Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security Awareness Training 2013

Department of Information & Technology
by

Ivan Lewis

on 10 February 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Awareness Training 2013

Symptoms
Slow computer
Ad pop-ups
Newly installed tool bars
Newly installed programs
Odd programs being started at start up
Not be able to clear certain items such as cookies and items
Website redirection
Security Awareness Training
What is Security Awareness?
Security Awareness is the framework of one knowing the vulnerabilities and impact of risks and/or threats posed on informational resources.
Passwords
Viruses
Reporting
Security Breaches
Suspicious Activity
Lost or Stolen
Laptops
Mobile Devices
Tablets
Wireless Phones
Removable media
Data

This training will provide knowledge of awareness
and Safeguards in place to assist in the goal of securing information.

Avoid, Detect, Respond
90/10 Rule
Why Security Awareness?
Information Security
sec-U-R-IT-y
Data
Personnel
Hackers
A person skilled with the use of computers
that uses his talents to gain knowledge.

There are three classifications of hackers:
White-hat: hacking for ethical and non-malicious intent
Black-hat: hacking to find exploits and system weaknesses; for malicious and personal gain
Grey-hat: someone who is a little of both

Attack Types
Malware


Virus

Ransomware

Trojan



Adware

Scareware

Why change passwords?

Nation’s Password Requirements

Do not give your password to others

Do not store your password near your workstation or under keyboard

Integrity of Nation
computer program that replicates to others
pay this much to get rid of this
poses as something else, possibly in something legitimate but usually leads to a backdoor in the system
monitors sites visited
frightens people into purchasing and installing it
Passwords
Should
Should Not
Strong
Complex
Symbols
Numbers
Capital Letter
Paraphrase
Same Password + number
Birth date
Your Name

520-383-HELP
Helpdesk@tonation-nsn.gov

Appropriate Usage
Safeguards
Detecting
Avoiding
End User
Be careful of your activity
Contact DoIT for any of the mentioned symptoms or activities
DoIT
Web filtering blocks known bad sites and unknown sites
Anti-virus is implemented. It is up-to-date and running
Windows is up-to-date with the latest security and feature updates
Responding
Do not click proceed
Pay attention to the buttons displayed
Do not click on any suspicious pop-up windows
Only use Anti-virus that you trust or know
Power the machine off

Identity Theft
Identity theft is when someone has stolen your personal information and uses it without your consent
It is a serious crime that can wreak havoc on your finances, credit history, and reputation
It takes an extensive amount of time, money, and resources to resolve the damage
Detecting
Annual Credit Report
Irregular Bank Transactions
Strange Mail Activity
Debt Collectors Calling
Notified By
IRS
Vendors
Health Providers
Avoiding
Best Practices:
Keeping Your Personal Information Secure Offline
Keeping Your Personal Information Secure Online
Keeping Your Devices Secure

Responding
Take immediate action, so you can stop an identity thief from doing more damage.

Place an initial Fraud Alert with the Credit Reporting Companies (Equifax, Experian, Transunion)
Order Your Credit Reports
Create an Identity Theft Report

Monitor Your Progress - resolving identity theft will take phone calls and letters.  Create a filing system to organize your calls, paperwork, and timelines.
Detecting
Strange Phone Call(s)
Strange Email
Suspicious Person
Dumpster Diving
USB Drop Skit
Avoiding
Be vigilant
Do not provide personal information or information about your organization
Do not reveal personal or financial information in email
Do not respond to email solicitations for this information
Don't send sensitive information over the Internet before checking a website's security
Warning signs of
Email Fraud
“You must act ‘now’ or the offer won’t be good.”
Responding
If you believe you might have revealed sensitive information about the Nation’s data, report it to your immediate supervisor or Manager. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Network
Network Shares
Internet Usage
Email
Spam and Chain Email
What is spam email?
My family needs help, please assist
What is a chain email?
Send this to 300 of your friends for good luck
Takes up valuable resources
Takes up time
Can contain links to harmful sites
Can contain harmful files
Systems
Personal/Portable Devices
Desktop
Laptop
External Media Devices
Mobile Devices
Cyber Bullying
Email
Social Media Gossip
Software
License
Approved Installs on Nation’s systems
Virtual Private Network (VPN) Connections
File Sharing
Intellectual Property
Copyright Infringement
Downloads
Data
Data Loss Prevention (DLP)
Cloud Services
Dropbox
Emailing Nation’s data
Teamviewer
Amount of Data the Nation holds
Encryption
Storage devices
USB thumb drives
External hard drives
Desktop/Laptop hard drives
Physical Security Measures
Server Rooms
Locked Doors
Cameras
Temperature Control
Access Logs
Radios
Mounted
Monitoring Utility
Logical Security Measures
Firewalls
Web filter
Anti-virus
Management System
Logging
Logical Security Measures
Enterprise Anti-virus
Applied to all machines on the nation
Monitor viruses that each system receives and what actions taken by device
Anti-virus software will scan all files on computer, including external media(flash drives)
If something is found will quarantine or delete item
Maintain reports of viruses
Email Filtering
Filter all incoming and outgoing email
Block bulk messages
Suspect emails
Including suspicious IPS
Suspicious files
Algorithm applied to emails which will determine actions
Administrative Security Measures
Policies
Computer Use Policy
Policies in process
Segregation of Duties
Rule of Least Privilege
Outside of the Office
Ensure possession of laptops, mobile devices, etc.
All wireless security features are properly configured and maintained.
Do not work on sensitive material when using an insecure connection.
Use extreme caution when using a VPN connection on a non-secure environment. (e.g., hotel)
Be vigilant about protecting information and information systems outside of the office.
Manage IT Assets
Create and deploy a registry of hardware and software assets. Record the name, brand, make, serial numbers, and product keys of equipment and/or software. Make sure you include monitors and other portable assets like printers, scanners, laptops, mobile phones, and storage media. i.e.. Flash drives, external hard drives, cds….
Make sure portable equipment that is not being used on a daily basis is put away in a secure location.
Monthly or quarterly audits of equipment ensures unnecessary loss of data or devices.
Did you know?
Security Researchers say that 35% of data breaches in U.S. companies are due to employees losing laptops and other mobile devices.
Session Control
Lock your computer
Screen Saver Password
Log out of Programs
Password Confidentiality
Windows + L
Lost or Stolen
Maintaining a list of information
Serial numbers
Nation Asset Tag Number
Equipment Type
Brand
Model
Change all passwords for online accounts previously accessed using the stolen device
Report the loss to police and IT Department as soon as possible.
“You must send money, give a credit card or bank account number, or have a check picked up by courier.” You may hear this before you have had a chance to consider the offer carefully.
“You don’t need to check out the company with anyone.” The callers say you do not need to speak to anyone including your family, lawyer, accountant, local Better Business Bureau, or consumer protection agency.
“You don’t need any written information about their company or their references.”
“You can’t afford to miss this ‘high-profit, no-risk’ offer.”
“You’ve won a ‘free’ gift, vacation, or prize.” But you have to pay for postage and handling” or other charges.
Password Complexity
Phishing Skit
Warning signs of
Email Fraud
Responding
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft.
Consider reporting the attack to the police, and file a report
Contact DoIT for any suspicious activity
Full transcript