Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Study Group April 2011. Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Technical Study Group April 2011. Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password."— Presentation transcript:

1 Technical Study Group April 2011

2 Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password management software - criteria  Determinants of password management policy  Assessing exposure levels  Proposed password management policies  Password management software - examples Steve Pearce - Betaplus Club April 2011

3 Risks to Websites & PC files  PC file not password protected or encrypted  PC file or Website password forgotten  PC or Web password found/broken by hacker From home PC if stolen From laptop if lost or stolen From mobile device if lost or stolen From infected public computer From website of service provider (bank, retailer etc) Steve Pearce - Betaplus Club April 2011

4 Steve Pearce - Betaplus Club October 2010 Screen clipping taken: 06/04/2011 03:31

5 Components of Password Mgt Policy  Choice of passwords Strong, memorable, duplicated, when changed?  Choice of password management system  Choice of access points for critical websites Home PC, laptop, mobile, public PC?  Choice of location for critical PC files  Credit/Debit Card policy Steve Pearce - Betaplus Club April 2011

6 Password Management Systems  Hard copy – notebook, Post-It notes etc  Internet browser password memorisation  Protected data file on PC or Cloud  Personal code for password generation  Password management software PC based Cloud based Mobile device based Steve Pearce - Betaplus Club April 2011

7 Password Mgt Software - Criteria  Feature set Password generation Automatic password entry Portability (laptop, mobile device, web access)  Ease of use / Help and support  Security Unbreakable master login Encryption Backup capability  Integrity of Supplier Steve Pearce - Betaplus Club April 2011

8 Steve Pearce - Betaplus Club October 2010

9 Establishing Password Mgt Policy Depends on combination of:  Exposure level of file or website  Required locations for PC files Home PC, laptop, mobile device PC?  Required access points for websites Home PC, laptop, mobile, public PC?  Sophistication of your PW mgt system Steve Pearce - Betaplus Club April 2011

10 Assessing Exposure Levels Website TypeFinancial risk (5)Identity loss (5)Loss of benefit (5)Overall risk High Risk Sites Bank account55515 Credit card account55515 Website that retains CC details55515 Utility website (gas, elec etc)55515 Password repository35513 Document repository55313 Remote access service (Logmein etc)55313 Medium Risk Sites Social networking site (Facebook etc)55111 Genealogy service (Ancestry etc)35311 Insurance company15511 ISP15511 Magazine / news subscription1539 Software support service1539 Retail website (no stored CC details)1359 Online backup service3339 Low Risk Sites GP surgery1337 Webmail / contacts / diary service1337 online music / ebook store1337 Reference data (govt / health etc)1315

11 Proposed PW Mgt Policies Steve Pearce - Betaplus Club April 2011

12 Password Mgt Software - examples  Passwords Plus http://www.dataviz.com/products/passwordsplus/pwp_feat ures.html http://www.dataviz.com/products/passwordsplus/pwp_feat ures.html  Roboform http://www.roboform.com/  Password Safe (Android) https://market.android.com/details?id=uk.co.kuffs.free.pas swordsafe&feature=search_result https://market.android.com/details?id=uk.co.kuffs.free.pas swordsafe&feature=search_result Steve Pearce - Betaplus Club April 2011

Download ppt "Technical Study Group April 2011. Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password."

Similar presentations

Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
IT Q&A Series Faculty Meeting June 3, 2014 Tim Unten, MBA.

IT Q&A Series Faculty Meeting June 3, 2014 Tim Unten, MBA.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

Similar presentations

Ads by Google