Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Role of Information Security in Everyday Business.

Similar presentations


Presentation on theme: "The Role of Information Security in Everyday Business."— Presentation transcript:

1 The Role of Information Security in Everyday Business

2 Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

3 Information Security Explained Information security involves the preservation of: Confidentiality : Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals Integrity : Ensuring the accuracy and completeness of information and processing methods Availability : Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals

4 The Need for Information Security Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

5 The Need for Information Security It is the law

6 The Need for Information Security (2) In the news Mcafee: Auditor failed to encrypt employee-records CD, left it on plane, mercury news, 2/23/06 Another security breach reported - Stolen laptop had clients' private data, says Ernst & Young, San Francisco Chronicle, 2/25/06 The network is the risk: in August, the Zotob virus disabled CNN and ABC News... Risk & Insurance Magazine, 9/15/05 Glouco employee charged with theft: He and his brother are accused of creating fake firms to take $110,000-plus from the utilities authority, The Philadelphia Inquirer, 2/24/06 ChoicePoint multi-million dollar penalty illustrates need for congress to enact strong id-theft protections, regulate data brokers, US Newswire, 1/26/06 Consequences –Many of the victims are you, the people. –Reputations are compromised through media coverage. –Substantial financial loss is incurred by impacted organizations.

7 The Need for Information Security (3) Previous security incidents

8 The Need for Information Security (4) The consequences of insufficient security Loss of competitive advantage Identity theft Equipment theft Service interruption (e.g., and ) Embarrassing media coverage Compromised customer confidence; loss of business Legal penalties

9 Your Security Role at Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

10 Your security role at You can prevent several security threats facing Comply with our corporate security policies Key policy one Key policy two Key policy three All of s corporate security policies may be located: –

11 Your security role at You can prevent several security threats facing (2) Treat everything you do at as you would treat the well- being of anything of vital importance to you Examples of questions you should ask yourself before performing a specific activity include: –Could the actions I am about to perform in any way either harm myself or ? –Is the information I am currently handling of vital importance either to myself or ? –Is the information I am about to review legitimate / authentic? –Have I contacted appropriate personnel with questions regarding my uncertainty of how to handle this sensitive situation?

12 Your security role at Whom to contact It is critical for you to contact appropriate personnel the moment you suspect something is wrong

13 Vital Assets Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

14 Vital assets Your effectiveness in securing s assets begins with understanding what is of vital importance to

15 Security Threats & Countermeasures Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

16 Security threats & countermeasures Malicious software: viruses Malicious code embedded in messages that are capable of inflicting a great deal of damage and causing extensive frustration Stealing files containing personal information Sending s from your account Rendering your computer unusable Removing files from your computer What you can do Do not open attachments to s: Received from unknown individuals That in any way appear suspicious If uncertain, contact Report all suspicious s to

17 Security threats & countermeasures Malicious software: spyware Any technology that aids in gathering information about you or without their knowledge and consent. Programming that is put in a computer to secretly gather information about the user and relay it to advertisers or other interested parties. Cookies are used to store information about you on your own computer. –If a Web site stores information about you in a cookie of which you are unaware, the cookie is considered a form of spyware. Spyware exposure can be caused by a software virus or in result of installing a new program. What you can do Do not click on options in deceptive / suspicious pop-up windows. Do not install any software without receiving prior approval from. If you experience slowness / poor computer performance or excessive occurrences of pop-up windows, contact.

18 Security threats & countermeasures Unauthorized systems access Individuals maliciously obtain unauthorized access to computers, applications, confidential information, and other valuable assets Not all guilty parties are unknown; some can be your co-workers Unauthorized systems access can result in theft and damage of vital information assets What you can do Use strong passwords for all accounts Commit passwords to memory If not possible, store all passwords in a secure location (i.e., not on a sticky note affixed to your monitor or the underside of your keyboard) Never tell any one your password Never use default passwords Protect your computer with a password-protected screen saver Report suspicious individuals / activities to Report vulnerable computers to

19 Security threats & countermeasures Shoulder surfing The act of covertly observing employees actions with the objective of obtaining confidential information What you can do Be aware of everyone around you… and what they are doing Airline and train travel Airports, hotels, cafes, and restaurants; all public gathering areas Internet cafes Computer labs Do not perform work involving confidential information if you are unable to safeguard yourself from shoulder surfing Request a privacy screen for your -issued laptop computer from

20 Security threats & countermeasures Unauthorized facility access Individuals maliciously obtain unauthorized access to offices with the objective to steal equipment, confidential information, and other valuable assets What you can do Do not hold the door for unidentified individuals; i.e., do not permit tail gaiting Shred all confidential documents Do not leave anything of value exposed in your office / work space (e.g., Lock all confidential documents in desk drawers / file cabinets) Escort any of your own visitors throughout the duration of their visit

21 Security threats & countermeasures Curious personnel An employee who is not necessarily malicious that performs activities testing the limits of their network and facilities access What you can do Retrieve your confidential faxes and printed documents immediately Shred all confidential documents Lock all confidential documents in desk drawers / file cabinets Follow the guidance previously provided to prevent unauthorized systems access Report suspicious activity / behavior to your supervisor

22 Security threats & countermeasures Disgruntled employees Upset / troubled employees with an intent to harm other employees or What you can do Contact if you suspect an employee is disgruntled and potentially dangerous Be observant of others and report suspicious / inappropriate behavior to Exercise extreme care when aware of unfriendly termination

23 Security threats & countermeasures Social engineering Taking advantage of peoples helping nature / conscience for malicious purposes What you can do Never lose sight of the fact that successful social engineering attacks rely on you, employees If a received phone call is suspicious, request to return their call Do not provide personal / confidential information to a caller until you are able to verify the callers identity, and their association with their employers company Never provide a caller with any ones password, including your own Report any unrecognized person in a facility to

24 Security threats & countermeasures Phishing An online scam whereby s are sent by criminals who seek to steal your identity, rob your bank account, or take over your computer What you can do Use the stop-look-call technique: Stop: Do not react to phishing ploys consisting of upsetting or exciting information Look: Look closely at the claims in the , and carefully review all links and Web addresses Call: Do not reply to s requesting you to confirm account information; call or the company in question to verify if the is legitimate Never personal information When submitting personal / confidential information via a Web site, confirm the security lock is displayed in the browser Review credit card and bank account statements for suspicious activity Report suspicious activity to

25 Security threats & countermeasures Information theft through free instant messaging services (IM) Privacy threats caused by using free IM services in the workplace include personal information leakage, loss of confidential information, and eavesdropping What you can do Depending upon with whom you are communicating, and how IM was implemented, every message you send – even to a co-worker sitting in the next cubicle – may traverse outside of s corporate network All of the messages you send may be highly susceptible to being captured and reviewed by malicious people Never send confidential messages or any files to individuals Realize that there is no means of knowing that the person you are communicating with is really who they say they are

26 Home Computer Use Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

27 Home computer use Specific conditions and procedures should be followed when using home computers for business purposes

28 Home computer use Specific conditions and procedures should be followed when using home computers for business purposes (2)

29 Helpful Security Resources Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

30 Helpful security resources Outlined below are several helpful security resources Security guidance for home computer use, which in many cases also apply to computer use

31 Helpful security resources Outlined below are several helpful security resources (2) & Microsofts Windows Defender product, which is a free program that helps protect your home computers against pop-ups, slow performance, and security threats caused by spyware and other unwanted software

32 Helpful security resources Outlined below are several helpful security resources (3) Microsoft resources that help protect your home computers against hackers, malicious software, and other security threats

33 Helpful security resources Outlined below are several helpful security resources (4) heet/WindowsOneCareLiveFS.mspx heet/WindowsOneCareLiveFS.mspx Windows Live OneCare is a service that continually protects and maintains your home computers

34 Closing Comments Information Security Explained The Need for Information Security Your Security Role at Vital Assets Security Threats & Countermeasures Home Computer Use Helpful Security Resources Closing Comments

35 Closing comments Be security-conscious regarding anything of vital importance to and yourself When your personal safety, s safety, or any confidential information is involved, always ask yourself, what measures should I perform to keep myself and my employer safe, and my employers confidential information protected against harm, theft, and inappropriate disclosure? Apply similar considerations discussed in todays security awareness session when at home Threats do not stop at the work place; they extend to your home and other surroundings Do not allow this security awareness session lead to paranoia Use what you learned today to make more informed decisions to protect yourself,, and others This security awareness session is the beginning of s information security awareness and training program

36 Questions and Answers


Download ppt "The Role of Information Security in Everyday Business."

Similar presentations


Ads by Google