Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Questionnaire Please read each question and then choose one of the possible answers. © Members of the ISSeG Collaboration, 2008. See

Similar presentations


Presentation on theme: "Security Questionnaire Please read each question and then choose one of the possible answers. © Members of the ISSeG Collaboration, 2008. See"— Presentation transcript:

1 Security Questionnaire Please read each question and then choose one of the possible answers. © Members of the ISSeG Collaboration, See for details 1/33

2 Yes, all the time Are the computers on our site under attack? No Yes, Occasionally 2/33

3 Oops, you didn’t get that quite right!

4 Are the computers on our site under attack? Viruses Worms Trojans SPAM (>90% of incoming mail) “Phishing” Attacks 3/33 Yes, they certainly are! Security monitoring detects about XXX intrusion attacks and YYY viruses per month. More than ZZZ computers per year need reinstallation after a break-in!

5 What happens if my computer is infected? 4/33 Not really a problem Re-install O/S Delete infection

6 Oops, you didn’t get that quite right!

7 For simple cases of infection by known viruses, if you are running up-to-date anti-virus software, the infection can be deleted. However, particularly if your machine is not centrally managed, it is often necessary to: Re format disk Re install operating system Re install applications Restore files from backup What happens if my computer is infected? Lost time! 5/33

8 Does our site forbid certain applications? 6/33 Yes No Don’t know

9 Oops, you didn’t get that quite right!

10 Does our site forbid certain applications ? Peer-to-Peer file-sharing software (e.g. BitTorrent) must NOT be run on computers on site. Yes! Some kinds of software are explicitly forbidden and their use will be detected and sanctioned Neither is use of “Chat Rooms” permitted (IRC - Internet Relay Chat) because they are used by attackers and “botnets”. (Instant Messaging applications like MSN Messenger are allowed) For details of rules, see “Restrictions” section in: 7/33

11 Can I install software on my office computer? 8/33 No, you can’t If it’s essential Yes, of course

12 Oops, you didn’t get that quite right!

13 Can I install software on my office computer? Don’t download programs or plug-ins from unfamiliar sources on the Internet. These may contain Trojan horses, spyware or other malicious software that will infect your PC! Yes, if it is essential, but use only software provided by the computer department or from a reliable source. 9/33

14 Does our site allow personal use of computing facilities? 10/33 No Limited use Yes, always

15 Oops, you didn’t get that quite right!

16 Does our site allow personal use of computing facilities? Computing facilities are intended to achieve our institutes mission. Nevertheless, personal use is tolerated, e.g. for or Web browsing, provided that: Yes, but…  It is in compliance with the official rules governing computer use and not detrimental to official duties, including those of other users;  The frequency and duration is limited and there is a negligible use of site resources;  It does not constitute a political, commercial and/or profit- making activity;  It is not inappropriate or offensive;  It does not violate applicable laws. 11/33

17 Surely Web browsing is safe? 12/33 Yes No Not necessarily!

18 Oops, you didn’t get that quite right!

19 Surely Web browsing is safe? Clicking on links in Web pages may download malicious code! Not necessarily! By hovering your mouse over a web link WITHOUT CLICKING you reveal its real destination. If in doubt, don’t click the link: 13/33

20 Well, what about attachments? 14/33 OK at our site May be infected Dangerous

21 Oops, you didn’t get that quite right!

22 Well, what about attachments? attachments may be infected  Do you know the person who sent it?  Does the message look genuine or a forgery? Be careful! 15/33 If you are suspicious, don’t open it and delete the mail immediately.

23 Should I be careful about Phishing? 16/33 Someone can’t spell No Yes

24 Oops, you didn’t get that quite right!

25 Should I be careful about Phishing? Yes, you should be!!! “Phishing” is associated with criminal activity. By masquerading as a trustworthy entity, phishing tries to trick computer users into giving away confidential information, such as usernames, passwords, or credit card details, or to download malicious code into their computer. Verify the source before you click! 17/33

26 Should I worry about Key Loggers? 18/33 Don’t know what they are No Yes

27 Oops, you didn’t get that quite right!

28 Should I worry about Key Loggers? A Key logger is a program that sends everything you type to someone who wants your password, credit card details, and much more… It can be installed when you click on an infected or Web page. Yes, you should! 19/33

29 Are Linux and Macintosh computers safe? 20/33 Yes No Usually Mac Linux

30 Oops, you didn’t get that quite right!

31 Are Linux and Macintosh computers safe? Up to now they suffer fewer attacks than Windows, but they are attacked nevertheless! Unfortunately not… 21/33 Mac Linux

32 Can I share my files and calendar with my collaborators? 22/33 Not advised No, it is forbidden Yes, of course

33 Oops, you didn’t get that quite right!

34 Can I share my files and calendar with my collaborators? Yes, by configuring access controls correctly. However, you must never divulge your password to anyone (and don’t need to). Helpdesk staff will NEVER ask for your password 23/33

35 Are six characters good enough for my password? 24/33 Neither No, but eight letters are OK Yes, of course

36 Oops, you didn’t get that quite right!

37 Are six characters good enough for my password? A strong password should be at least 8 characters long and a mixture of at least 3 of the following: upper case letters, lower case letters, numbers, punctuation symbols. And neither is a name, any word in the dictionary, nor something simple like ABCDEFGH 25/33 No they are not!

38 Can I manage my own computer? 26/33 Yes, of course No, you can’t Not recommended

39 Oops, you didn’t get that quite right!

40 Can I manage my own computer? You can, but IT recommends that you do not. Are you sure you have the tools and the expertise, as well as the time, to install the latest system versions and all the latest patches? If your machine is infected, it will be blocked from the network. Note that for production machines central management allows machine owners to specify when updates take place. 27/33 Not recommended Conclusion: Central management is MUCH safer and much less time consuming.

41 Can I get privileged access? 28/33 Yes, when needed No, you can’t Yes, of course

42 Oops, you didn’t get that quite right!

43 Can I get privileged access? Normal operations don’t require it. But when needed for professional reasons, you will be able to obtain elevated privileges such as administrator or root on a computer or access to sensitive data. HOWEVER when the privilege is no longer required, you should make sure it is removed to make your computer less vulnerable and protect yourself from accidents. 29/33

44 What should I do if it seems that someone else  knows my password  did something with my account  used my machine 30/33 Inform Security Team Reboot Log out

45 Oops, you didn’t get that quite right!

46 What should I do if I think my account was compromised? If you think there has been unauthorized access to your machine or your account, then report this to a.s.a.p. 31/33

47 I still have questions, what should I do? Computer Security Information can be found here: Computing Rules can be found here: 32/33

48 You’ve finished the course! to gain access to our computing facilities, you must formally agree to follow the computing rules. To do this ……………………….. 33/33 BUT


Download ppt "Security Questionnaire Please read each question and then choose one of the possible answers. © Members of the ISSeG Collaboration, 2008. See"

Similar presentations


Ads by Google