I will be giving this presentation on IT Security, for healthcare professionals, at the Health Sciences Learning Center, University of Wisconsin-Madison, School of Medicine and Public Health, tomorrow morning, at 11:00 CST. It will be held in room #1325 and is open to the public. I hope to see you there.
On Tuesday, Novermber 13th, at 11:00 AM, I will be giving this presentation to faculty and staff at the University of Wisconsin-Madison, School of Medicine and Public Health, at the Health Sciences Learning Center (HSLC), next to UW Hospital. IT Security and Healthcare, go together, like chocolate and peanut butter!
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
On Tuesday, Novermber 13th, at 11:00 AM, I will be giving this presentation to faculty and staff at the University of Wisconsin-Madison, School of Medicine and Public Health, at the Health Sciences Learning Center (HSLC), next to UW Hospital. IT Security and Healthcare, go together, like chocolate and peanut butter!
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
This wonderful presentation, appropriate for teens and young adults, was created by Symantec's Rayane Hazimeh for the Dubai Techfest, 2013. We thank her for generously sharing her content with the SlideShare community.
3 aspects where the 'virtual world' interacts now and in the future with us in a very real way.
. Thought Works Introduction to Blockchain
. Cyber Security
. Cloud Accounting
Coverage of the following topics: Tech growth, social media, Internet of things, how business are using social media in HR, how people expose their information online, privacy, the ramifications of your online life, how criminals, terrorist, governments and organizations use your online information, cyberbullying, data breaches, and Hacktivisim.
Data security best practices for risk awareness and mitigationNick Chandi
Presented by an expert in data security with more than 20 years of experience. Provides an overview of which types of companies and institutions have been targeted by ransomware and malware, how these attacks can happen and what businesses can do to protect themselves.
About The AIPMM
The Association of International Product Marketing and Management (AIPMM), founded in 1998, promotes worldwide excellence in product management education and provides training, education, certification and professional networking opportunities. With members in 65 countries, the AIPMM is the Worldwide Certifying Body of product team professionals and offers globalized trainings and credentials localized for specific markets designed to meet the challenges of a constantly changing business landscape. As the only professional organization that addresses the entire product lifecycle from inception to obsolescence in any industry, the AIPMM supports strategic partners with offerings in Europe, the Middle East, Australia, and SouthEast Asia, as well as North America.
AIPMM Membership benefits include the national Product Management Educational Conference, regional conferences, the Career Center, peer Forums, tools, templates, publications and eligibility to enroll in the Certification Programs. The Agile Certified Product Manager® (ACPM), Certified Product Manager® (CPM), Certified Product Marketing Manager® (CPMM), Certified Brand Manager® (CBM), and Certified Innovation Leader (CIL) programs allow individual members to demonstrate their level of expertise and provide corporate members an assurance that their product professionals are operating at peak performance.
http://www.AIPMM.com
Subscribe: http://www.aipmm.com/subscribe
LinkedIn: http://www.linkedin.com/company/aipmm
Membership: http://www.aipmm.com/join.php
Certification: http://aipmm.com/html/certification
Webinar Series: http://aipmm.com/aipmm_webinars/
Articles: http://www.aipmm.com/html/newsletter/article.php
Presentation by Dominic White at ISSA in 2010.
This presentation is about online privacy.
The presentation begins with a look at what privacy is. Where online privacy leaks occur and the implications of the leaks are discussed. The presentation ends with a brief discussion on how you can protect your online privacy.
It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
SharePoint’s rapid adoption is undeniable but it raises one important question: What security capabilities did Microsoft implement to ensure that SharePoint--and the data it houses--remains secure? SharePoint’s functionality was built for business users to share information. However, business users don’t typically recognize critical security considerations. This leaves security teams with the task of layering security onto SharePoint well after deployments, or worse, after a data breach. These presentation slides highlight SharePoint use cases and potential security issues , offer best practices for SharePoint security planning and management, and provide key mitigation steps that enterprises implement to minimize the odds of a data breach.
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
Coverage of the following topics: Tech growth, social media, Internet of things, how business are using social media in HR, how people expose their information online, privacy, the ramifications of your online life, how criminals, terrorist, governments and organizations use your online information, cyberbullying, data breaches, and Hacktivisim.
Data security best practices for risk awareness and mitigationNick Chandi
Presented by an expert in data security with more than 20 years of experience. Provides an overview of which types of companies and institutions have been targeted by ransomware and malware, how these attacks can happen and what businesses can do to protect themselves.
About The AIPMM
The Association of International Product Marketing and Management (AIPMM), founded in 1998, promotes worldwide excellence in product management education and provides training, education, certification and professional networking opportunities. With members in 65 countries, the AIPMM is the Worldwide Certifying Body of product team professionals and offers globalized trainings and credentials localized for specific markets designed to meet the challenges of a constantly changing business landscape. As the only professional organization that addresses the entire product lifecycle from inception to obsolescence in any industry, the AIPMM supports strategic partners with offerings in Europe, the Middle East, Australia, and SouthEast Asia, as well as North America.
AIPMM Membership benefits include the national Product Management Educational Conference, regional conferences, the Career Center, peer Forums, tools, templates, publications and eligibility to enroll in the Certification Programs. The Agile Certified Product Manager® (ACPM), Certified Product Manager® (CPM), Certified Product Marketing Manager® (CPMM), Certified Brand Manager® (CBM), and Certified Innovation Leader (CIL) programs allow individual members to demonstrate their level of expertise and provide corporate members an assurance that their product professionals are operating at peak performance.
http://www.AIPMM.com
Subscribe: http://www.aipmm.com/subscribe
LinkedIn: http://www.linkedin.com/company/aipmm
Membership: http://www.aipmm.com/join.php
Certification: http://aipmm.com/html/certification
Webinar Series: http://aipmm.com/aipmm_webinars/
Articles: http://www.aipmm.com/html/newsletter/article.php
Presentation by Dominic White at ISSA in 2010.
This presentation is about online privacy.
The presentation begins with a look at what privacy is. Where online privacy leaks occur and the implications of the leaks are discussed. The presentation ends with a brief discussion on how you can protect your online privacy.
It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
SharePoint’s rapid adoption is undeniable but it raises one important question: What security capabilities did Microsoft implement to ensure that SharePoint--and the data it houses--remains secure? SharePoint’s functionality was built for business users to share information. However, business users don’t typically recognize critical security considerations. This leaves security teams with the task of layering security onto SharePoint well after deployments, or worse, after a data breach. These presentation slides highlight SharePoint use cases and potential security issues , offer best practices for SharePoint security planning and management, and provide key mitigation steps that enterprises implement to minimize the odds of a data breach.
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls.
BIO
Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.
Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions. Android continues to be a primary target for malware attacks due to its market share and open source architecture.
Nowadays, several behaviour-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices but only about 30 percent of all Android smart phones and tablets have security apps installed.
At DeepSec 2013 Jaime Sanchez (@segofensiva) will present AndroIDS, a signature-based intrusion detection system (IDS) and intrusion prevention system (IPS) that protects your mobile phone by examining headers and contents of all packets entering or leaving it. It will raise alerts or will drop packets when it sees suspicious headers or payloads.
This open source network-based intrusion detection/protection system is being presented as a solution that will provide a high return on investment based on visibility, control, and uptime.
It has the ability to perform real-time traffic analysis and packet logging on networks, featuring:
Protocol analysis, focusing on the examination of values within IP, TCP, UDP and ICMP headers
Content searching & matching, by analyzing every incoming packet against a database of rules; each rule represents the signature of a security exploit.
The framework architecture consists of:
Sensor: runs continuously without human supervision and is capable of analyzing traffic in real time (imposing minimal overhead), sending push alerts to the Android device in order to warn the user about the threat and reports to the Logging Server.
Server: runs inside a Linux Box, and receives all the messages the sensor is sending. It’s also responsible for sending updated signatures to remote devices, storing events in the database, detecting statistical anomalies and for real-time analysis.
The IDS rule language is powerful enough to represent current and future security exploits accurately and very precisely. With the help of custom build signatures, the framework can also be used to detect all kind of attacks designed for mobile devices like the USSD exploit, Webkit remote code execution exploits, DoS attacks or the meterpreter module for Android. IDS rule language converts Snort-like rules to an AndroIDS friendly format. It has also some interesting modules that let users cheat the operating system fingerprinting attempts by sending up to 16 TCP, UDP, and ICMP responses to nmap’s probes or changing the TCP header fields to avoid pof’s detection engine.
Android mobile users should start taking security seriously…
Unique.! This is professional, clean, creative, simple presentation template..Buddy Prescinton
This is Powerpoint Presentation Template for you that you need unique, professional, clean, creative, simple presentation template. All slides designed using great style. All element easy to edit and you can easily change the color to match it with your personal or company brand. Mevo has 100 unique slide (team, portfolio, chart, infographics, map, table, timeline, etc)
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
The Masterclass on Safeguarding Your Digital World, Outsmart Scammers and Protect Your Online Identity was presented by Richard Mawa Michael an awardee of the Ingressive 4 Good Cybersecurity Scholarship. He presented to South Sudanese audience on Saturday 02 September 2023 from 1 PM to 3 PM Central African Time in a session convened by the Excellence Foundation for South Sudan
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
For academic purposes only.
Sources of information are compiled and indicated in the Reference section of the presentation. Images or pictures are obtained from Google search.
Webinar: How to avoid the 12 Scams of ChristmasAbilityNet
In the webinar you can learn how to protect yourself and elderly people often most at risk from the most common online scams that can be especially rife around the festive season.
But anyone can become a victim of digital scams. They are a growing problem in the UK and criminals are using social media, email, and messaging services to target their victims.
Worrying about falling victim to online criminals can, understandably, make some people reluctant to engage in the online world. Recent research from BT Group* highlighted that some older internet users may be less familiar with the online world than others, so this webinar aims to provide valuable tips to vulnerable groups who may not be as online savvy as others.
The benefits of getting online can really make a positive difference to everyone's lives, so stay safe by learning about the common tactics that are used to attempt to fool us all.
What you'll learn:
In this free webinar, speakers from Greater Manchester Police and AbilityNet will share their expertise to help you:
Learn about common online scams to be aware of, particularly over the festive period
Arm yourself with background knowledge about what to avoid
Find out about some of the warning signs
Find out more at: www.abilitynet.org.uk/ScamsWebinar
How To Keep the Grinch From Ruining Your Cyber MondayMichele Chubirka
Ready to avoid crowded stores and online scammers during the holidays? Join Michele Chubirka as she goes through:
-Tips for safe online shopping and securing your banking information
-Protecting yourself from internet scams, phishing and fraud
Safeguard your personal information against identity theft
-How to use Anti-virus and other security software to keep your digital information safe.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
In today's ever-evolving cybersecurity landscape, organizations face an increasing number of threats. Conducting a NIST Cybersecurity Framework (CSF) assessment can be a valuable tool to identify, manage, and mitigate these risks. Let's explore how it can benefit your organization.
A NIST CSF assessment is not just about compliance; it's about proactively managing your cybersecurity posture. By identifying and addressing your vulnerabilities, you can reduce the likelihood and impact of cyberattacks. Additionally, the framework can help you communicate your security efforts effectively to internal and external stakeholders.
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
Today, is Information Systems 371, I am lecturing about Decision Support Systems. In addition to covering the basics at a conceptual level, I am trying to get the students to think about the impact of IoT, 5G, and Artificial Intelligence, in terms of how Decision Support Systems are changing and what the new demands placed upon them will be.
During the Spring semester, I teach a 3 credit survey course in software development, at UW-Madison (IS 371), which is the first in the series of courses in the Information Systems major track. As part of this course, I devote an entire lecture to discussing different types of software development (Agile, Waterfall, Extreme, Spiral, etc.) I hope it helps the students better understand the different types of software development styles, as well as the benefits and drawbacks of each. In my opinion, they need to learn early on that there is more than one way to go about a software development challenge, and they need to figure out which style works best for them.
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
Today, in class, I will be covering the topics of Cloud and BYOD Information Security. The intent of the lecture is to introduce students to the general issues surrounding information security in these two areas.
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
A presentation about cyberwar basics, the past, present and future directions of cyberwar and some needed changes in technology and long standing societal attitudes, to combat this escalating threat
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
Last day of lecture, a summary presentation of everything the students learned this semester, in the information security class I teach at the University of Wisconsin-Madison
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
Absorbing information does no good, unless you are able to apply what you have learned. Each semester, I give my information security students a team project, in which they must use all the knowledge acquired during the semester, in combination with their ability to do Internet research, to deliver an overall information security assessment of a company of their choosing. To make it a challenge, I make them grade all the other teams in the class, but only give them enough points to distribute so that the average is 90. In grading their peers, they must make decisions about which presentations are excellent, and which are not.
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
Horrible things happen on the Deep Web. It is important for information security professionals to know about this topic, so that we can help to stop the problem. Silence is acquiescence----If you see something horribly wrong, you have got to speak up and be part of the solution to stop it. Contact the FBI or local law enforcement.
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
The final assignment in the Information Security 365/765 course I teach at UW-Madison, is for teams of students to put together company focused IT security presentations, in which they take the concepts learned in class throughout the entire semester, and apply them to a real company. Here is a sample from Team Netflix! I am proud of the students, and feel that they have gained a solid foundation in the field of information security. Another semester come and gone!
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
This presentation is a summary, for the students of the IS 365/765 course I teach, at the University of Wisconsin-Madison, providing a 104 slide reminder of the most important topics in Information Security, which we covered throughout the semester. Today is the last day of course material. We have 4 days of student team presentations, to follow.
A general education presentation, created to teach employees of an organization about Phishing, what it is, how to recognize it, avoid becoming a phishing victim, how to recognize common social engineering techniques, and what to do if you think you have been phished.
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
Today's topic in the Information Security 365/765 class, which I teach at the University of Wisconsin-Madison.
Computer crimes and computer laws, Motives and profiles of attackers, Various types of evidence, Laws and acts to fight computer crime, Computer crime investigation process, Incident handling procedures, Ethics and best practices
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
It Security For Healthcare
1. The Wild, Wild Web
-
Social Engineering,
Malware and Security
Awareness
-
Nicholas Davis
MBA, CISA, CISSP
DoIT Security
November 13, 2012
Free Powerpoint Templates
Page 1
2. Introduction
• Background
• Thank you for the invitation
• Today’s Topic, Malware, Social
Engineering and overall Security
Awareness
• Importance to the healthcare field
• Pretexting
• Phishing
• QR Code Danger
• Social Networks
• Passwords
• Malware
• Baiting
• Identity Theft: How, Avoiding,
Responding
• Physical Security
• Sharing of information with the public
Free Powerpoint Templates
Page 2
3. Technology Is Not
The Answer
Strong computer security has two
components:
The Technology: passwords,
encryption, endpoint protection
such as anti-virus.
The People: You, your customers,
your business partners
Today, we will talk about both
components
Free Powerpoint Templates
Page 3
4. Social Engineering
The art of manipulating
people into performing actions
or divulging confidential
information
It is typically trickery or
deception for the purpose of
information gathering, fraud,
or computer system access
Free Powerpoint Templates
Page 4
5. Most Popular Type of
Social Engineering
Pretexting: An individual lies to obtain
privileged data. A pretext is a false motive.
Pretexting is a fancy term for impersonation
A big problem for computer Help Desks, in all
organizations
Example:
Some steps the UW-Madison Help Desk takes
to avoid pretexting
Free Powerpoint Templates
Page 5
6. Let’s Think of HSLC
Pretexting Example
Dear Windows User,
It has come to our attention that your Microsoft windows
Installation records are out of date. Every Windows
installation has to be tied to an email account for daily
update.
This requires you to verify the Email Account. Failure to
verify your records will result in account suspension.
Click on the Verify button below and enter your login
information on the following page to Confirm your records.
Thank you,
Microsoft Windows Team.
Free Powerpoint Templates
Page 6
7. Phishing
• Deception, but not just in
person
• Email
• Websites
• Facebook status updates
• Tweets
• Phishing, in the context of
the healthcare working
environment is extremely
dangerous
Free Powerpoint Templates
Page 7
8. Phishing History
• Phreaking, term for making
phone calls for free back in
1970s
• Fishing is the use bait to
lure a target
• Phreaking + Fishing =
Phishing
Free Powerpoint Templates
Page 8
9. Phishing 1995
• Target AOL users
• Account passwords = free
online time
• Threat level: low
• Techniques: Similar names,
such as www.ao1.com for
www.aol.com
Free Powerpoint Templates
Page 9
10. Phishling 2001
Target: Ebay and major banks
Credit card numbers and
account numbers = money
Threat level: medium
Techniques: Same in 1995, as
well as keylogger
Free Powerpoint Templates
Page 10
11. Keyloggers
• Tracking (or logging) the keys
struck on a keyboard, typically in
a covert manner so that the
person using the keyboard is
unaware that their actions are
being monitored
• Software or hardware based
Free Powerpoint Templates
Page 11
12. Phishing 2007
Targets are Paypal, banks,
ebay
Purpose to steal bank
accounts
Threat level is high
Techniques: browser
vulnerabilities, link
obfuscation
Free Powerpoint Templates
Page 12
13. Don’t Touch That QR Code
• Just as bad as clicking on an
unknown link
• Looks fancy and official, but
is easy to create
Free Powerpoint Templates
Page 13
14. Phishing in 2013
• Trends for the coming year
• Identity Information
• Personal Harm
• Blackmail
Free Powerpoint Templates
Page 14
15. Looking In the Mirror
• Which types of sensitive
information do you have access
to?
• What about others who share the
computer network with you?
• Think about the implications
associated that data being stolen
and exploited!
Free Powerpoint Templates
Page 15
16. What Phishing Looks Like
• As scam artists become more
sophisticated, so do their phishing
e-mail messages and pop-up
windows.
• They often include official-looking
logos from real organizations and
other identifying information
taken directly from legitimate
Web sites.
Free Powerpoint Templates
Page 16
17. Techniques For Phishing
• Employ visual elements from target site
• DNS Tricks:
• www.ebay.com.kr
• www.ebay.com@192.168.0.5
• www.gooogle.com
• Unicode attacks
• JavaScript Attacks
• Spoofed SSL lock Certificates
• Phishers can acquire certificates for
domains they own
• Certificate authorities make mistakes
Free Powerpoint Templates
Page 17
18. Social Engineering
Techniques
Often employed in Phishing, lower
your guard
1.Threats – Do this or else!
2.Authority – I have the authority
to ask this
3.Promises – If you do this, you
will get money
4.Praise – You deserve this
Free Powerpoint Templates
Page 18
19. Phishing
Techniques
• Socially aware attacks
• Mine social relationships from public
data
• Phishing email appears to arrive from
someone known to the victim
• Use spoofed identity of trusted
organization to gain trust
• Urge victims to update or validate their
account
• Threaten to terminate the account if the
victims not reply
• Use gift or bonus as a bait
• Security promises
Free Powerpoint Templates
Page 19
20. Let’s Talk About
Facebook
• So important, it gets its own slide!
• Essentially unauthenticated – discussion
• Three friends and you’re out! - discussion
• Privacy settings mean nothing – discussion
• Treasure Trove of identity information
• Games as information harvesters
Free Powerpoint Templates
Page 20
25. Too Good to be True,
Even When It Is Signed
Free Powerpoint Templates
Page 25
26. Detecting
Fraudulent Email
Information requested is inappropriate for
the channel of communication:
"Verify your account."nobody should ask
you to send passwords, login names,
Social Security numbers, or other personal
information through e-mail.
Urgency and potential penalty or loss are
implied:
"If you don't respond within 48 hours,
your account will be closed.”
Free Powerpoint Templates
Page 26
27. Detecting Fraudulent
Email
"Dear Valued Customer."Phishing e-mail
messages are usually sent out in bulk and
often do not contain your first or last
name.
Free Powerpoint Templates
Page 27
28. Dectecting Fraudulent
Email
"Click the link below to gain access to
your account.“
This is an example or URL Masking (hiding
the web address)
URL alteration
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
Free Powerpoint Templates
Page 28
29. How to Defend Against
Phishing Attacks
•Never respond to an email asking
for personal information
• Always check the site to see if it is
secure (SSL lock)
• Look for misspellings or errors in
grammar
• Never click on the link on the
email. Enter the web address
manually
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall
• When in doubt, ask your Network
Administrator for their opinion
Free Powerpoint Templates
Page 29
30. A Note on Spear Phishing
• Designed especially for you
• Includes your name
• May reference an
environment or issue you
are aware of and familiar
with
• Asks for special treatment,
with justification for the
request
Free Powerpoint Templates
Page 30
32. Passwords
Your password is your electronic
key to valuable resources, treat it
like your house key!
Sharing – Discussion
Theft – Discussion
Password Rotation - Discussion
Free Powerpoint Templates
Page 32
33. Creating a Strong
Password
Following two rules are bare minimal that
you should follow while creating a
password.
Rule 1 – Password Length: Stick with
passwords that are at least 8 characters in
length. The more character in the
passwords is better, as the time taken to
crack the password by an attacker will be
longer. 10 characters or longer are better.
Rule 2 – Password Complexity: At least 4
characters in your passwords should be
each one of the following:
Free Powerpoint Templates
Page 33
34. Creating a Strong
Password
1.Lower case alphabets
2.Upper case alphabets
3.Numbers
4.Special Characters
Use the “8 4 Rule”
8 = 8 characters minimum length
4 = 1 lower case + 1 upper case + 1
number + 1 special character.
Do not use a password
strength checking website!
Any ideas why this
is a bad idea?
Free Powerpoint Templates
Page 34
35. Adware, Malware,
Spyware
Adware – unwanted ad software which is
noticed
Malware – unwanted software which is
noticed and potentially causes harm
Spyware – unwanted software which goes
un-noticed and harvests your personal
information
Use endpoint protection!
Free Powerpoint Templates
Page 35
37. Adware, Malware,
Spyware
How these get on your computer:
Email
Web pages
Downloaded software
CD, USB flash drive
Sometimes, out of the box
Free Powerpoint Templates
Page 37
39. Baiting
Hey, look! A free USB drive!
I wonder what is on this confidential CD
which I found in the bathroom?
These are vectors for malware!
Play on your curiousity or desire to get
something for nothing
Don’t be a piggy!
Free Powerpoint Templates
Page 39
40. Social Engineering
Methods
Using the Out of Office
responder in a responsible
manner
Free Powerpoint Templates
Page 40
41. Medical Identity Theft
Use another person’s name
Sometimes other identifying information
such as a medical bracelet or insurance
information
Obtain medical services
Make false claims
Causes erronious information to be put
into medical records
May lead to inappropriate and life
threatening situaitons
Free Powerpoint Templates
Page 41
42. Synthetic Identity Theft
A variation of identity theft which has
recently become more common is
synthetic identity theft, in which identities
are completely or partially fabricated. The
most common technique involves
combining a real social security number
with a name and birthdate other than the
ones associated with the number.
Free Powerpoint Templates
Page 42
43. How Does Identity
Theft Happen
Let’s talk through the attached paper
handout, entitled:
“Techniques for obtaining and exploiting
personal information for identity theft”
Look through the list and think to yourself
“Could this apply to me?” If so, think
about taking steps to avoid it
Free Powerpoint Templates
Page 43
44. Tips To Avoid
Identity Theft
1. Only Make Purchases On Trusted Sites
2. Order Your Credit Report
3. Know How To Spot Phishing
4. Secure Your Network
5. Can the Spam
6. Don't Store Sensitive Information On Non-
Secure Web Sites
7. Set Banking Alerts
8. Don't Reuse Passwords
9. Use Optional Security Questions
10. Don't Put Private Information On Public
Computers
Free Powerpoint Templates
Page 44
45. If Your Identity Is Stolen
(WORK)
1. Contact your supervisor immediately
2. Report the incident to the Office of
Campus Information Security (OCIS)
http://
www.cio.wisc.edu/security-report.aspx
3. Contact the DoIT Help Desk
4. Contact UW Police, depending on
nature of incident. Consider your
personal safety! “Better safe, than
sorry”
Free Powerpoint Templates
Page 45
46. Physical Security
• The UW is a fairly open and shared
physical environment
• Seeing strangers is normal, we won’t
know if they are here as friend or foe
• Lock your office
• Lock your desk
• Lock your computer
• Criminals are opportunistic
• Even if you are just gone for a moment
• Report suspicious activity to your
administration and UW Police
• If you have an IT related concern,
contact the Office of Campus
Information Security
Free Powerpoint Templates
Page 46
47. Sharing Information With
The Public
• The University of Wisconsin is an open
environment
• However, on occasion, this open nature
can be exploited by people with
nefarious intent
• Don’t volunteer sensitive information
• Only disclose what is necessary
• Follow records retention policies
• When in doubt, ask for proof, honest
people will understand, dishonest
people will become frustrated
Free Powerpoint Templates
Page 47
48. We Have So Much More
To Talk About
• Security Awareness matters not just to
you, but to the University of Wisconsin
as a whole
• Security Awareness is an important
facet of everyone’s work
• My actions impact you
• Your actions impact me
• Security Awareness is an ever changing
and evolving area, which requires
constant attention
• DoIT is here as a resource for you
• Let us know how we can help
• Let me know if I can help
• Don’t be afraid to ask questions
• Better safe than sorry
Free Powerpoint Templates
Page 48
49. A Picture Is Worth
1000 Words
Free Powerpoint Templates
Page 49
50. Questions and
Discussion
Nicholas Davis
ndavis1@wisc.edu
608-262-3837
facebook.com/nicholas.a.davis
Free Powerpoint Templates
Page 50