Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Security Awareness Training 2013

Department of Information & Technology

Ivan Lewis

on 10 February 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Awareness Training 2013

Slow computer
Ad pop-ups
Newly installed tool bars
Newly installed programs
Odd programs being started at start up
Not be able to clear certain items such as cookies and items
Website redirection
Security Awareness Training
What is Security Awareness?
Security Awareness is the framework of one knowing the vulnerabilities and impact of risks and/or threats posed on informational resources.
Security Breaches
Suspicious Activity
Lost or Stolen
Mobile Devices
Wireless Phones
Removable media

This training will provide knowledge of awareness
and Safeguards in place to assist in the goal of securing information.

Avoid, Detect, Respond
90/10 Rule
Why Security Awareness?
Information Security
A person skilled with the use of computers
that uses his talents to gain knowledge.

There are three classifications of hackers:
White-hat: hacking for ethical and non-malicious intent
Black-hat: hacking to find exploits and system weaknesses; for malicious and personal gain
Grey-hat: someone who is a little of both

Attack Types






Why change passwords?

Nation’s Password Requirements

Do not give your password to others

Do not store your password near your workstation or under keyboard

Integrity of Nation
computer program that replicates to others
pay this much to get rid of this
poses as something else, possibly in something legitimate but usually leads to a backdoor in the system
monitors sites visited
frightens people into purchasing and installing it
Should Not
Capital Letter
Same Password + number
Birth date
Your Name


Appropriate Usage
End User
Be careful of your activity
Contact DoIT for any of the mentioned symptoms or activities
Web filtering blocks known bad sites and unknown sites
Anti-virus is implemented. It is up-to-date and running
Windows is up-to-date with the latest security and feature updates
Do not click proceed
Pay attention to the buttons displayed
Do not click on any suspicious pop-up windows
Only use Anti-virus that you trust or know
Power the machine off

Identity Theft
Identity theft is when someone has stolen your personal information and uses it without your consent
It is a serious crime that can wreak havoc on your finances, credit history, and reputation
It takes an extensive amount of time, money, and resources to resolve the damage
Annual Credit Report
Irregular Bank Transactions
Strange Mail Activity
Debt Collectors Calling
Notified By
Health Providers
Best Practices:
Keeping Your Personal Information Secure Offline
Keeping Your Personal Information Secure Online
Keeping Your Devices Secure

Take immediate action, so you can stop an identity thief from doing more damage.

Place an initial Fraud Alert with the Credit Reporting Companies (Equifax, Experian, Transunion)
Order Your Credit Reports
Create an Identity Theft Report

Monitor Your Progress - resolving identity theft will take phone calls and letters.  Create a filing system to organize your calls, paperwork, and timelines.
Strange Phone Call(s)
Strange Email
Suspicious Person
Dumpster Diving
USB Drop Skit
Be vigilant
Do not provide personal information or information about your organization
Do not reveal personal or financial information in email
Do not respond to email solicitations for this information
Don't send sensitive information over the Internet before checking a website's security
Warning signs of
Email Fraud
“You must act ‘now’ or the offer won’t be good.”
If you believe you might have revealed sensitive information about the Nation’s data, report it to your immediate supervisor or Manager. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Network Shares
Internet Usage
Spam and Chain Email
What is spam email?
My family needs help, please assist
What is a chain email?
Send this to 300 of your friends for good luck
Takes up valuable resources
Takes up time
Can contain links to harmful sites
Can contain harmful files
Personal/Portable Devices
External Media Devices
Mobile Devices
Cyber Bullying
Social Media Gossip
Approved Installs on Nation’s systems
Virtual Private Network (VPN) Connections
File Sharing
Intellectual Property
Copyright Infringement
Data Loss Prevention (DLP)
Cloud Services
Emailing Nation’s data
Amount of Data the Nation holds
Storage devices
USB thumb drives
External hard drives
Desktop/Laptop hard drives
Physical Security Measures
Server Rooms
Locked Doors
Temperature Control
Access Logs
Monitoring Utility
Logical Security Measures
Web filter
Management System
Logical Security Measures
Enterprise Anti-virus
Applied to all machines on the nation
Monitor viruses that each system receives and what actions taken by device
Anti-virus software will scan all files on computer, including external media(flash drives)
If something is found will quarantine or delete item
Maintain reports of viruses
Email Filtering
Filter all incoming and outgoing email
Block bulk messages
Suspect emails
Including suspicious IPS
Suspicious files
Algorithm applied to emails which will determine actions
Administrative Security Measures
Computer Use Policy
Policies in process
Segregation of Duties
Rule of Least Privilege
Outside of the Office
Ensure possession of laptops, mobile devices, etc.
All wireless security features are properly configured and maintained.
Do not work on sensitive material when using an insecure connection.
Use extreme caution when using a VPN connection on a non-secure environment. (e.g., hotel)
Be vigilant about protecting information and information systems outside of the office.
Manage IT Assets
Create and deploy a registry of hardware and software assets. Record the name, brand, make, serial numbers, and product keys of equipment and/or software. Make sure you include monitors and other portable assets like printers, scanners, laptops, mobile phones, and storage media. i.e.. Flash drives, external hard drives, cds….
Make sure portable equipment that is not being used on a daily basis is put away in a secure location.
Monthly or quarterly audits of equipment ensures unnecessary loss of data or devices.
Did you know?
Security Researchers say that 35% of data breaches in U.S. companies are due to employees losing laptops and other mobile devices.
Session Control
Lock your computer
Screen Saver Password
Log out of Programs
Password Confidentiality
Windows + L
Lost or Stolen
Maintaining a list of information
Serial numbers
Nation Asset Tag Number
Equipment Type
Change all passwords for online accounts previously accessed using the stolen device
Report the loss to police and IT Department as soon as possible.
“You must send money, give a credit card or bank account number, or have a check picked up by courier.” You may hear this before you have had a chance to consider the offer carefully.
“You don’t need to check out the company with anyone.” The callers say you do not need to speak to anyone including your family, lawyer, accountant, local Better Business Bureau, or consumer protection agency.
“You don’t need any written information about their company or their references.”
“You can’t afford to miss this ‘high-profit, no-risk’ offer.”
“You’ve won a ‘free’ gift, vacation, or prize.” But you have to pay for postage and handling” or other charges.
Password Complexity
Phishing Skit
Warning signs of
Email Fraud
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft.
Consider reporting the attack to the police, and file a report
Contact DoIT for any suspicious activity
Full transcript