1. Top 10 Ways to Make Your EmployeesMore Security Aware 2:00PM EDT, Thursday August 26th, 2010Presented By: Gregg BrowinskiCTO, PistolStar Inc.Moderated By: Kimberly Johnson Marketing Associate, PistolStar Inc.

2. Welcome to the Event Setting Your Expectations: Objective is to give you food for thought Housekeeping Points Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc. 3. Security Awarenesso Many organizations tend to overlooko Forms the first line of defense against attackso Security Awareness Programs = Headacheso Arm your employees with 10 tips to be more aware 4. Tip #1: Provide Credentials on HTTPS Protected Siteso Users should get in the habit of looking at a URLbefore logging ino HTTPS is Hypertext Transfer Protocol layered onan encrypted SSL/TLSo Prevents eavesdropping attacks 5. Tip #2: Creating Strong Passwords Give Them a Clueo Provide a visual clue for employees when creating passwordso Avoids risks associated with weak passwordso Standards for passwords ever increasing demands for superpasswordso Pass Phrases 6. Tip #3: Watch for Your Personal WatermarkGoing to the beach is the best!o Provides compliance when multi-factor authentication isrequiredo Another visual clue for the usero Usually used by financial institutionso Mutual authentication - proves servers identity to user 7. Tip #4: Look at Your Last Login Date and Timeo Provides a quick check for fraudulent loginso Can be a log or a simple phrase 8. Tip #5: Password History Policieso The challenge is to maintain usability whileincreasing compliance and securityo Enforce only when appropriateo Expiration interval and password history limitare inversely proportional 9. Tip #6: Using Security Question(s)Examples: Bad Question: What was your first pet? Good Question: Who was your first kiss?o Use mandatory or optional sets of questionso It is better to require more answerso Can be used to reset passwords or to augment loginsecurity 10. Tip #7: Avoid Password Lockout Stop Logging In!o Caused by users habit of repeatedly trying to login with the samecredentialso Configure Password Lockouts to expireo Use helpful warning messages to educate and reduceHelp Desk calls 11. Tip #8: Watch for Trouble Spots & Malicious Activity o Points throughout a users day where security is the weakest o Educate employees about attacks and how to watch for them 12. Tip #9: Use Virtual Keyboard When Available o Avoid keystroke logging attacks educate users o Implement a virtual keyboard for password and/or challenge answer fields 13. Tip #10: Avoid Concurrent Login Sessionso Prevent concurrent login sessions Inactivity timeouts Logging in invalidates pre-existing sessions Logging in not possible until previoussessions are logged outo Tailor to the required level of data protection 14. Please Answer Based on a Scale from 1 to 5:Short Q&A Session: 1. How much of an overall concern is securityThank You for Your Answersawareness and authentication in yourorganization currently? In order to help us provide our audience with the Please Choose One Answer for the Following: appropriate information for 2. Out of these four business drivers which one future events, please take resonates the most with you and in your a moment to respond with environment? your answers to thea) Usability following questions viab) Security Instant Message. c) Auditingd) Compliance Your answers are greatly3. Out of these four feature categories which one appreciated. Thank you.resonates the most with you and in yourenvironment?e) Password Managementf) Self-serviceg) Audit/Loggingh) Stronger Authentication 15. Q&A Q&A Session Thank You for Attending Please email Kjohnson@pistolstar.com with any questions,comments or feedback you may have For more information on this series and other webinars such as: Securely Manage Your Corporate Portal Login: Take a Look at How theFinancial Industry is Leading the WayPlease Visit: http://portalguard.com/learn-more.html