Presentation on theme: "Introduction to IT Security and Desktop PC Protection"— Presentation transcript:
1 Introduction to IT Security and Desktop PC Protection Speaker: Stone Miu
2 Agenda WHY WE ARE HERE? SECURE YOUR DESKTOP PC INTERNET SECURITY PROTECTIONHOW TO IDENTIFY AND HANDLE FAKE AND WEBSITEINTELLECTUAL PROPERTY RIGHTS FOR SOFTWARE AND INFORMATIONPHYSICAL SECURITY
3 WHY WE ARE HERE? What is Information Security? CIA Model ConfidentialityIntegrityAvailabilityImportance of Information SecurityHow to Achieve a Satisfied Level of Information Security?Roles and ResponsibilitiesPolicy and Guidelines in HKUST
4 ConfidentialityProtecting information from being disclosed to unauthorised parties.Examples:Personal: When submitted to a website, your personal data should only be used or accessed exclusively by designated staff in that company for the purposes agreed. No one else should be allowed to use your data for illegal purposes, or view the data out of curiosity.Business: Sensitive information, such as sales figures or client data, should only be accessed by authorised persons such as senior management and the sales team, and not other operations or departments.
5 IntegrityProtecting information from being changed by unauthorised parties.Examples:Personal: When submitted to a website, your personal data should not be altered in any way during data transmission, or by the website company.Business: Important documents or figures should not be changed or altered by unauthorised persons without prior notice.
6 AvailabilityTo the availability of information to authorised parties only when requested.Examples:Personal: You should be able to access and check your personal data kept on a website at any time.Business: Authorised senior management personnel should be able to access sales figures when needed; or clients should be able to access any of their data kept by the company when they request it.
7 Importance of Information Security Protect organizations and companies data and assets from insider or outsider attacks.Prevent unauthorized people to access our valued information’s, to manipulate with it or steal it , by using( black/gray) hat hacking, viruses, Trojan , malware ,or even to bring the system down (DOS) .Protect your sensitive data from natural disaster and accidental risks by using business continuity and disaster recovery management.
8 How to Achieve a Satisfied Level of Information Security? Keep The System Up-to-dateMake Sure Firewall Is EnabledInstall Only Application Software You Need and Remove Software No Longer In UseStay Aware Of Security
9 SECURE YOUR DESKTOP PC Password Protection How to create secure Passwords?Importance of Changing Passwords frequentlyData Security -> LOGOFF when you are away from your PCsBasic Security Settings of a PC e.g. firewall DEMOSoftware firewallHardware firewallHow to Avoid from Virus Attacks? E.g. Anti-Virus Program DEMOHow can Antivirus Software Protect your Computer?How to Install Antivirus Software and Virus Signature Update in HKUST?Backup and RestoreThe Importance of Backup and RecoverySteps for Backup & RecoveryProtections of Data/ Files e.g. file encryptionWindows Update
10 The Importance of Backup and Recovery Protecting you in the event of hardware failure, accidental deletions or disaster;Protecting you against unauthorised changes made by an intruder;Providing you with a history of an intruder's activities by looking through archived, older backups.
12 INTERNET SECURITY PROTECTION Security Settings of a Web Browser DemoAttentions Needed when Surfing Web PagesSoftware Update Management e.g. Adobe pdf, Java, Thunderbird, Firefox, etcCookiesClosing Saved PasswordPop-up BlockerHow to determine the website is safe to browse?hpHostsNorton Safe WebUnmasked ParasitesAVG LinkScannerAVG's free Mobilation Android appLookout Mobile Security
13 HOW TO IDENTIFY AND HANDLE FAKE EMAIL AND WEBSITE What is Scam ?How to Handle Scam ?What is Spoofing / Phishing?How to Handle Spoofing / Phishing?Preventive MeasuresDetective MeasuresResponsive MeasuresWhat is Digital Signature & how it is used in HKUST?
15 Preventive MeasuresDo not follow URL links from un-trusted sources or s such as spam s to avoid being re- directed to malicious websites by malicious links looking seemingly legitimate.Do not visit suspicious websites or follow the links provided in those websites.Do not follow links to log on banking or financial organisations from search engines result.Open attachment with extreme care. Always check the attachment's extension. Never open attachment with "pif", "exe", "bat", ".vbs" extension.Type the URL manually or follow the bookmarks you have made previously when visit websites.Avoid conducting online banking or financial enquiries/transactions from a public terminal or unsecured terminals such as those terminals in cafe shops or in libraries. Hacking or Trojan programs may be installed to these public terminals.Do not open other Internet browser sessions and access other websites while you are performing online financial transactions/enquiry through the Internet. Remember to print or keep the copy of transaction record or confirmation notice for checking.Always be wary when giving off sensitive personal or account information. Banks and financial institutions seldom ask for your personal or account information through . Consult the relevant organisation if in doubt.Always ensure that your computer is applied with the latest security patches and virus signature to reduce the chance of being affected by fraudulent s or websites riding on software vulnerabilities. This also helps to protect your computer from other security or virus attacks.Consider using desktop spam-filtering products to help detecting and blocking fraudulent s but beware of false alarms. Recommend to learn the technical abilities that are essential for deploying these products in an effective manner.
16 Detective MeasuresReview your credit card or bank account statements as soon as you receive them to check for any unauthorised transactions or payments.Log into your accounts regularly to check for the account status and last login time to determine whether there is any suspicious activity.Verify the legitimacy of the website of an organisation such as banks by contacting the organisation through its address or telephone number.
17 Responsive MeasuresChange the password immediately if you suspect that your have already been defrauded (e.g. responded to phishing s or supplied your personal/financial information to the fraudulent websites). Check your account status and contact the relevant organisation and/or report to the police immediately.Send the phishing s to the relevant organisation and/or the police for their investigation.
18 INTELLECTUAL PROPERTY RIGHTS FOR SOFTWARE AND INFORMATION FreewareSharewareLiteware
19 INCIDENT HANDLING PROCEDURES Basic Concept of Incident Handling E.g. Task ManagerCommon Incident HandlingHandling Procedure of Security IncidentsLoophole Warning
20 PHYSICAL SECURITY Clear Screen Protection Protection of External DeviceDisposal of Computer EquipmentDelete and Format CommandsOverwritingDegaussingPhysical Destruction
21 Protection of External Device When configuring your mobile deviceEnable a power-on password or other device password management tool if available.Configure the mobile device in such a way that it locks automatically after some inactive time.Install mobile security software, such as anti-virus software and firewall on mobile device if available.Apply the latest patches and fixes for your mobile operating system and related backup/synchronisation software. Upgrade the software to its latest version where applicable.Scrutinise thoroughly all permission requests, for example those involving privileged access, when installing applications/services.Use encryption to lock sensitive data stored on the mobile device and removable media, if available.Set up a remote data wiping feature if available.Turn off wireless connections such as Wi-Fi, Bluetooth and/or infrared connectivity when not in use.Turn off location services setting in your mobile device if it is not necessary to run location-based application.
22 Protection of External Device When using your mobile deviceDo not leave a mobile device unattended, even for a moment.Do not process sensitive data in the mobile device unless with encryption feature on or secure end-to-end connection.Do not open or follow links in SMS/MMS or from misleading URL, suspicious or un-trusted sources.Do not download or accept programs and content from unknown or un-trusted sources.Be cautious when connecting to publicly available Wi-Fi hotspots, and avoid access sensitive data unless with adequate security protection.
23 Protection of External Device When backup data in your mobile deviceTurn on the encryption option in the backup/synchronisation software for storing the data in encrypted mode if available.Make sure the backup copies are encrypted no matter stored in desktop PC or in removable media.
24 Protection of External Device When disposing your mobile deviceCompletely clear all data and settings on your mobile device before disposal.
25 Protection of External Device At ALL timeKeep your mobile devices in a secure place, especially when not in use.Stay alert on security vulnerability on mobile devices, and apply the latest patches and fixes when available.Do not install illegal or unauthorized software on the mobile device.Do not allow wireless connections from unknown or un-trusted sources on your device.
26 Useful Links Change User Account Password Security Tips for Email account-management/change-user-account-password/Security Tips forservices/communication-collaboration/ /security- tips-for- s/Get Ready for Signed in HKUSTcertificates/get-ready-for-signed- /HKUST PKIcertificates/HKUSTInformation Technology Services Center (ITSC)ITSC Policies and GuidelinesITSC A-Z GuideIT Security Web SiteIT Security Guidelinestechnology-security-guidelines/Anti-Virus In Campuscampus/campus/virus-definition-update/How to Protect Your Computer?awareness/protecting-your-computer/Guidelines and Tips on Using USB Drivedrive/How to Dispose your hard disk securely?harddisk/Be Aware of Fake mailPhishing Sample sservices/communication-collaboration/ /phishing- samples/Java Security AlertWindows 7services/procurement-licensing/windows7/Windows XP