By: Travis Holm. Security awareness is the knowledge and attitude members of an organization...
-
date post
22-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of By: Travis Holm. Security awareness is the knowledge and attitude members of an organization...
![Page 1: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/1.jpg)
SECURITY AWARENESS
PRESENTATION By: Travis Holm
![Page 2: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/2.jpg)
What is Security Awareness?
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially information assets of that organization
![Page 3: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/3.jpg)
2 PARTS:
Personal/Identity Security
Information Security
![Page 4: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/4.jpg)
IDENTITY THEFT
![Page 5: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/5.jpg)
What is Identity Theft?
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes
It can destroy your credit and your good name
![Page 6: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/6.jpg)
Identity Theft Fact:
The FTC estimates that as many as 9 million Americans have their identities stolen each year. (2009) In fact, you or someone you know may have experienced some form of identity theft
![Page 7: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/7.jpg)
Identity Theft:
This crime takes many forms:
Credit Card FraudPhone or Utilities FraudBank/Finance FraudObtain Government DocumentsOther Fraud
![Page 8: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/8.jpg)
Identity Theft:
![Page 9: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/9.jpg)
How do thieves steal an identity?
For identity thieves, your personal information is as good as gold!!
Thieves use a variety of methods to get hold of your personal information, including:
![Page 10: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/10.jpg)
How do thieves steal an identity?
Dumpster Diving - They rummage through trash looking for bills
Skimming - They steal credit/debit card numbers by using a special storage device
Phishing - They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information
![Page 11: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/11.jpg)
How do thieves steal an identity?
Changing Your Address - They divert your billing statements to another location by completing a change of address form
Old-Fashioned Stealing - They physically steal wallets/purses & postal mail; steal personnel records, or bribe employees who have access
![Page 12: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/12.jpg)
What do thieves do once they have your identity?
Credit Card Fraud:
- They may open new credit card accounts in your name
- They may change the billing address on your credit card
![Page 13: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/13.jpg)
What do thieves do once they have your identity?
Phone or Utilities Fraud:
- They may open a new phone or wireless account in your name
- They may use your name to get utility services like electricity, heating, or cable TV
![Page 14: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/14.jpg)
What do thieves do once they have your identity?
Bank/Finance Fraud:
- They may create counterfeit checks
- May open a bank account in your name
- Clone your ATM card- Take out a loan
![Page 15: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/15.jpg)
What do thieves do once they have your identity?
Government Documents Fraud:
- They may get a drivers license - Use your name and SS # to get government benefits
- File a fraudulent tax return
![Page 16: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/16.jpg)
What do thieves do once they have your identity?
Other Fraud:
- Apply for and get a job - Rent a house/apartment - Receive medical services- Give out your personal information during an arrest
![Page 17: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/17.jpg)
Monitor Your Identity
Monitor your accounts and bank statements each month
Check your credit report on a regular basis
![Page 18: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/18.jpg)
3 Major Credit Reporting Bureaus….
![Page 19: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/19.jpg)
![Page 20: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/20.jpg)
What to do if your Identity is stolen?
Check your credit reports Notify creditors immediately Dispute any unauthorized
transactions Last, but not least, file a police
report
![Page 21: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/21.jpg)
Do your part to prevent Identity theft!!
Be aware how information is stolen Educate your family, friends, and others Basic awareness and common sense Treat your trash and mail carefully
![Page 22: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/22.jpg)
![Page 23: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/23.jpg)
What is Information Security?
Describes the tasks of guarding information that is in a digital format
Integrity
Confidentiality
Availability
![Page 24: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/24.jpg)
Information Security Terminology:
AssetSomething that has value
ThreatAn event or object that may defeat the security measures in place
Threat AgentPerson or thing that has the power to carry out a threat
![Page 25: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/25.jpg)
Information Security Terminology:
VulnerabilityWeakness that allows a threat
agent to bypass security Exploiting
To take advantage of a vulnerability
RiskLikelihood that a threat agent will
exploit a vulnerability
![Page 26: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/26.jpg)
Who are the Attackers?
Hackers
Identifies anyone who illegally breaks into or attempts to break into a computer system
A Person who uses his or her advanced computer skills to attack computers only to expose security flaws
![Page 27: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/27.jpg)
Who are the Attackers?
Crackers
Refers to a person who violates system security with malicious intent
![Page 28: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/28.jpg)
Who are the Attackers?
Script Kiddies
Unskilled Users They download automated hacking
software
![Page 29: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/29.jpg)
Who are the Attackers?
Spies
A person who has been hired to break into a computer and steal information
![Page 30: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/30.jpg)
Who are the Attackers?
Thieves
Search for any unprotected computer
*From July through December of 2004, 54 percent of the top 50
malicious Internet programs were designed to steal confidential
financial information*
![Page 31: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/31.jpg)
Who are the Attackers?
Employees
Yes, your own employees!!
![Page 32: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/32.jpg)
Who are the Attackers?
Cyberterrorists
Terrorists who turn their attacks to the network and computer infrastructure to cause panic among citizens and wreak havoc with vital information systems
Such people may attack because of their ideology/beliefs
![Page 33: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/33.jpg)
Types of Attacks on Desktop Computers
Malware (Malicious Software)
Used to describe computer programs designed to break into and create havoc
Most common types of malware are:
![Page 34: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/34.jpg)
Common Types of Malware
Viruses
A program that secretly attaches itself to a document or another program and executes when that document or program is opened
![Page 35: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/35.jpg)
Common Types of Malware
Worms
Similar to viruses, but does not attach to a document to spread, but can travel by itself
A worm does not always require action by the computer user to begin its execution
![Page 36: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/36.jpg)
Common Types of Malware
Logic Bombs
A computer program that lies dormant until it is triggered by a specific logical event
![Page 37: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/37.jpg)
Types of Attacks on Desktop Computers
Spyware
General term used for describing software that violates a users personal security
Approximately 116,386 Web pages distributed spyware during April 2005
![Page 38: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/38.jpg)
Spyware Tools
Adware
Software that delivers advertising content in a manner this is unexpected and unwanted by the end user
![Page 39: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/39.jpg)
Spyware Tools
Phishing
Involves sending an e-mail or displaying web announcements that falsely claims to be from a legitimate enterprise
![Page 40: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/40.jpg)
Another Phishing Example:
![Page 41: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/41.jpg)
Spyware Tools
Keyloggers (Keystroke Logger)
Either a hardware device or a small software program that monitors keystrokes
May observe the program running in: MS Windows , Windows Task Manager
![Page 42: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/42.jpg)
Basic Attacks
Social Engineering
Social interaction that preys on human gullibility, sympathy, or fear to take advantage of the target; to steal money, information, or other valuables – basically a con man/woman
![Page 43: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/43.jpg)
Basic Attacks
Password Guessing
Brute Force – systematically changing one character at a time
Dictionary Attack – takes each word from a dictionary and encodes it the same way the computer encodes a user’s password for protection
![Page 44: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/44.jpg)
Basic Attacks
Physical Theft
February 2005 – The Bank of America said that it lost computer backup tapes containing personal information on about 1.2 million charge card users
May 2005 – Time Warner, Inc. reported that information on 600,000 current and former employees was missing
![Page 45: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/45.jpg)
Basic Attacks
Improperly Recycled Computers
Many people give them to schools, charities, or sell them online
To erase the data completely use a DOD Wipe program
![Page 46: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/46.jpg)
Desktop Defense
Patch Software
Describes software security updates that vendors provide for their programs and operating systems
Windows/Microsoft Update
![Page 47: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/47.jpg)
Desktop Defense
Firewalls
Designed to prevent malicious packets from entering the network or computers
Software or Hardware based Some routers have built in NAT
![Page 48: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/48.jpg)
Desktop Defense
Strong Passwords (Basic Rules)
Have at least 8 characters Combination of letters, numbers,
and special characters Replace every 30 days Do not reuse for 12 months
Example: U@ndI4evr
![Page 49: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/49.jpg)
Desktop Defense
Antivirus Software
Software scans a computer for infections and isolates any file that contains a virus
![Page 50: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/50.jpg)
Desktop Defense
Antispyware Software
Helps prevent computers from becoming infected by different type of spyware
Basically like antivirus software
![Page 51: By: Travis Holm. Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially.](https://reader036.fdocuments.us/reader036/viewer/2022062421/56649d7f5503460f94a62c33/html5/thumbnails/51.jpg)
Desktop Defense
How to Prepare
ALWAYS back-up your files that cannot be easily or quickly recreated!!! Portable USB hard drives Network attached storage device Internet/Online back-up Tape back-up CD/DVD ROM USB Flash Drive