Virus Worm Trojan Horse / Logic Bomb Social Engineering Rootkits Botnets / Zombies
  • 7.  A virus attaches itself to a program, file, or disk  When the program is executed, the virus activates and replicates itself  The virus may be benign or malignant but executes its payload at some point (often upon contact)  Viruses result in crashing of computers and loss of data.  In order to recover/prevent virus/attacks:  Avoid potentially unreliable websites/emails  System Restore  Re-install operating system  Anti-virus (i.e. Avira, AVG, Norton) Program A Extra Code infects Program B
  • 8. Independent program which replicates itself and sends copies from computer to computer across network connections. Upon arrival the worm may be activated to replicate. To Joe To Ann To Bob Email List: Joe@gmail.com Ann@yahoo.com Bob@uwp.edu
  • 9. Logic Bomb: Malware logic executes upon certain conditions. Program is often used for legitimate reasons. • Software which malfunctions if maintenance fee is not paid • Employee triggers a database erase when he is fired. Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system. • Download a game: Might be fun but has hidden part that emails your password file without you knowing.
  • 10. Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Phone Call: This is John, the System Admin. What is your password? Email: ABC Bank has noticed a problem with your account… In Person: What ethnicity are you? Your mother’s maiden name? and have some software patches I have come to repair your machine…
  • 11. Phishing: a ‘trustworthy entity’ asks via e-mail for sensitive information such as SSN, credit card numbers, login IDs or passwords.
  • 12. The link provided in the e-mail leads to a fake webpage which collects important information and submits it to the owner. The fake web page looks like the real thing • Extracts account information
  • 13.  A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.  The compromised computers are called zombies
  • 14. An attacker pretends to be your final destination on the network. If a person tries to connect to a specific WLAN access point or web server, an attacker can mislead him to his computer, pretending to be that access point or server.
  • 15.  Upon penetrating a computer, a hacker installs a collection of programs, called a rootkit.  May enable:  Easy access for the hacker (and others)  Keystroke logger  Eliminates evidence of break-in  Modifies the operating system
  • 16. Pattern Calculation Result Time to Guess (2.6x1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second 4 chars: lower case alpha 264 5x105 8 chars: lower case alpha 268 2x1011 8 chars: alpha 528 5x1013 8 chars: alphanumeric 628 2x1014 3.4 min. 8 chars alphanumeric +10 728 7x1014 12 min. 8 chars: all keyboard 958 7x1015 2 hours 12 chars: alphanumeric 6212 3x1021 96 years 12 chars: alphanumeric + 10 7212 2x1022 500 years 12 chars: all keyboard 9512 5x1023 16 chars: alphanumeric 6216 5x1028
  • 17.  Symptoms:  Antivirus software detects a problem  Pop-ups suddenly appear (may sell security software)  Disk space disappears  Files or transactions appear that should not be there  System slows down to a crawl  Unusual messages, sounds, or displays on your monitor  Stolen laptop (1 in 10 stolen in laptop lifetime)  Your mouse moves by itself  Your computer shuts down and powers off by itself  Often not recognized
  • 18. Spyware symptoms: • Change to your browser homepage/start page • Ending up on a strange site when conducting a search • System-based firewall is turned off automatically • Lots of network activity while not particularly active • Excessive pop-up windows • New icons, programs, favorites which you did not add • Frequent firewall alerts about unknown programs trying to access the Internet • Bad/slow system performance
  • 19.
  • 20. Defense in depth uses multiple layers of defense to address technical, personnel and operational issues.
  • 21. Anti-virus software detects malware and can destroy it before any damage is done Install and maintain anti-virus and anti-spyware software Be sure to keep anti-virus software updated Many free and pay options exist
  • 22. A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer. Filters packets that enter or leave your computer
  • 23.  Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers.  The Windows Update feature built into Windows can be set up to automatically download and install updates.  Avoid logging in as administrator
  • 24. Merry Christmas Bad Password (Intertwine Letters) Good Password Merry Xmas (Lengthen) MerryChrisToYou MerChr2You mErcHr2yOu MerryJul MaryJul Mary*Jul (Keypad shift Right …. Up) ,stuzc,sd Jq46Sjqw (Abbreviate) (Synonym) (convert vowels to numeric) M5rryXm1s MXemrays Glad*Jes*Birth
  • 25. Combine 2 unrelated words Mail + phone = m@!lf0n3 Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u
  • 26. Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin A good password is: • private: it is used and known by one person only • secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal • easily remembered: so there is no need to write it down • at least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation • not guessable by any program in a reasonable time, for instance less than one week. • changed regularly: a good change policy is every 3 months Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
  • 27. Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust.
  • 28.  Be sure to have a good firewall or pop-up blocker installed  Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the upper corner.  Never click “yes,” “accept” or even “cancel”  Infected USB drives are often left unattended by hackers in public places.
  • 29.  Always use secure browser to do online activities.  Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security
  • 30.  No security measure is 100%  What information is important to you?  Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?
  • 31.  Organizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)  Average scheme lasts 18 months, costs $159,000  25% costs exceed $1M  Smaller companies suffer greater average $ losses than large companies Internal Fraud Recovery $0 Recovered Recovery<=25% Substantial Recovery
  • 32. 40 35 30 25 20 15 10 5 0 Tip By Accident Internal Audit Internal Controls External Audit Notified by Tips are most common way fraud is discovered. Tips come from: • Employee/Coworkers 64%, • Anonymous 18%, • Customer 11%, • Vendor 7% If you notice possible fraud, CONTACT: ?????????? Police % How Fraud is Discovered
  • 33. Additional Slides to insert How is information security confidentiality to be handled? Show table of how information confidentiality is categorized and treated. Is there specific legal actions all employees should be concerned with? Physical security – how are the rooms laid out and how is security handled? Handling information at home on home computer – any special restrictions? On fraud slide, specify contact if fraud is suspected.
  • 34. These are best practices involving Information Security. • Most of these practices are from the National Institute of Standards and Technology. Use these practices at home and at work to keep safe and secure. Employers have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers.

Editor's Notes

  1. Security: The way in which we protect access to our computers and information. E.g. Anti-virus software, firewall Safety: The we behave while using the internet. E.g. Safe email behavior, safe software downloading behavior Stress the difference and the importance of both together to provide a safe and secure computing environment.
  2. Users must be aware of the threats that exist in order to properly detect and prevent them.
  3. Each of these will be covered thoroughly in the slides that follow.
  4. Viruses Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its operation, and to copy, corrupt or delete your data. These malicious software programs are called viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet. Computer viruses are often hidden in what appear to be useful or entertaining programs or e-mail attachments, such as computer games, video clips or photos. Many such viruses are spread inadvertently by computer users, who unwittingly pass them along in e-mail to friends and colleagues.
  5. Worms Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking control of certain software programs on your PC, such as email.
  6. Logic Bomb Malware that destroys data when certain conditions are met. E.g., it may format a hard drive or change data files (possibly by inserting random bits of data) on a particular date or time or if a certain employee record is missing from the employee database. Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination. Trojan Horses A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A Trojan horse can be used to set up back door in a computer system so that the intruder can gain access later. The name refers to the horse from the Trojan War, with similar function of deceiving defenders into bringing an intruder inside.
  7. Social Engineering can occur in-person, over the phone, in emails or fake web pages. Social Engineering: non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. The next two slides discuss two types of Social Engineering: phishing and pharming.
  8. Phishing: A type of Social Engineering. The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
  9. Pharming: Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website.
  10. When your computer becomes infected, it is likely to become a bot. Because attacks are international, they are hard to eliminate. Zombie: a compromised computer which may host pornography, illegal music and/or movies Botnet: a “zombie army,” or collection of compromised computers, zombies, used to send out spam, viruses or distributed denial of service attacks.
  11. RootKit: A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
  12. This chart shows the different combinations of passwords and password lengths and how long a dictionary attack or brute force attack would take to guess the password. Discussion of proper password creation and change techniques will occur later in the User Practices section of the presentation. At this stage just discuss the attacks and comparisons to password lengths and patterns. Brute Force Attack: A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. Dictionary Attack: An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.
  13. What are the best practices to avoid all the threats we have been discussing?
  14. Attackers are always creating new viruses, so it is important that anti-virus software stay updated. Anti-virus and anti-spyware software should be updated on a regular basis. Anti-virus should be set to auto update at 12 midnight and then do a scan at 12:30. Anti-spyware should be set to auto update at 2:30 am and then a full system scan should be done at 3:00 am, this procedure makes sure that only one activity is performed at a time. If the employees work from home, they should also have anti-virus and anti-spyware installed on their home computers.
  15. Windows has a firewall built-in. Be sure to always have it on. It is necessary to have software firewalls on each computer even if you have a hardware firewall protecting your network. If your hardware firewall is compromised by a hacker or by malicious code of some kind, you don’t want the intruder or malicious program to have unlimited access to your computers and the information on those computers. Every computer in the network should have its own software firewall enabled. The Microsoft operating system has an built-in firewall, which can be easily located in the control panel. Ensure it is always turned on. For other commercial operating system, the operations manual should have instructions about the firewall options. For an added layer of security, commercial firewall software can be installed.
  16. Windows has automatic update features that should be turned on. Operating system should be regularly updated with the latest patches and updates provided by the vendors. Major software applications like Microsoft Office should also be regularly updated. Other installed business applications should also be updated on a regular basis. Never use an admin account to surf the web, since in case of a compromise the malicious code would have admin rights.
  17. Bad passwords on top, good passwords on bottom. Start with a word(s) and do some changes such as: abbreviating, keypad shift, intertwine letters, synonyms, etc.
  18. Other password creation techniques: Combining words using symbols and numbers Abbreviating a phrase Using music lyrics, poems or quotes
  19. Good password techniques: Private: tell no one your password Secret: never write your password down Easily remembered: use something you know well, then change slightly as mentioned previously Secure combination of letters, numbers and symbols Change your password at least every three months Watch for shoulder surfers or other physical techniques to gain password
  20. Email Attachments Attachments should be opened only from trusted senders. If you are not expecting an email attachment from the sender, it’s a good idea to call and confirm, before opening the attachment. Spam email often asks for sensitive information. Links in emails Never click on link in email attachment, except only when you are expecting it. If you are not expecting an email link from the sender, it’s a good idea to call and confirm, before clicking the email link. If you hover the cursor over an email’s web link description, the link should be displayed on the bottom of the browser. Make sure both of them match. Trustworthy Web Pages Software download should be done only from trusted websites like Microsoft for Windows updates and Office application updates. Avoid downloading and using freeware or shareware, since most of them either don’t come with technical support or full functionality.
  21. A pop-up blocker should be installed (many browsers have them as add-ons), but they do not always block all pop-ups Do not respond to pop ups while working online. For example, a malicious pop up message may say that you have a virus on the system. Close it by clicking on X in the upper right corner. If you click OK, it might install spyware or other malicious code.’ Infected USB drives are often left unattended by hackers in public places. They intend for unsuspecting people to take the USB home or to the office and unknowingly install the worm or malicious code.
  22. Always use secure browser to do online activities. Frequently delete temp files, cookies, history, saved passwords etc. Look for https and/or lock or secure symbol
  23. Backup should be done (at least)once a week. If possible, store to a removable media. The removable media should be big enough to hold 52 weeks of backup (e.g., 500GB). Do a full backup once a month and store it in offsite location. This would be useful in case of a disaster in your office (fire, theft, flood, etc). On the removable media create 12 folders for each month. Backup data should be tested periodically to ensure reliability.
  24. Tips on fraud are most frequent method of discovering it. The percentages given for where the tips come from are percentages of total tips, not total fraud discoveries.