SlideShare a Scribd company logo

Information Security

Download as PPT, PDF
V
vadapav123

Information security, creating awareness, educating staff and protecting information

Technology
1 of 28
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson
2 Topics Covered  Data Privacy  Spyware & Adware  SPAM & SPIM  Phishing  Passwords  Social Engineering  Email & Chat Services  Securing Workstations  Data Backups  Equipment Disposal  Data Recovery Demo  Data Disposal  Access Rights  Physical Security  Emerging Threats  Incident Response  Creating Awareness  Questions  Useful Links
3 Why Security?  Liability  Privacy Concerns  Copyright Violations  Identity Theft  Resource Violations  Reputation Protection  Meet Expectations  Laws & Regulations
4 Understanding Threats What is valuable? What is vulnerable? What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Most believe they will win lottery before getting hit by malicious code
5 Protecting Information like: Social Security Number Drivers license number Insurance numbers Passwords and PIN’s Banking information Keep Sensitive Data Private
6 Terminology Hackers – white hat – grey hat – black hat DOS & DDOS 1337 (Leet) speak Warez Script kiddies
7 Spyware & Adware (Scumware) Spyware-Applications that monitor activity without express permission Adware-Applications that monitor activity with express permission – Read the EULA
8 SPAM & SPIM SPAM- – Junk email SPIM- SPAM has come to Instant Messaging – Uncontrolled viewing (pop-up windows) – Bot generated
9 Phishing  Phishing is a computer scam that uses SPAM, SPIM & pop-up messages to trick us into disclosing private information (Social Security Number, Credit Cards, banking data, passwords, etc) – Often sent from someone that we “trust” or are in some way associated with us – Appears to be a legitimate website – Embedded in links emails & pop-up message – Phishing emails often contain spyware designed to give remote control to our computer or track our online activities
10  Select a good one – At least 7 characters – Mixture of upper and lowercase characters – Mixture of alpha and numeric characters – Don’t use dictionary words  Keep passwords safe  Change them often  Don’t share or reuse passwords  Two-factor authentication Passwords
11 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception
12 Email & Chat Services  Email and chat are sent in clear text over the Internet  Data can easily be captured and read by savvy computer users and systems administrators  Safeguards should be put into place prior to using these programs for sending/receiving sensitive information like Social Security Numbers
13 Enhance Our Work Area Security  Secure workstations – Lock our systems (Ctrl-Alt-Delete) – Shut down – Run up to date virus scanning software – Password protect files – Apply software patches – Install cable locks – Run a desktop firewall
14 Is Our Data Being Backed Up? Test backups Securely store backup media (offsite) Restrict access to who can perform restoration
15 Equipment Disposal What happens to old computer when they are replaced? Do those systems contain sensitive information? Several programs to securely remove data from computer systems are commercially available
16 Data Recovery DEMO
17 Dumpster Diving We never know who is looking in our trash Shred sensitive documents Secure shred barrels, and make sure that proper handling procedures are in place
18 Access Rights  Only allow access that is absolutely required  Don’t grant accounts based on the fact that access “may” be required  Use least privilege access policies that state access will only be granted if required, not by default  Are accounts removed and passwords changed when someone changes jobs or is terminated?  Perform audits
19 Physical Security Who has access? Are sensitive documents secured?
20 Emerging Threats  Wireless Technology  Memory Devices-iPod, USB Keys, Coke cans, etc  Camera phones  P2P File Sharing
21 Incident Response Do you know what to do and who to contact if a security breach occurs?
22 Recent News
23 Creating Awareness  Educate staff – Train staff – Document processes and outline expectations  Research potential candidates – Perform background & credit checks  Track system changes – Audit system access – Audit system changes  Create & communicate policies: – Define document and system disposal processes – Define backup procedures – Define clean work area policies – Define computer usage policies
24 Be Aware Report anything “strange” Don’t give private information out Properly dispose of sensitive information Run up to date virus protection & software Ask questions
25 Useful Links National Cyber Security Alliance http://www.staysafeonline.info/ National Institute of Standards and Technology: http://csrc.nist.gov/sec-cert/ Recent News High Profile Computer Compromise High Profile Computer Compromise A lot of Schools have great security resource pages, for example UC Davis and the University of Iowa websites: http://security.ucdavis.edu/security101.cfm http://cio.uiowa.edu/itsecurity/
26 Example Software References Some various applications mentioned in the presentation*  Email Security – PGP http://www.pgp.com – Instant Messaging Security – Simp http://www.secway.fr/products/all.php?PARAM=us,text – Adware & Spyware Removal Applications – Ad-aware http://www.lavasoftusa.com/software/adaware/ – Spybot http://www.safer-networking.org/en/download/  Secure File Deletion – Secure Delete http://www.sysinternals.com/ntw2k/source/sdelete.shtml  System Disposal – Secure Hard Drive cleaning http://www.accessdata.com/Product07_Overview.htm * Use of these tools is not an endorsement or guarantee of product reliability or effectiveness
27 Sample Policies Developing Security Policy – http://www.sans.org/rr/papers/50/919.pdf Acceptable Use – http://www.sans.org/resources/policies/Acc eptable_Use_Policy.pdf
28 Questions? Please fill out the session evaluations & thank you for attending this session

Recommended

Information security
Information security Information security
Information security AishaIshaq4
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 
IT security
IT securityIT security
IT securityAman Jain
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 

Recommended

Information security
Information security Information security
Information security AishaIshaq4
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
IT Security
IT SecurityIT Security
IT SecurityRaden Tjokro Partono
 
IT security
IT securityIT security
IT securityAman Jain
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutionsmaryrowling
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCAT-NET Services, Inc. - Charleston Division
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Infosec
InfosecInfosec
InfosecIsmaila Gassama
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Cyber security
Cyber securityCyber security
Cyber securityAkdu095
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Data security
Data securityData security
Data securityAbdulBasit938
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 

More Related Content

What's hot

The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introductionyuliana_mar
 
Cyber security
Cyber securityCyber security
Cyber securityAkdu095
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 

What's hot (20)

Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Cia security model
Cia security modelCia security model
Cia security model
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Infosec
InfosecInfosec
Infosec
 
Information Security Management.Introduction
Information Security Management.IntroductionInformation Security Management.Introduction
Information Security Management.Introduction
 
Cyber security
Cyber securityCyber security
Cyber security
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Data security
Data securityData security
Data security
 

Similar to Information Security

IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics pptWulax37
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptxKhristine Botin
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxbagotjesusa
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 

Similar to Information Security (20)

IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
Business ethics ppt
Business ethics pptBusiness ethics ppt
Business ethics ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Unit v
Unit vUnit v
Unit v
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 

Recently uploaded

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Information Security

  • 1. Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson
  • 2. 2 Topics Covered  Data Privacy  Spyware & Adware  SPAM & SPIM  Phishing  Passwords  Social Engineering  Email & Chat Services  Securing Workstations  Data Backups  Equipment Disposal  Data Recovery Demo  Data Disposal  Access Rights  Physical Security  Emerging Threats  Incident Response  Creating Awareness  Questions  Useful Links
  • 3. 3 Why Security?  Liability  Privacy Concerns  Copyright Violations  Identity Theft  Resource Violations  Reputation Protection  Meet Expectations  Laws & Regulations
  • 4. 4 Understanding Threats What is valuable? What is vulnerable? What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Most believe they will win lottery before getting hit by malicious code
  • 5. 5 Protecting Information like: Social Security Number Drivers license number Insurance numbers Passwords and PIN’s Banking information Keep Sensitive Data Private
  • 6. 6 Terminology Hackers – white hat – grey hat – black hat DOS & DDOS 1337 (Leet) speak Warez Script kiddies
  • 7. 7 Spyware & Adware (Scumware) Spyware-Applications that monitor activity without express permission Adware-Applications that monitor activity with express permission – Read the EULA
  • 8. 8 SPAM & SPIM SPAM- – Junk email SPIM- SPAM has come to Instant Messaging – Uncontrolled viewing (pop-up windows) – Bot generated
  • 9. 9 Phishing  Phishing is a computer scam that uses SPAM, SPIM & pop-up messages to trick us into disclosing private information (Social Security Number, Credit Cards, banking data, passwords, etc) – Often sent from someone that we “trust” or are in some way associated with us – Appears to be a legitimate website – Embedded in links emails & pop-up message – Phishing emails often contain spyware designed to give remote control to our computer or track our online activities
  • 10. 10  Select a good one – At least 7 characters – Mixture of upper and lowercase characters – Mixture of alpha and numeric characters – Don’t use dictionary words  Keep passwords safe  Change them often  Don’t share or reuse passwords  Two-factor authentication Passwords
  • 11. 11 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception
  • 12. 12 Email & Chat Services  Email and chat are sent in clear text over the Internet  Data can easily be captured and read by savvy computer users and systems administrators  Safeguards should be put into place prior to using these programs for sending/receiving sensitive information like Social Security Numbers
  • 13. 13 Enhance Our Work Area Security  Secure workstations – Lock our systems (Ctrl-Alt-Delete) – Shut down – Run up to date virus scanning software – Password protect files – Apply software patches – Install cable locks – Run a desktop firewall
  • 14. 14 Is Our Data Being Backed Up? Test backups Securely store backup media (offsite) Restrict access to who can perform restoration
  • 15. 15 Equipment Disposal What happens to old computer when they are replaced? Do those systems contain sensitive information? Several programs to securely remove data from computer systems are commercially available
  • 17. 17 Dumpster Diving We never know who is looking in our trash Shred sensitive documents Secure shred barrels, and make sure that proper handling procedures are in place
  • 18. 18 Access Rights  Only allow access that is absolutely required  Don’t grant accounts based on the fact that access “may” be required  Use least privilege access policies that state access will only be granted if required, not by default  Are accounts removed and passwords changed when someone changes jobs or is terminated?  Perform audits
  • 19. 19 Physical Security Who has access? Are sensitive documents secured?
  • 20. 20 Emerging Threats  Wireless Technology  Memory Devices-iPod, USB Keys, Coke cans, etc  Camera phones  P2P File Sharing
  • 21. 21 Incident Response Do you know what to do and who to contact if a security breach occurs?
  • 23. 23 Creating Awareness  Educate staff – Train staff – Document processes and outline expectations  Research potential candidates – Perform background & credit checks  Track system changes – Audit system access – Audit system changes  Create & communicate policies: – Define document and system disposal processes – Define backup procedures – Define clean work area policies – Define computer usage policies
  • 24. 24 Be Aware Report anything “strange” Don’t give private information out Properly dispose of sensitive information Run up to date virus protection & software Ask questions
  • 25. 25 Useful Links National Cyber Security Alliance http://www.staysafeonline.info/ National Institute of Standards and Technology: http://csrc.nist.gov/sec-cert/ Recent News High Profile Computer Compromise High Profile Computer Compromise A lot of Schools have great security resource pages, for example UC Davis and the University of Iowa websites: http://security.ucdavis.edu/security101.cfm http://cio.uiowa.edu/itsecurity/
  • 26. 26 Example Software References Some various applications mentioned in the presentation*  Email Security – PGP http://www.pgp.com – Instant Messaging Security – Simp http://www.secway.fr/products/all.php?PARAM=us,text – Adware & Spyware Removal Applications – Ad-aware http://www.lavasoftusa.com/software/adaware/ – Spybot http://www.safer-networking.org/en/download/  Secure File Deletion – Secure Delete http://www.sysinternals.com/ntw2k/source/sdelete.shtml  System Disposal – Secure Hard Drive cleaning http://www.accessdata.com/Product07_Overview.htm * Use of these tools is not an endorsement or guarantee of product reliability or effectiveness
  • 27. 27 Sample Policies Developing Security Policy – http://www.sans.org/rr/papers/50/919.pdf Acceptable Use – http://www.sans.org/resources/policies/Acc eptable_Use_Policy.pdf
  • 28. 28 Questions? Please fill out the session evaluations & thank you for attending this session

Editor's Notes

  1. <number>