SlideShare a Scribd company logo

SD-Security

N
NorthCoastHDI

This document discusses the security responsibilities of service desk staff. It emphasizes that security is a team effort and individual responsibility. The service desk plays an important role by being aware of potential threats, communicating security messages to users, and properly handling security incidents. As the main point of contact for IT issues, the service desk is well positioned to help the organization by noticing suspicious activity and serving as role models for secure practices.

Technology
1 of 20
Download to read offline
Service Desk - Security Chris Prewitt
Service Desk – Why is it a threat?
Attacking the Service Desk
Responsibility
6 Security is everyone’s concern The key to Security Awareness is found in the word itself: “Security… a team effort, but an individual responsibility” SEC- -Y
Employee Responsibility 7 The OPM hack, the RSA hack, and many others were initiated by an employee making 2 mistakes. First, clicking a link that led to malware. Second, not reporting it immediately when something weird happened. What can you do to help your company? Be aware; see something, say something *Malware is software that is intended to damage or disable computers and computer systems
Most Common Passwords (2017) 1. 123456 (Unchanged) 2. Password (Unchanged) 3. 12345678 (Up 1) 4. qwerty (Up 2) 5. 12345 (Down 2) 6. 123456789 (New) 7. letmein (New) 8. 1234567 (Unchanged) 9. football (Down 4) 10.iloveyou (New) 11.admin (Up 4) 12.welcome (Unchanged) 13.monkey (New) 8 14. login (Down 3) 15. abc123 (Down 1) 16. starwars (New) 17. 123123 (New) 18. dragon (Up 1) 19. passw0rd (Down 1) 20. master (Up 1) 21. hello (New) 22. freedom (New) 23. whatever (New) 24. qazwsx (New) 25. trustno1 (New) The password policy within Active Directory enforces password length, complexity, and history. This does not in any way control what the password is, just how long it is and what characters are inside of it. Many people will use easily guessable passwords like Winter2017 or Password!@# because they technically meet the standards but are easy for them to remember.
Is Your Password Secure? Ensure that your password:  Is a minimum of 8 characters  Is comprised of at least 3 of the following: • uppercase letter (A, B, C..) • lowercase letter (a, b, c…) • numeric (1, 2, 3…) • special character (#, $,*…)  Has no sequentially repeated characters  Rotate password every 90 days  Is not a dictionary word  Create or Use a passphrase  Is never shared and (never written down) 9
Sensitive Data Types • Employee Data • Names, addresses, national ID or social security numbers • Employee Medical Information • Insurance, accidents • Financial Information/Payment Card • Credit Card information: internal and customer • Bank routing numbers • Consumer/Customer Information • Names, email addresses, login, passwords • Intellectual Property • Machine drawings, assembly instructions, chemical formulations, recipe • Source code, what’s your companies secret sauce? 10
How information is stored, transferred • Email • Corporate file transfer tools • File Servers • Online personal storage • Dropbox, Google Drive, OneDrive, Box.com, etc. • Password protected files (Office, Zip) • USB 11
Risks
Acceptable Use Policy - Email & Internet Limited personal use is permissible under most policies. However…  Using company networks to access pornography or gambling sites is strictly prohibited.  These tools are to help your productivity – not interfere with your job performance.  Do not use e-mail to distribute files that are obscene, pornographic, threatening, or harassing.  Do not open attachments or links in unknown or suspicious email.  Using company resources to establish or maintain your own personal business should be strictly prohibited. 13
Data Leakage 14 Data Leakage is the unauthorized transmission of data (or information) from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method. Be mindful that unauthorized leakage does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized. Examples Sharing confidential or restricted documents with anyone that shouldn’t see them. Storing confidential or restricted documents on non-Lincoln Electric assets, such as Dropbox, your home computer. Transferring confidential or restricted documents using your personal email or other methods.
Social Engineering  Watch out for phishing attempts through email trying to trick you into providing sensitive information over the internet.  Protect against “dumpster diving” - dispose of sensitive information properly (e.g., appropriately shredding sensitive paper documents). Social Engineering occurs when techniques such as trickery and manipulation are used to deceive associates into providing useful Company or personal information. This information can be used to gain unauthorized access to company’s most sensitive information assets. Here are some tips:  Never give out sensitive Company information or your personal information over the phone, internet, e- mail, etc. 15
Phishing 16 Phishing email messages, websites, and phone calls are designed to steal information or money. Cybercriminals can do this by installing malware or malicious software on your computer. Cybercriminals also use social engineering to convince you to install malware or hand over personal information under false pretenses. You could be sent an email, at work or home, they could call you on the phone, or you may even see a popup asking you to download and run software.
Phishing Phone Calls 17 Treat all unsolicited phone calls with skepticism. Do not provide any personal information of yourself or co- workers. Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor other partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
Physical Loss Before After 18 What is the real cost of a lost laptop, tablet or smart phone? • How much private information could be stolen? • How many trade secrets? • How much will you have to spend to restore your customers' privacy? Not to mention their trust - or your reputation?
Response
Service Desk Responsibility Do you know who to call? Do you know what to do? What tools do you have? What is your responsibility? Why should the Service Desk care about Security? 1. Everyone’s Responsible for Security 2. Service Desks Are the Eyes and Ears of IT 3. Service Desks Can Communicate Information Security Messages to Users 4. Service Desks Have a Major Role to Play in Security Incident Management 5. Service Desk Staff Are Role Models

Recommended

Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
Safety And Security Of Data Student Work
Safety And Security Of Data Student WorkSafety And Security Of Data Student Work
Safety And Security Of Data Student WorkWynthorpe
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 

Recommended

Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
Safety And Security Of Data Student Work
Safety And Security Of Data Student WorkSafety And Security Of Data Student Work
Safety And Security Of Data Student WorkWynthorpe
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Hacking
HackingHacking
Hackingpranav patade
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )Elipeta Sotabento
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)Stu Sjouwerman
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityHelen Dixon
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptRashed Sayyed
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
9 ethics in it space
9 ethics in it space9 ethics in it space
9 ethics in it spaceAlwyn Dalmeida
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)लक्ष्मण गिरी
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or badAshish Chandurkar
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9amberkhan59
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notesLinda Barron
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 

More Related Content

What's hot

Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)Stu Sjouwerman
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notesLinda Barron
 

What's hot (20)

Hacking
HackingHacking
Hacking
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)The History of Hacking in 5minutes (for dummie)
The History of Hacking in 5minutes (for dummie)
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Internet security
Internet securityInternet security
Internet security
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
 
Hacking
Hacking Hacking
Hacking
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
9 ethics in it space
9 ethics in it space9 ethics in it space
9 ethics in it space
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or bad
 
Ict lec#9
Ict lec#9Ict lec#9
Ict lec#9
 
Internet safety v 4 slides and notes
Internet safety v 4 slides and notesInternet safety v 4 slides and notes
Internet safety v 4 slides and notes
 

Similar to SD-Security

Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxssuserd1e24b
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019Mustafa Kuğu
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?CBIZ, Inc.
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Networkthowell
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agentsocinc
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygieneEricK Gasana
 
Data theft
Data theftData theft
Data theftLaura
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Gian Gentile
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 

Similar to SD-Security (20)

Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
IT security awareness
IT security awarenessIT security awareness
IT security awareness
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus NetworkSocial Engineering: Protecting Yourself on the Campus Network
Social Engineering: Protecting Yourself on the Campus Network
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Pci compliance training agents
Pci compliance training agentsPci compliance training agents
Pci compliance training agents
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
 
Data theft
Data theftData theft
Data theft
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
User security awareness
User security awarenessUser security awareness
User security awareness
 

More from NorthCoastHDI

Is AI the Future of IT Operations?
Is AI the Future of IT Operations?Is AI the Future of IT Operations?
Is AI the Future of IT Operations?NorthCoastHDI
 
Major Incident Management
Major Incident ManagementMajor Incident Management
Major Incident ManagementNorthCoastHDI
 
Proactive Project Management w/Machine Learning
Proactive Project Management w/Machine LearningProactive Project Management w/Machine Learning
Proactive Project Management w/Machine LearningNorthCoastHDI
 
Learn More about HDI
Learn More about HDILearn More about HDI
Learn More about HDINorthCoastHDI
 
Good Practice Discussion - itSMF
Good Practice Discussion - itSMFGood Practice Discussion - itSMF
Good Practice Discussion - itSMFNorthCoastHDI
 
Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)NorthCoastHDI
 
The Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast ChapterThe Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast ChapterNorthCoastHDI
 
NorthCoast HDI September 2014
NorthCoast HDI September 2014NorthCoast HDI September 2014
NorthCoast HDI September 2014NorthCoastHDI
 

More from NorthCoastHDI (10)

Is AI the Future of IT Operations?
Is AI the Future of IT Operations?Is AI the Future of IT Operations?
Is AI the Future of IT Operations?
 
Major Incident Management
Major Incident ManagementMajor Incident Management
Major Incident Management
 
WiFi 101
WiFi 101WiFi 101
WiFi 101
 
Shift Left Strategy
Shift Left StrategyShift Left Strategy
Shift Left Strategy
 
Proactive Project Management w/Machine Learning
Proactive Project Management w/Machine LearningProactive Project Management w/Machine Learning
Proactive Project Management w/Machine Learning
 
Learn More about HDI
Learn More about HDILearn More about HDI
Learn More about HDI
 
Good Practice Discussion - itSMF
Good Practice Discussion - itSMFGood Practice Discussion - itSMF
Good Practice Discussion - itSMF
 
Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)Continuous Service Improvement (CSI)
Continuous Service Improvement (CSI)
 
The Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast ChapterThe Future of Desktop Support - HDI Northcoast Chapter
The Future of Desktop Support - HDI Northcoast Chapter
 
NorthCoast HDI September 2014
NorthCoast HDI September 2014NorthCoast HDI September 2014
NorthCoast HDI September 2014
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

SD-Security

  • 1. Service Desk - Security Chris Prewitt
  • 2. Service Desk – Why is it a threat?
  • 4.
  • 6. 6 Security is everyone’s concern The key to Security Awareness is found in the word itself: “Security… a team effort, but an individual responsibility” SEC- -Y
  • 7. Employee Responsibility 7 The OPM hack, the RSA hack, and many others were initiated by an employee making 2 mistakes. First, clicking a link that led to malware. Second, not reporting it immediately when something weird happened. What can you do to help your company? Be aware; see something, say something *Malware is software that is intended to damage or disable computers and computer systems
  • 8. Most Common Passwords (2017) 1. 123456 (Unchanged) 2. Password (Unchanged) 3. 12345678 (Up 1) 4. qwerty (Up 2) 5. 12345 (Down 2) 6. 123456789 (New) 7. letmein (New) 8. 1234567 (Unchanged) 9. football (Down 4) 10.iloveyou (New) 11.admin (Up 4) 12.welcome (Unchanged) 13.monkey (New) 8 14. login (Down 3) 15. abc123 (Down 1) 16. starwars (New) 17. 123123 (New) 18. dragon (Up 1) 19. passw0rd (Down 1) 20. master (Up 1) 21. hello (New) 22. freedom (New) 23. whatever (New) 24. qazwsx (New) 25. trustno1 (New) The password policy within Active Directory enforces password length, complexity, and history. This does not in any way control what the password is, just how long it is and what characters are inside of it. Many people will use easily guessable passwords like Winter2017 or Password!@# because they technically meet the standards but are easy for them to remember.
  • 9. Is Your Password Secure? Ensure that your password:  Is a minimum of 8 characters  Is comprised of at least 3 of the following: • uppercase letter (A, B, C..) • lowercase letter (a, b, c…) • numeric (1, 2, 3…) • special character (#, $,*…)  Has no sequentially repeated characters  Rotate password every 90 days  Is not a dictionary word  Create or Use a passphrase  Is never shared and (never written down) 9
  • 10. Sensitive Data Types • Employee Data • Names, addresses, national ID or social security numbers • Employee Medical Information • Insurance, accidents • Financial Information/Payment Card • Credit Card information: internal and customer • Bank routing numbers • Consumer/Customer Information • Names, email addresses, login, passwords • Intellectual Property • Machine drawings, assembly instructions, chemical formulations, recipe • Source code, what’s your companies secret sauce? 10
  • 11. How information is stored, transferred • Email • Corporate file transfer tools • File Servers • Online personal storage • Dropbox, Google Drive, OneDrive, Box.com, etc. • Password protected files (Office, Zip) • USB 11
  • 12. Risks
  • 13. Acceptable Use Policy - Email & Internet Limited personal use is permissible under most policies. However…  Using company networks to access pornography or gambling sites is strictly prohibited.  These tools are to help your productivity – not interfere with your job performance.  Do not use e-mail to distribute files that are obscene, pornographic, threatening, or harassing.  Do not open attachments or links in unknown or suspicious email.  Using company resources to establish or maintain your own personal business should be strictly prohibited. 13
  • 14. Data Leakage 14 Data Leakage is the unauthorized transmission of data (or information) from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method. Be mindful that unauthorized leakage does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized. Examples Sharing confidential or restricted documents with anyone that shouldn’t see them. Storing confidential or restricted documents on non-Lincoln Electric assets, such as Dropbox, your home computer. Transferring confidential or restricted documents using your personal email or other methods.
  • 15. Social Engineering  Watch out for phishing attempts through email trying to trick you into providing sensitive information over the internet.  Protect against “dumpster diving” - dispose of sensitive information properly (e.g., appropriately shredding sensitive paper documents). Social Engineering occurs when techniques such as trickery and manipulation are used to deceive associates into providing useful Company or personal information. This information can be used to gain unauthorized access to company’s most sensitive information assets. Here are some tips:  Never give out sensitive Company information or your personal information over the phone, internet, e- mail, etc. 15
  • 16. Phishing 16 Phishing email messages, websites, and phone calls are designed to steal information or money. Cybercriminals can do this by installing malware or malicious software on your computer. Cybercriminals also use social engineering to convince you to install malware or hand over personal information under false pretenses. You could be sent an email, at work or home, they could call you on the phone, or you may even see a popup asking you to download and run software.
  • 17. Phishing Phone Calls 17 Treat all unsolicited phone calls with skepticism. Do not provide any personal information of yourself or co- workers. Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor other partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
  • 18. Physical Loss Before After 18 What is the real cost of a lost laptop, tablet or smart phone? • How much private information could be stolen? • How many trade secrets? • How much will you have to spend to restore your customers' privacy? Not to mention their trust - or your reputation?
  • 20. Service Desk Responsibility Do you know who to call? Do you know what to do? What tools do you have? What is your responsibility? Why should the Service Desk care about Security? 1. Everyone’s Responsible for Security 2. Service Desks Are the Eyes and Ears of IT 3. Service Desks Can Communicate Information Security Messages to Users 4. Service Desks Have a Major Role to Play in Security Incident Management 5. Service Desk Staff Are Role Models