Building An Information Security Awareness Program
-
Upload
bill-gardner -
Category
Internet
-
view
554 -
download
1
description
Transcript of Building An Information Security Awareness Program
![Page 1: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/1.jpg)
Building an Information Security Awareness ProgramBuilding an Information Security Awareness Program
Bill GardnerBill GardnerAssistant ProfessorAssistant Professor
Department of Integrated Science & TechnologyDepartment of Integrated Science & Technology
Digital Forensics and Information Assurance ProgramDigital Forensics and Information Assurance Program
Marshall UniversityMarshall University
![Page 2: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/2.jpg)
![Page 3: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/3.jpg)
Hack3rcon.org
![Page 4: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/4.jpg)
appyide.org
![Page 5: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/5.jpg)
hackersforcharity.org
![Page 6: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/6.jpg)
Image Source: http://blog.rucker.ca/2009/02/youre-doing-it-wrong.html
![Page 7: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/7.jpg)
Image Source: http://www.agilemodeling.com/artifacts/networkDiagram.htm
![Page 8: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/8.jpg)
Copyright 2014 Bill Gardner and Frank Hackett
![Page 9: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/9.jpg)
What is Security Awareness and Training
![Page 10: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/10.jpg)
Why Security Awareness and Training?
Image Source: http://www.thewindowsclub.com/social-engineering-techniques
![Page 11: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/11.jpg)
Getting Management Buy-in
Image Source: https://supportforums.cisco.com/blog/150946/building-strong-security-policies
![Page 12: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/12.jpg)
Getting Management Buy-in
Image Source: https://www.chromeriver.com/postcards/
![Page 13: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/13.jpg)
Getting Management Buy-in
Image Source: https://www.facebook.com/thesfglobe/photos/a.581802245240710.1073741828.578850155535919/601831693237765/?type=1&theater
![Page 14: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/14.jpg)
Getting Management Buy-in
Image Source: http://www.european-coatings.com/Markets-Companies/CPS-Color-increases-colorant-production
![Page 15: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/15.jpg)
Targeted
Image Source: http://theasggroup.com/2012/05/tools-for-salespeople/
![Page 16: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/16.jpg)
Targeted
Image Source: http://www.processmakerblog.com/bpm-2/secrets-automating-department/
![Page 17: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/17.jpg)
Targeted
Image Source: http://www.innovationmanagement.se/2011/05/19/how-to-foster-greater-collaboration-between-innovators-and-the-it-department/
![Page 18: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/18.jpg)
How Often
Image Source: http://integrityhr.com/top-10-violations-investigated-by-the-dol-and-how-to-avoid-them/
![Page 19: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/19.jpg)
How Often
Image Source: http://cheezburger.com/1904315136
![Page 20: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/20.jpg)
How Often
Image Source: http://www.theproducersperspective.com/my_weblog/2012/11/broadways-2012-quarter-2-report.html/i_love_quarterly_reports_mug-p168055427806712929enw9p_400
![Page 21: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/21.jpg)
How Often
Image Source: http://micronarratives.blogspot.com/2010/08/continual-improvement-cycle-quality.html
![Page 22: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/22.jpg)
User Awareness Training Must Be Engaging
Image Source: http://jansimson.com/2011/10/29/omg-that-class-is-so-boring/
![Page 23: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/23.jpg)
User Awareness Training Must Be Engaging
Image Source: https://www.pjrc.com/teensy/projects.html
![Page 24: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/24.jpg)
User Awareness Training Must Be Engaging
Image Source: http://www.cedia.org/in-person-training
![Page 25: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/25.jpg)
User Awareness Training Must Be Engaging
Image Source: https://www.facebook.com/efm.lk/photos/a.132867908531.105751.75172638531/10153169793713532/?type=1&theater
![Page 26: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/26.jpg)
User Awareness Training Must Be Engaging
Image Source: http://pictures.4ever.eu/tag/23829/lot-of-money?pg=2
![Page 27: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/27.jpg)
The First Step of User Awareness Training is Explaining Risk
Image Source: https://www.facebook.com/photo.php?fbid=1415938958687951&set=a.1384739928474521.1073741828.100008155802751&type=1&theater
![Page 28: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/28.jpg)
Cost of A Data Breach
Image Source: https://www.facebook.com/photo.php?fbid=10152535939267845&set=a.130149082844.132252.90859152844&type=1&theater
![Page 29: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/29.jpg)
Why Hack?
• Money – Identity Theft, Credit Card Theft• Industrial Espionage - Trade Secrets• Hacktivism• Cyber War• Bragging Rights
Image Source: https://nuestropensar.wordpress.com/2010/12/
![Page 30: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/30.jpg)
Threats
• Russian Business Network• Chinese Hackers• Hacktivism• Cyberwar
Image Source: http://feministmormonhousewivespodcast.org/category/threats/
![Page 31: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/31.jpg)
Russian Business Network
• Commonly abbreviated as RBN
• Multi-faceted cybercrime organization
• Specializes in personal identity theft for resale.
Image Source: http://jeffreycarr.blogspot.com/2013/01/rbn-connection-to-kasperskys-red.html
![Page 32: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/32.jpg)
Chinese Hackers
• Hack for nationalistic reasons.
• Some appear to be state sponsored or a unofficial part of the Chinese Army.
• GhostNet• Google Hack• APT – Advanced
Persistent Threat
![Page 33: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/33.jpg)
Hacktivism
"the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft..."
Image Source: http://www.anonymousartofrevolution.com/2013/08/hacktivism-self-defense-for.html
![Page 34: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/34.jpg)
Cyberwar
• Cyberwarfare is used to refer to politically motivated hacking to conduct sabotage and espionage.
• Is state sponsored.• In the 2007 Russia waged
cyberwar against Estonia.Image Source: http://www.wired.com/2011/07/make-love-not-cyber-war/
![Page 35: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/35.jpg)
Most Attacks Are Targeted
• Targeted threats are a class of malware destined for one specific organization or industry
• Targeted attacks may include threats delivered via e-mail, port attacks, zero day exploits or phishing messages.
![Page 36: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/36.jpg)
![Page 37: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/37.jpg)
![Page 38: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/38.jpg)
![Page 39: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/39.jpg)
![Page 40: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/40.jpg)
![Page 41: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/41.jpg)
![Page 42: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/42.jpg)
![Page 43: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/43.jpg)
Who is responsible for security?
Image Source: http://www.caltrate.co.za/everybody-needs-calcium
![Page 44: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/44.jpg)
Image Source: https://blog.lookout.com/blog/2013/11/12/security-alert-adobe-password-breach/
![Page 45: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/45.jpg)
Passwords
![Page 46: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/46.jpg)
Locking Computers
![Page 47: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/47.jpg)
Attachments
Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
![Page 48: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/48.jpg)
Phishing
![Page 49: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/49.jpg)
Social Engineering
• Not all security breaches are the result of technical attacks.
• In computer and network security people are the weakest link.
• As he outlines in this book “The Art of Deception”, convicted computer hacker Kevin Mitnick penetrated computer networks by tricking people into giving him passwords and other confidential information.
![Page 50: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/50.jpg)
No Tech Hacking
• Dumpster Diving – Sometimes confidential document can be found in the trash.
• Tailgating – Following someone through a locked door.• Shoulder Surfing – Getting passwords or other
confidential information by looking over someone’s shoulder.
• Google Hacking – Finding passwords or other confidential information by using Google searches.
• P2P Hacking – Finding passwords or other confidential information on peer-to-peer networks.
![Page 51: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/51.jpg)
No Tech Hacking
![Page 52: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/52.jpg)
Insecure third-party software
• P2P file sharing – Some people share entire hard drive• Instant Messaging- IM is insecure because it was not designed with
security in mind
![Page 53: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/53.jpg)
Adware
Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed or while the application is being used.
![Page 54: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/54.jpg)
![Page 55: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/55.jpg)
Spyware
Some types of adware are also spyware and can be classified as software that steals personal information when you enter it into legitimate programs or websites, or logs your keystrokes to steal your passwords or other personal information.
![Page 56: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/56.jpg)
Web Attacks
• IFrame attacks• Cross site scripting• Doesn’t require the user to click on anything• Simply visiting the site will cause an infection
![Page 57: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/57.jpg)
Two Examples of Web Attacks• WV State Bar website: http://www.wvbar.org/• The WV record: http://www.wvrecord.com/
![Page 58: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/58.jpg)
![Page 59: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/59.jpg)
![Page 60: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/60.jpg)
Metadata Awareness
![Page 61: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/61.jpg)
![Page 62: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/62.jpg)
![Page 63: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/63.jpg)
![Page 64: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/64.jpg)
![Page 65: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/65.jpg)
![Page 66: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/66.jpg)
![Page 67: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/67.jpg)
![Page 68: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/68.jpg)
Redlining/Track Changes
![Page 69: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/69.jpg)
![Page 70: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/70.jpg)
![Page 71: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/71.jpg)
![Page 72: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/72.jpg)
![Page 73: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/73.jpg)
![Page 74: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/74.jpg)
![Page 75: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/75.jpg)
![Page 76: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/76.jpg)
![Page 77: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/77.jpg)
![Page 78: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/78.jpg)
![Page 79: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/79.jpg)
Estimated Publish Date August 18th, 2014
![Page 80: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/80.jpg)
Questions?
![Page 81: Building An Information Security Awareness Program](https://reader035.fdocuments.us/reader035/viewer/2022062614/546eb40baf79599f0f8b47f0/html5/thumbnails/81.jpg)
Contact Information
• Facebook : https://www.facebook.com/oncee• Twitter: @oncee• Linkedin: http://www.linkedin.com/in/304blogs