Add to collection(s) Add to saved
  1. No category
Uploaded by esrajarathinam

14230878

advertisement 
IT Annual Training-2016
Information Security – Creating
Awareness, Educating Staff, and
Protecting Information
Robert Leonard
Information Security Manager
Hamilton
Understanding Threats
• What is valuable?
– Trade Secrets
– CPNI
– Personal Identifiable Data
• What is vulnerable?
– Desk
– Work Area
• What can we do to safeguard and mitigate threats?
• What can we do to prepare ourselves?
– Education
– Annual Testing
• Most believe they will win lottery before getting hit by malicious
code
2
Keep Sensitive Data Private
Protecting Information like:
•
•
•
•
•
•
CPNI
Drivers license number
Insurance numbers
Passwords and PIN’s
Banking information
Trade Secrets
3
Passwords
• Select a good one
–
–
–
–
At least 7 characters
Mixture of upper and lowercase characters
Mixture of alpha and numeric characters
Do not use dictionary words
• Keep passwords safe
• Change them often
• Don’t share or reuse passwords
4
Email & Chat Services
• Email and chat are sent in clear text over the Internet
• Data can easily be captured and read by savvy
computer users and systems administrators
• Do not use these programs for sending/receiving
sensitive information
Thought---What are some other possible ways we can
accomplish this??
5
Enhance Our Work Area Security
• Secure workstations
–
–
–
–
–
Lock our systems (Windows+L)
Shut down
Double check our virus scanning software is up to date
Password protect files
Apply software patches
What else can we do to secure the work area??
6
Incident Response
• Do you know what to do and who to contact if
a security breach occurs?
– Report immediately to your Business Line
Manager or Information Security Manager (Rob
Leonard)
– Write down all pertinent information about the
breach so you don’t forget details.
7
8
What is Social Engineering?

Social engineering is the psychological manipulation of people for the
purpose of gathering information, fraud, or system access.
9
5 Types of Social Engineering
•
•
•
•
•
Pretexting
Phishing
Baiting
Quid Pro Quo
Tailgating
Pretexting
• Creating an invented scenario to manipulate a
person to divulge information or perform an
action.
• Example – You get a call from someone claiming
to be from your bank. They say that there has
been some suspicious purchases from your
account. To correct the problem they ask for your
account information. The attacker then use this
information to access your bank account.
Phishing
• Attempting to acquire sensitive information by
masquerading as a trustworthy source in an
email.
• Example – Attacker send you an email stating
your PayPal account has had to many failed
logons and requires you to change your
password. A link in the email leads to a web page
that looks like it is the PayPal webpage. Once you
enter your logon information they now have your
username and password to access your account.
Quid pro quo
• A hacker offers a service or benefit in exchange
for information or access.
• Example – Attacker pretends to be from an IT
service and offers assistance to each victim. They
promise a quick fix if the person would disable
their Anti-Virus program. They then install a piece
of malware on the computer that assumes the
appearance of software updates.
Baiting
• An attacker leaves a malware-infected physical
device, such as a USB flash drive in a place it is
sure to be found.
• Example - A flash drive may be placed on the
ground labeled 2016 Financials. A user then
picks up the disk and plugs it into there
computer. Malware on the computer then
infects it.
Tailgating
• Someone who lacks the proper authentication
following an employee into a restricted area.
• Example – A person posing as a delivery driver
asks for an employee to hold the door,
thereby gaining access to the facility.
How to Prevent Social Engineering
Attacks
• Never provide confidential information or credentials
to unknown sources.
• If you receive an email with a link to an unknown
site, avoid the instinct to click it.
• If you are unsure if an email is legitimate, try
contacting the company directly or contact your IT
staff.
• Always be wary of USB drives and disks you find lying
around.
• Don’t hold a door open for someone in a secure
building. Always require them to use the hand scanners
for access.
Thank You!!!
If you have any questions, feel free to contact your Business Line
Manager or Hamilton's Information Security Manager (ISM) at
Ext. 7223.
REMEMBER to take the test on the Intranet site to satisfy your
responsibility to have Annual Security Training.
17
Related documents
Social Engineering
Social Engineering
Social Engineering Techniques
Social Engineering Techniques
Social Engineering Attacks
Social Engineering Attacks
SI110 Spring AY13 Alpha:___________ Name:________________________________
SI110 Spring AY13 Alpha:___________ Name:________________________________
social engineering presentation
social engineering presentation
Security Awareness for ISACA
Security Awareness for ISACA
Vulnerabilities
Vulnerabilities
Future Enhancements
Future Enhancements
Chapter 4 Outline
Chapter 4 Outline
Chat GPT's second midterm review cheat sheet
Chat GPT's second midterm review cheat sheet
Comptia Sec+ 300 Practice Questions
Comptia Sec+ 300 Practice Questions
Download
advertisement