Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Security Awareness Training 2013
Transcript of Security Awareness Training 2013
Newly installed tool bars
Newly installed programs
Odd programs being started at start up
Not be able to clear certain items such as cookies and items
Security Awareness Training
What is Security Awareness?
Security Awareness is the framework of one knowing the vulnerabilities and impact of risks and/or threats posed on informational resources.
Lost or Stolen
This training will provide knowledge of awareness
and Safeguards in place to assist in the goal of securing information.
Avoid, Detect, Respond
Why Security Awareness?
A person skilled with the use of computers
that uses his talents to gain knowledge.
There are three classifications of hackers:
White-hat: hacking for ethical and non-malicious intent
Black-hat: hacking to find exploits and system weaknesses; for malicious and personal gain
Grey-hat: someone who is a little of both
Why change passwords?
Nation’s Password Requirements
Do not give your password to others
Do not store your password near your workstation or under keyboard
Integrity of Nation
computer program that replicates to others
pay this much to get rid of this
poses as something else, possibly in something legitimate but usually leads to a backdoor in the system
monitors sites visited
frightens people into purchasing and installing it
Same Password + number
Be careful of your activity
Contact DoIT for any of the mentioned symptoms or activities
Web filtering blocks known bad sites and unknown sites
Anti-virus is implemented. It is up-to-date and running
Windows is up-to-date with the latest security and feature updates
Do not click proceed
Pay attention to the buttons displayed
Do not click on any suspicious pop-up windows
Only use Anti-virus that you trust or know
Power the machine off
Identity theft is when someone has stolen your personal information and uses it without your consent
It is a serious crime that can wreak havoc on your finances, credit history, and reputation
It takes an extensive amount of time, money, and resources to resolve the damage
Annual Credit Report
Irregular Bank Transactions
Strange Mail Activity
Debt Collectors Calling
Keeping Your Personal Information Secure Offline
Keeping Your Personal Information Secure Online
Keeping Your Devices Secure
Take immediate action, so you can stop an identity thief from doing more damage.
Place an initial Fraud Alert with the Credit Reporting Companies (Equifax, Experian, Transunion)
Order Your Credit Reports
Create an Identity Theft Report
Monitor Your Progress - resolving identity theft will take phone calls and letters. Create a filing system to organize your calls, paperwork, and timelines.
Strange Phone Call(s)
USB Drop Skit
Do not provide personal information or information about your organization
Do not reveal personal or financial information in email
Do not respond to email solicitations for this information
Don't send sensitive information over the Internet before checking a website's security
Warning signs of
“You must act ‘now’ or the offer won’t be good.”
If you believe you might have revealed sensitive information about the Nation’s data, report it to your immediate supervisor or Manager. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Spam and Chain Email
What is spam email?
My family needs help, please assist
What is a chain email?
Send this to 300 of your friends for good luck
Takes up valuable resources
Takes up time
Can contain links to harmful sites
Can contain harmful files
External Media Devices
Social Media Gossip
Approved Installs on Nation’s systems
Virtual Private Network (VPN) Connections
Data Loss Prevention (DLP)
Emailing Nation’s data
Amount of Data the Nation holds
USB thumb drives
External hard drives
Desktop/Laptop hard drives
Physical Security Measures
Logical Security Measures
Logical Security Measures
Applied to all machines on the nation
Monitor viruses that each system receives and what actions taken by device
Anti-virus software will scan all files on computer, including external media(flash drives)
If something is found will quarantine or delete item
Maintain reports of viruses
Filter all incoming and outgoing email
Block bulk messages
Including suspicious IPS
Algorithm applied to emails which will determine actions
Administrative Security Measures
Computer Use Policy
Policies in process
Segregation of Duties
Rule of Least Privilege
Outside of the Office
Ensure possession of laptops, mobile devices, etc.
All wireless security features are properly configured and maintained.
Do not work on sensitive material when using an insecure connection.
Use extreme caution when using a VPN connection on a non-secure environment. (e.g., hotel)
Be vigilant about protecting information and information systems outside of the office.
Manage IT Assets
Create and deploy a registry of hardware and software assets. Record the name, brand, make, serial numbers, and product keys of equipment and/or software. Make sure you include monitors and other portable assets like printers, scanners, laptops, mobile phones, and storage media. i.e.. Flash drives, external hard drives, cds….
Make sure portable equipment that is not being used on a daily basis is put away in a secure location.
Monthly or quarterly audits of equipment ensures unnecessary loss of data or devices.
Did you know?
Security Researchers say that 35% of data breaches in U.S. companies are due to employees losing laptops and other mobile devices.
Lock your computer
Screen Saver Password
Log out of Programs
Windows + L
Lost or Stolen
Maintaining a list of information
Nation Asset Tag Number
Change all passwords for online accounts previously accessed using the stolen device
Report the loss to police and IT Department as soon as possible.
“You must send money, give a credit card or bank account number, or have a check picked up by courier.” You may hear this before you have had a chance to consider the offer carefully.
“You don’t need to check out the company with anyone.” The callers say you do not need to speak to anyone including your family, lawyer, accountant, local Better Business Bureau, or consumer protection agency.
“You don’t need any written information about their company or their references.”
“You can’t afford to miss this ‘high-profit, no-risk’ offer.”
“You’ve won a ‘free’ gift, vacation, or prize.” But you have to pay for postage and handling” or other charges.
Warning signs of
Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
Watch for other signs of identity theft.
Consider reporting the attack to the police, and file a report
Contact DoIT for any suspicious activity