Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

InfoSec Awareness 101

No description
by

Liam O'Reilly

on 13 September 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of InfoSec Awareness 101

Who Is Interested In Our InfoSec?
Translating this into
Day-to-Day Activities...
Secure personal information when not in use
Lock Draws
Cabinets
Safe
Wear your employee ID at all times
Challenge unaccompanied guests or people not wearing AJW ID
Positioning computer screens away from windows to prevent accidental disclosures of personal information
Introduction and
the Basics of "InfoSec"
Executive Summary
AJ Walter Aviation is responsible, as part of it’s commitment to:
ISO27001
Data Protection Act 1998
To ensure that staff are aware of the policies and procedures in place, and the reasons why we are tightening up on our working practice

Information Security
Awareness 101

Remember:
Keep all information and passwords secure
It is everyone's responsibility to protect data
3 main aspects of InfoSec
C
onfidentiality
I
ntegrity
A
vailability
Disclosing Information
& Social Engineering
Be aware that there are people who will try and trick others to give out personal information
Prevent these disclosures by carrying out identity checks before giving out personal information to someone making an incoming call
Perform similar checks when making outgoing calls
Consider limiting the amount of personal information given out over the telephone and to follow up with written confirmation if necessary

ISO 27001

What is it?
It is an international standard for an Information Security Management System (ISMS)

Essentially ISO27001 is a best practice approach which is intended to bring information security under explicit management control

Are AJ Walter Aviation ISO 27001 Certified?
No, not currently. But...
We are committed to achieving compliance in 2014
Translating this into
Day-to-Day Activities...cont
Encrypt personal information that is being taken out of the office if it would cause damage or distress if lost or stolen
Lock or log off computers when away from desks
Dispose of confidential paper securely by shredding
Ensure your desk is tidy and clear of sensitive information
Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected
What is Information?
Printed or written on paper
Stored electronically
Transmitted by post or electronic means
Visual e.g. videos, diagrams
Published on the Web
Verbal/aural e.g. conversations, phone calls
Intangible e.g. knowledge, experience, expertise, ideas

Types of Information
Information security is in essence the methods used in protecting information assets from accidental or deliberate:

Modification
Disclosure
Destruction
Denial

What is Infomation Security (InfoSec)?
Information
The Bigger Picture
People who use or have an interest in our information security include:

Shareholders / owners
Management & staff
Customers / clients, suppliers & business partners
Service providers, contractors, consultants & advisors
Authorities, regulators & judges

External Threats To Our Information?
People who have an unethical interest in our information include:

Social engineers
Unethical competitors
Hackers
Fraudsters

Information Security Committee
Information Security Officer
Emergency Response Team
IT, Legal, Quality, HR
Last but not least, you!

Bottom Line:
Information security is everyone’s responsibility

Who Is Responsible For InfoSec?
External Threats:
Tailgating
Smartly dressed, confident and polite, the offenders don’t look like criminals as they follow staff into access-controlled areas, sometimes using a mobile phone to avoid being approached or questioned.

But, once inside, they steal property such as wallets, credit cards and corporate information
Intro to Phishing Scams
Password Security Awareness
Physical Security Awareness
Fulfill Your Security Obligations
Stay up to date on information security:
Visit the Information Security QMaps

What Is An ISMS?
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organisation's sensitive data.

The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.


Key Elements
There are three elements to protecting information:

Confidentiality
– Protecting information from unauthorised disclosure to people or processes.

Availability
– Defending information systems and resources from malicious, unauthorised users to ensure accessibility by authorised users.

Integrity
– Assuring the reliability and accuracy of information and IT resources.
Access Control Do's
Follow Security Procedures
Wear Identity Cards and Badges
Ask unauthorised visitors for credentials
Password Do's
Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)
Use passwords that can be easily remembered by you
Change passwords regularly as per the password policy
Use passwords that are significantly different from earlier passwords
Access Control Don'ts
Bring visitors in operations area without prior permission
Practice “tailgating”
Bring and use usb drives, ipods, other storage devices unless and otherwise authorised to do so
Password Don'ts
Use passwords which reveals your personal information or words found in dictionary
Write down or Store passwords
Share passwords over phone or email
Use passwords which do not match the password policy complexity criteria
Internet Do's
Use internet services for business purposes only
Internet Don'ts
Do not access internet through unauthorised connectivity
Do not use internet for viewing, storing or transmitting obscene or pornographic material
Do not use internet for accessing auction sites
Do not use internet for hacking other computer systems
Do not use internet to download / upload commercial software / copyrighted material
Email Do's
Use official mail for business purposes only
Follow the mail storage guidelines to avoid blocking of emails
If you come across any junk / spam mail, do the following:
Delete the email
Inform the IT helpdesk
Email Don'ts
Do not use official ID for any personal subscription purpose
Do not forward unsolicited mails of any type like chain letters or email Hoax
Do not post non-business related information to large number of users
Do not open emails from unknown senders or attachments
Your responsibilities...
Threats To Our Information
Information Security Management System (ISMS)
Internal Threats
Accidents
Lack of change control
Disgruntled employee
Power disruptions
Environmental disasters

Don't Get Caught Out
Wear your employee ID badge at all times
Never let strangers in to the building, please refer them to reception to obtain a security pass
Be vigilant when entering the building
Report any suspicious behavior or people you believe have unauthorised access

Signs of a Social Engineer Attack
Refusal to give contact information
Rushing
Name-dropping
Intimidation
Small mistakes (misspellings,
misnomers, odd questions)
Requesting forbidden information

Statistics has shown that most damage is done by insiders -- people with authorised access to internal systems.
Many insiders have the access and knowledge to compromise or shut down entire systems and networks.

You are expected to report information that comes to your attention and that raises potential concerns about information security.

Call the Information Security Officer on extension 8385 or email infosec@ajw-aviation.com

Damage from Within
Social engineering is the practice of obtaining confidential information by manipulation of legitimate users.

A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies.

Social engineers exploit the natural tendency of a person to trust another’s word, rather than exploiting computer security holes.

Social Engineering
Please complete the certification process by taking the short quiz linked below:


After you complete the quiz, if you have any comments or recommendations regarding this material or IT security in general, please forward them to infosec@ajw-aviation.com

The End
https://docs.google.com/forms/d/1bHE5TkqS7X_0NYY9SyX0-GUPt1ruJ4Ty1MsvwzdSD50/viewform
Full transcript