User awareness and security practices are important for protecting against cyber threats. It is not possible to ensure 100% security through technology alone. Individual responsibility and following best practices are key to a successful security program. The document outlines various cyber threats like viruses, social engineering, and password cracking. It emphasizes the importance of security awareness, strong passwords, keeping systems updated, anti-virus software, and careful handling of personal information. Multiple layers of security through practices like firewalls, access control, and backups can help bolster defenses.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks and become more security aware. This slide deck is based on version 1.2 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
This is a basic presentation about cybersecurity to share awareness about various security threats and how you can protect yourself from them. In the preview window the formatting is off, but when downloaded it can be viewed with no problems. This is for my Info Security Policy Management class at Governors State University.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks and become more security aware. This slide deck is based on version 1.2 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Introduction to information security fieldAhmed Musaad
A short introduction to the various fields of Information Security, along with a brief description of each minor filed, the responsibilities for people working in that field, the skills needed for entering the field and what kind of knowledge should be acquired. This presentation serves as an introduction only, and shouldn't by any mean be taken as a definitive guide to those minor fields or the major filed of information security.
Presentation to raise human awareness amongst our employees for online security. Tips & tricks for how to secure your private and professional accounts.
Presentation by Kenny Laevaert - .NET Developer at Axxes
A short talk about Information Security, mainly focusing on start-ups and entrepreneurs.
Some basics on what Information Security is, how it can impact your business and some tips on how to mitigate against risk.
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
This is a presentation on information security and its importance. It talks about ISO 27001 in later part.
http://www.ifour-consultancy.com - software outsourcing company in india
Cybersafety is the safe and responsible use of information and communication technology. It is about keeping information safe and secure, but also about being responsible with that information, being respectful of other people online, and using good 'netiquette' (internet etiquette).
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
Cyber security
Online protection is the act of safeguarding PCs, organizations, programming applications, basic frameworks and information from likely advanced dangers. Associations are answerable for safeguarding information to keep up with client trust and meet administrative consistence. They use network safety measures and devices to safeguard delicate information from unapproved access and forestall interruption of business tasks due to undesirable digital action. Associations carry out network protection by smoothing out computerized safeguards across individuals, cycles, and innovation. For what reason is network safety significant? Organizations in ventures as different as energy, transportation, retail and assembling utilize computerized frameworks and high velocity network to give proficient client care and run savvy business tasks. They must safeguard their digital assets and systems from unauthorized access in the same way that they safeguard their physical assets. The occasion of purposely harming and acquiring unapproved admittance to a PC framework, organization or associated office is known as a digital assault. An effective digital assault can bring about the revelation, robbery, erasure or modification of classified information. Network safety measures safeguard against digital assaults and bring the accompanying advantages.
Computer security introduction lecture. Introduction
Network Security
Basic Components Of Computer Security
Online Security Vs Online Safety
Risks & Threats
Steps to protect information
Steps to protect computer
Ethical Impact
Case study
Statistics about Internet Crime
survey
conclusion
Scammers are Exploiting Coronavirus Fears to Phish UsersK. A. M Lutfullah
Several Government (CDC, FTC, FBI, etc.) and World (WHO) organizations are reporting an increase in attackers posing as legitimate agencies trying to trick people into sharing their account access credentials or opening malicious email attachments.
Attackers have also been sending emails that feed on concerns about COVID-19 to spread malware. More than 4,000 coronavirus-related domains have been registered since the beginning of the year. Of those new domains over three percent are considered malicious and another five percent are suspicious.
Molecular Michel And WS Potentials For 6Li+ 12C 58Ni And 90Zr Elastic Scatter...K. A. M Lutfullah
The experimental differential cross sections for the 6Li elastic scattering on 12C, 58Ni, and 90Zr at 600.0 MeV bombarding energy have been analyzed in terms of three types of optical potentials , namely non-monotonic (molecular), Woods Saxon (WS) and squared Woods-Saxon (SWS). The non-monotonic and WS potentials are able to account for the data where as the SWS potential fails . However, all the three types of potentials are found consistent in terms of the real volume integral of the potential per target-projectile nucleon pair. The molecular
potentials , which are derivable from the energy density functional (EDF) theory based on the empirical nucleon-nucleon potential , are found to have an edge over the WS ones.
Slingshot APT - Critical Vulnerability through routersK. A. M Lutfullah
New malware, which researchers have called ‘Slingshot,’ attacks and infects victims through compromised routers and can run in kernel mode, giving it complete control over victims’ devices. According to researchers, many of the techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications.
Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. Process
People
Technology
Systems must
be built to
technically
adhere to policy
People must
understand their
responsibilities
regarding policy
Policies should
be
communicated,
maintained and
enforced
Processes must
developed to show
how policies
will be followed
3. Security awareness is nothing but a
knowledge of potential threats. Its
an advantage of knowing what
types of threats / security issues
and # of incidents, our organization
may face in day-to-day operation.
It’s not possible ensure 100% security
through technology, unless provide
adequate information security
awareness. Personal responsibility
are the key of success of any
information security program.
4.
5. Internet allows an attacker to attack from anywhere in the
planet.
Risks caused by weak security practice and knowledge:
Identity Theft
Monetary Theft
Legal Ramifications (for people and organization)
Could result termination if company policies are not followed
According to www.SANS.org , the top vulnerabilities for
cyber criminal medias are:
Web Browser
IM Clients
Web Applications
Excessive User Rights
6. Security: We must
protect our computers as
well as data in the same
way that we secure the
doors of our home.
Safety: We must
improve our habit and
the way of behavior, that
protect us against risks
and threats that comes
through technology.
7. “In absence of work delegation, people share
their password with others which they
forgot to change after the crisis”
“It’s a frightening fact, but nine out of ten end-
users would unwillingly open or execute a
dangerous virus-carrying email
attachment”
“Nine out of ten end-users revealed their
password on request in exchange for a free
pen”
These things don’t happen as a result of
malicious intent, but rather a lack of
awareness of security risks.
8. 1. Passwords on Post-it Notes
2. Leaving computer open, unprotected & unattended
3. Opening e-mail attachments from strangers
4. Weak password etiquette
5. In case of lost / theft of laptop
6. Blabber mouths
7. Plug and play device installation without protection
8. Not reporting of security violations
9. Always behind the times (the patch procrastinator)
10. Unaware of internal threats
9.
10. Cracker:
Computer-savvy
programmer creates
attack software
Script Kiddies:
Unsophisticated
computer users
who know how to
execute programs
Hacker Bulletin Board
SQL Injection
Buffer overflow
Password Crackers
Password Dictionaries
Successful attacks!
Crazyman broke into …
CoolCat penetrated…
Spammer:
Create & sell bots -> spam
Sell credit card numbers,…
System Administrators
Some scripts are useful
to protect networks…
Malware package=$1K-2K
1 M Email addresses = $8
10,000 PCs = $1000
12. A virus attaches itself to a program, file,
or disk
When the program is executed, the virus
activates and replicates itself
The virus may be benign or malignant
but executes its payload at some point
(often upon contact)
Viruses result in crashing of computers and
loss of data.
In order to recover/prevent virus/attacks:
Avoid potentially unreliable websites/emails
System Restore
Re-install operating system
Anti-virus (i.e. Avira, AVG, Norton)
Program
A
Extra Code
Program
B
infects
13. Independent program which replicates itself and sends copies from
computer to computer across network connections. Upon arrival the
worm may be activated to replicate.
To Joe
To Ann
To Bob
Email List:
Joe@gmail.com
Ann@yahoo.com
Bob@uwp.edu
14. Logic Bomb: Malware logic executes upon certain
conditions. Program is often used for legitimate reasons.
Software which malfunctions if maintenance fee is not paid
Employee triggers a database erase when he is fired.
Trojan Horse: Masquerades as beneficial program while
quietly destroying data or damaging your system.
Download a game: Might be fun but has hidden part that emails
your password file without you knowing.
15. Social engineering manipulates people into performing actions or divulging
confidential information. Similar to a confidence trick or simple fraud, the term
applies to the use of deception to gain information, commit fraud, or access
computer systems.
Phone Call:
This is John,
the System
Admin. What
is your
password?
Email:
ABC Bank has
noticed a
problem with
your account…
In Person:
What ethnicity
are you? Your
mother’s
maiden name?
and have
some
software
patches
I have come
to repair
your
machine…
16. Phishing: a
‘trustworthy entity’
asks via e-mail for
sensitive
information such
as SSN, credit
card numbers,
login IDs or
passwords.
17. The link provided in the e-mail leads to a fake webpage
which collects important information and submits it to the
owner.
The fake web page looks like the real thing
Extracts account information
18. A botnet is a large number of compromised computers that
are used to create and send spam or viruses or flood a
network with messages as a denial of service attack.
The compromised computers are called zombies
19. An attacker pretends to be your final destination on the network. If
a person tries to connect to a specific WLAN access point or web
server, an attacker can mislead him to his computer, pretending to
be that access point or server.
20. Upon penetrating a computer, a
hacker installs a collection of
programs, called a rootkit.
May enable:
Easy access for the hacker (and
others)
Keystroke logger
Eliminates evidence of break-in
Modifies the operating system
21. Pattern Calculation Result Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
22. Restricted data includes:
Social Security Number
Driver’s license # or state ID #
Financial account number (credit/debit) and
access code/password
DNA profile (Statute 939.74)
Biometric data
In US, HIPAA protects:
Health status, treatment, or payment
23. Symptoms:
Antivirus software detects a problem
Pop-ups suddenly appear (may sell security
software)
Disk space disappears
Files or transactions appear that should not be there
System slows down to a crawl
Unusual messages, sounds, or displays on your
monitor
Stolen laptop (1 in 10 stolen in laptop lifetime)
Your mouse moves by itself
Your computer shuts down and powers off by itself
Often not recognized
24. Spyware symptoms:
Change to your browser homepage/start page
Ending up on a strange site when conducting a
search
System-based firewall is turned off automatically
Lots of network activity while not particularly active
Excessive pop-up windows
New icons, programs, favorites which you did not
add
Frequent firewall alerts about unknown programs
trying to access the Internet
Bad/slow system performance
25.
26. Defense in depth uses multiple layers of
defense to address technical, personnel and
operational issues.
27. Anti-virus software detects malware and can
destroy it before any damage is done
Install and maintain anti-virus and anti-
spyware software
Be sure to keep anti-virus software updated
Many free and pay options exist
28. A firewall acts as a wall between your computer/private network and
the internet. Hackers may use the internet to find, use, and install
applications on your computer. A firewall prevents hacker
connections from entering your computer.
Filters packets that enter or leave your computer
29. Microsoft regularly issues patches or updates to solve security
problems in their software. If these are not applied, it leaves your
computer vulnerable to hackers.
The Windows Update feature built into Windows can be set up to
automatically download and install updates.
Avoid logging in as administrator
31. Combine 2 unrelated
words
Mail + phone = m@!lf0n3
Abbreviate a phrase My favorite color is blue=
Mfciblue
Music lyric Happy birthday to you,
happy birthday to you,
happy birthday dear John,
happy birthday to you.
hb2uhb2uhbdJhb2u
32. Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin
A good password is:
private: it is used and known by one person only
secret: it does not appear in clear text in any file or program or on a piece of paper
pinned to the terminal
easily remembered: so there is no need to write it down
at least 8 characters, complex: a mixture of at least 3 of the following: upper
case letters, lower case letters, digits and punctuation
not guessable by any program in a reasonable time, for instance less than one
week.
changed regularly: a good change policy is every 3 months
Beware that someone may see you typing it. If you accidentally type
your password instead of your login name, it may appear in system log
files
33. Do not open email attachments unless
you are expecting the email with the
attachment and you trust the sender.
Do not click on links in emails unless
you are absolutely sure of their validity.
Only visit and/or download software
from web pages you trust.
34. Be sure to have a good firewall or pop-up blocker installed
Pop-up blockers do not always block ALL pop-ups so
always close a pop-up window using the ‘X’ in the upper
corner.
Never click “yes,” “accept” or even “cancel”
Infected USB drives are often left unattended by hackers in
public places.
35. Always use secure browser to do online activities.
Frequently delete temp files, cookies, history, saved passwords etc.
https://
Symbol showing
enhanced security
36. No security measure is 100%
What information is important to you?
Is your back-up:
Recent?
Off-site & Secure?
Process Documented?
Tested?
Encrypted?
37. These are best practices involving Information
Security.
Most of these practices are the Standards.
Use these practices at home and at work to keep
safe and secure.
Employers have policies and procedures regarding
secure practices. Be sure to understand them and
adhere to them. It will protect you, your employer
and your customers.