Information Security Information Security Awareness Training Awareness Training
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
Dec 31, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information SecurityInformation SecurityAwareness TrainingAwareness Training
Why Information Security?Why Information Security?
Information is a valuable asset for all Information is a valuable asset for all kinds of businesskinds of business
More and more information related More and more information related crimes happencrimes happen
Information leakage, damage will Information leakage, damage will impact, even finish businessimpact, even finish business
Do’s and don’tsDo’s and don’ts
Do use licensed and supported Do use licensed and supported softwaresoftware
Do have anti-virus tool, keep it Do have anti-virus tool, keep it up to date, and scan portable up to date, and scan portable media before usagemedia before usage
Verify your Anti-virus is up to dateVerify your Anti-virus is up to date
Verify your Anti-virus is up to dateVerify your Anti-virus is up to date
Do’s and don’ts Do’s and don’ts (continued)(continued)
Do have your Personal Firewall Do have your Personal Firewall set to ONset to ON
Verify your Personal Firewall is ONVerify your Personal Firewall is ON
Verify your Personal Firewall is ONVerify your Personal Firewall is ON
Verify your Personal Firewall is ONVerify your Personal Firewall is ON
Verify your Personal Firewall is ONVerify your Personal Firewall is ON
Configure Screen SaverConfigure Screen Saver
Configure Screen SaverConfigure Screen Saver
Do’s and don’ts Do’s and don’ts (continued)(continued)
Do keep Windows XP security Do keep Windows XP security patches up to datepatches up to date
Do keep software up to dateDo keep software up to date
Do choose a strong password, Do choose a strong password, change it periodically, and make change it periodically, and make sure that you are the only person sure that you are the only person that knows itthat knows it
Pa55VV0RD!!Pa55VV0RD!!Don't use your login name in any formDon't use your login name in any form
Don’t use word or words contained in any Don’t use word or words contained in any language dictionarylanguage dictionary
Don't use numbers significant to you or Don't use numbers significant to you or someone close to you, or associated with someone close to you, or associated with the University the University
Don't use passwords based on simple Don't use passwords based on simple keyboard patternskeyboard patterns
Remember it or keep it in a protected Remember it or keep it in a protected place, such as a locked safe place, such as a locked safe
Do’s and don’ts Do’s and don’ts (continued)(continued)
Do use Laurier’s resources for business purposes, Do use Laurier’s resources for business purposes, please!please!Do lock your screen/computer when unattendedDo lock your screen/computer when unattendedFor laptop users, do keep your eyes on it, use For laptop users, do keep your eyes on it, use chain locks when necessarychain locks when necessaryDo contact the ITS Help Desk when necessaryDo contact the ITS Help Desk when necessaryDo report incidents, abnormal things to Do report incidents, abnormal things to designated people, and leave the scene designated people, and leave the scene untouched if don’t know what to dountouched if don’t know what to doDo back up your documentsDo back up your documents
Do Do think about IT security on a regular think about IT security on a regular basisbasis
Do’s and don’ts Do’s and don’ts (continued)(continued)
Do not shut down security applications on your computer, including anti-virus tool, Firewall, automated update etcDo not let unknown people touch your computer, feel free to challenge his/her ID when necessary
Do not give out your password to anyone, including ITS staffDo not provide your password in an email replyDo not connect personal computing devices to the WLU wired networkDo not use insecure wireless connectionsDo not open an email attachment unless you are certain of the veracity of its contentsDo not open an unknown website or URL unless unless you are certain of its veracity you are certain of its veracity
ExampleExample
ExampleExample
ExampleExample
ExampleExample
ExampleExample
Social EngineeringSocial Engineering
Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insidersThe goal of social engineering is to trick someone into providing valuable information or access to that information
Suggestion 1Suggestion 1If you cannot personally identify a caller If you cannot personally identify a caller who asks for personal information about who asks for personal information about you or anyone else, for information about you or anyone else, for information about your computer system, or for any other your computer system, or for any other sensitive information, do not provide the sensitive information, do not provide the information. Insist on verifying the caller’s information. Insist on verifying the caller’s identity by calling them back at their identity by calling them back at their proper telephone number as listed in proper telephone number as listed in telephone directory. This procedure telephone directory. This procedure creates minimal inconvenience to creates minimal inconvenience to legitimate activity when compared with legitimate activity when compared with the scope of potential losses.the scope of potential losses.
Suggestion 2Suggestion 2Remember that passwords are sensitive. A Remember that passwords are sensitive. A password for your personal account should password for your personal account should be known ONLY to you. Systems be known ONLY to you. Systems administrators or maintenance technicians administrators or maintenance technicians who need to do something to your account who need to do something to your account will not require your password. They have will not require your password. They have their own password with system privileges their own password with system privileges that will allow them to work on your that will allow them to work on your account without the need for you to reveal account without the need for you to reveal your password. If a system administrator your password. If a system administrator or maintenance technician asks you for or maintenance technician asks you for your password, be suspicious.your password, be suspicious.
Suggestion 3Suggestion 3Systems maintenance technicians from Systems maintenance technicians from outside vendors who come on site should outside vendors who come on site should be accompanied by the local site be accompanied by the local site administrator. If the site administrator is administrator. If the site administrator is not familiar to you, or if the technician not familiar to you, or if the technician comes alone, it is wise to give a call to comes alone, it is wise to give a call to your known site administrator to check if your known site administrator to check if the technician should be there. the technician should be there. Unfortunately, many people are reluctant Unfortunately, many people are reluctant to do this because it makes them look to do this because it makes them look paranoid, and it is embarrassing to show paranoid, and it is embarrassing to show that they do not trust a visitor.that they do not trust a visitor.
Thanks for your time !Thanks for your time !Any questions or suggestions?Any questions or suggestions?
To download this slides, go to computersecurity.wlu.ca, Security Awareness Training
Recommend : Tips of The Day Guidelines to Password Selection
Grant LiGrant LiEx. 2797Ex. 2797Email: [email protected]: [email protected]
Related Documents
