Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security Awareness

No description
by

Jeff Reble

on 1 May 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Awareness

Gina Zachary & Sonya Crump
Public Information Security Coordinators
City of Asheville
Information Technology Services

Security Awareness
The Basics
What is computer security?
What is security awareness?
What do these mean to YOU?
Definitions
Phishing, Social engineering, viruses, etc.
What does ITS do for you?
What can I do?
Computer Security & Security Awareness

Computer security

the process of preventing, detecting and mitigating intrusions into the computer system.

Security awareness

the knowledge, skill, and attitude an individual possesses regarding the protection of information assets.
CIA Triangle of Security

C
onfidentiality:
Guarantee that the information is available only for those, who have rights to access them.
I
ntegrity:
Guarantee that the information can not be altered. Ensures the accuracy of the data.
A
vailability:
The availability of the information resources. All systems working efficiently, the protection available when needed.
Phishing:
E-mail falsely claiming to be a legitimate enterprise in an attempt to trick the user into providing private information.
Contains links to a site to update personal information, such as passwords and credit card, social security and bank account numbers, which can then be used for identity theft.
Definitions (cont.)

Malware:
Software that is intended to damage or disable computer and computer systems.
Virus:
computer code that attaches itself to a program or file. It spreads from computer to computer, infecting as it travels.
Worm
:
like a virus, it is designed to copy itself from one computer to another computer. It takes control of features on the computer that can transport files or information.
Trojans:

computer programs that appear to be useful software. It compromises your security and causes significant damage.
Adware
:

any software package which automatically plays, displays, or downloads advertisements to a computer
What Do You Use The Internet For?

The internet is fun and I love it!
I do online banking!
I have a Facebook and/or Twitter account!
I shop online!
I used my credit card/debit card online to pay bills!
How Safe is Your Information?
1 in every 568 emails is a phishing email
What ITS Can Do For YOU!

ITS will regularly and as needed, install updates to the operating systems and application.
Backing up servers.
Uses anti-virus software.
Uses a firewall
Spyware prevention software
Protect the wireless connections
What YOU Can Do!

People (Internal employees) are the weakest link in enforcing security.
Risk can never be 100% eliminated, so with your help we can reduce the risk drastically.
Security is not just an ITS responsibility, but everyone’s responsibility.
Creating strong passwords, and not sharing these passwords with anyone. Not even helpdesk.
Using
DIFFERENT
passwords. Changing the passwords routinely.
Knowing who is sending emails to you and the files that may be attached.
Goin' Phishin'!
Types of Phishing

Phishing:
email falsely claiming to be legitimate in an attempt to trick you into providing private information.
The user is asked to update personal information such as passwords and credit card, social security, and bank account numbers.
Spear-phishing:
a phishing attempt that targets a specific organization, seeking unauthorized access to confidential data
SMiShing (SMS-Phishing):
sending phishing-like SMS text messages on cell phones
Vishing (Voice-Phishing):
criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward
Phishing Examples
How to Identify Phishing Emails

Unexpected, unsolicited emails
Check the format of the email and the attachments
Check for misspelled words and grammar
Look for unusual characters in the message or reply-to address
Consequences
“Update account within 48 hours or service will be terminated…”
“You will be charged if…”
“Limited services only…”
Link address is weird looking
Ask for personal information i.e. Account numbers, SSN, Passwords, etc
Generic greetings and contact information i.e. “Dear Customer”, “Dear Friend”, etc.
Find a Phishy Email...

Do Not open/click any links!
Do Not forward to anyone!
Do Not Respond to it!
Forward it to SPAM*
DELETE it!

* By forwarding to SPAM, it puts the sender on a list to block it in the future.
Questions?
Call the HELP DESK x4000 or
email us at Help@ashevillenc.gov
Points to Remember:
Everyone needs to participate actively in order for information security to be effective!

(Security is nothing without you!)
All of us possess and/or have access to confidential information!
Stop and think before clicking the link!
Feel free to contact ITS if you have any questions or concerns!
Goal: Educate users on responsibility to help protect confidentiality, availability and integrity of organizations information and information assessments.

Want to use a Holistic approach (Worksite and in-home) to security awareness, instead of targeting single actions.
Why do Hackers Steal information?

Online criminals are financially motivated to steal your information, whether or not they know who you are. They dress the part, talk the talk, and by pretending to be something or someone they’re not, they try to get your personal details.
CJIS Security Policy

Advance Authentication (AA) is part of the data security requirements being placed upon all law enforcement agencies via the "Criminal Justice Information Services (CJIS) Security Policy.
This document lays out the requirement that all police mobile vehicles that contain data terminals which are used to access criminal justice related information must meet certain requirements.
What is Advanced Authentication?

Authentication is the process of verifying a claimed identity, determining if the subject is really who he/she claims to be.
It is based on at least one of the three factors:
Something a person has (smart card, token, key, swipe card, badge)
Something a person knows (password, passphrase, PIn)
Something a person is (fingerprint, voice, retina/iris characteristics)
IT is evaluating methodologies of determining the first factor- "something the user has". The second method of "something a person knows" will be based on Active Directory/network logins.
One More Thing...
Definitions:

Social Engineering
The art of manipulating and tricking people into divulging personal or organizational information.
Spyware:
Software that, unknown to the user, monitors a user’s activity on the internet and transmits that information to someone else.
Keylogging:
The action of tracking/logging the keys struck on a keyboard. The user is normally not aware that their actions are being monitored.
This is a way that hackers steal information from users.
Full transcript