Building an Information Security Awarenes Building an Information Security Awarenes Program Program Bill Gardner Bill Gardner Assistant Professor Assistant Professor Department of Integrated Science & Technology Department of Integrated Science & Technology Digital Forensics and Information Assurance Digital Forensics and Information Assurance Program Program Marshall University Marshall University
81
Embed
Building An Information Security Awareness Program
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Building an Information Security Awareness ProgramBuilding an Information Security Awareness Program
Bill GardnerBill GardnerAssistant ProfessorAssistant Professor
Department of Integrated Science & TechnologyDepartment of Integrated Science & Technology
Digital Forensics and Information Assurance ProgramDigital Forensics and Information Assurance Program
• Some appear to be state sponsored or a unofficial part of the Chinese Army.
• GhostNet• Google Hack• APT – Advanced
Persistent Threat
Hacktivism
"the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft..."
Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
Phishing
Social Engineering
• Not all security breaches are the result of technical attacks.
• In computer and network security people are the weakest link.
• As he outlines in this book “The Art of Deception”, convicted computer hacker Kevin Mitnick penetrated computer networks by tricking people into giving him passwords and other confidential information.
No Tech Hacking
• Dumpster Diving – Sometimes confidential document can be found in the trash.
• Tailgating – Following someone through a locked door.• Shoulder Surfing – Getting passwords or other
confidential information by looking over someone’s shoulder.
• Google Hacking – Finding passwords or other confidential information by using Google searches.
• P2P Hacking – Finding passwords or other confidential information on peer-to-peer networks.
No Tech Hacking
Insecure third-party software
• P2P file sharing – Some people share entire hard drive• Instant Messaging- IM is insecure because it was not designed with
security in mind
Adware
Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed or while the application is being used.
Spyware
Some types of adware are also spyware and can be classified as software that steals personal information when you enter it into legitimate programs or websites, or logs your keystrokes to steal your passwords or other personal information.
Web Attacks
• IFrame attacks• Cross site scripting• Doesn’t require the user to click on anything• Simply visiting the site will cause an infection
Two Examples of Web Attacks• WV State Bar website: http://www.wvbar.org/• The WV record: http://www.wvrecord.com/