Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.

Published byTamsin Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "TRACs Security Awareness FY2009 Office of Information Technology Security 1."— Presentation transcript:

1 TRACs Security Awareness FY2009 Office of Information Technology Security 1

2 Course Objectives Why Is Cybersecurity Important? How Can I Be a Safe User? How Can I Help Protect HUD and Its Information? 2

3 Overview CyberSecurity Goals Managing and Understanding CyberSecurity Risks CyberSecurity and Protecting HUD Information and Computer Network Threats Impacts Vulnerabilities 3

4 CyberSecurity Goals Confidentiality – Limiting access to information to authorized persons only Integrity – Protecting information from unauthorized or unintentional modification Availability – Ensuring that information and resources are available to those who need it when they need it 4

5 Risks & Risk Management 5 Risk is the danger that is posed to a protected object by a combination of threats & vulnerabilities

6 Components of Risk Threat: Any person, event, or environmental factor that could impact or harm a Protected Object Vulnerability: A weakness that can be exploited by a threat. It is the hole through which a threat gains access to a protected object Impact: The way a protected object could be affected or harmed by a threat 6

7 Threats A threat is any person, event, or environmental factor that could impact or harm a protected object. Threats can be either active or passive. Active Threats:Passive Threats: Hackers Cyber warfare Malicious code Information gathering Identity theft Hurricanes Power failure Software glitches Human error 7

8 Threats: Hackers What is it? Unauthorized access to information or computer systems Examples include anti-government groups a "kid in the basement“ a disgruntled employee Criminals Trained cyber warriors How can it harm? Loss of Data Identity Money Credibility System availability 8

9 Threats: Hackers Do Be suspicious Be careful with your Personal data Passwords Sensitive organizational information Report suspicious activity Practice security habits at all times and in all places Don't Give out non-public information about yourself or your organization Follow directions of others without confirming the person's authorized role Attempt to modify or bypass security measures 9 What can I do?

10 Threats: Cyber Warfare What is it? An organized attack against a computer system or network by a hostile group. It is often used as part of a physical warfare strategy.hostile group How can it harm? Impair nation's economy, critical infrastructure, or our ability to fight a physical war.critical infrastructure What can I do? Follow security guidelines and policies 10

11 Threats: Malicious Code What is it? Software designed to: disrupt the normal operations allow an unauthorized access Often called "viruses” Examples: Viruses Worms Trojan Horses Adware or Spyware 11

12 Threats: Malicious Code How can it harm? Sharing sensitive data with unauthorized persons Performance malfunctions including computer crashes Files and records destruction Connection overload causing denials of service 12

13 Threats: Malicious Code Do Only accept files from valid sources Scans files from outsiders for malicious code Ensure antivirus software is installed and kept up-to-date Don't Download files from questionable sources Modify or disable antivirus software Load suspicious media on your computer 13 What can I do?

14 Threats: Information Gathering What is it? Collecting personal or sensitive information that an attacker can use to bypass security systems. Common techniques: Shoulder surfing Dumpster diving Data mining Searching online sources Social engineering Phishing 14

15 Threats: Information Gathering How can it harm? Loss of Data Identity Money Credibility or Reputation 15

16 Threats: Information Gathering Check your surroundings Be suspicious Verify identities Safeguard personal information Don’t volunteer information Check security settings on the web Shred sensitive material Contact organizations by telephone if there is any doubt as to the authenticity of an e-mail or Web site 16 What can I do?

17 Threats: Identity Theft What is it? A crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception. Items often stolen are: ID badges, user names and passwords, social security numbers and credit card or bank account information. 17

18 Threats: Identity Theft How can it harm? Obtain credit in you name Incur fraudulent charges Open accounts Access anything your identity is used to protect. What can I do? Protect your personal information and that of others 18

19 Threats Summary 19 Immediately call HUD’s Call Center at 1-888-297-8689 If you encounter suspicious events on a HUD System: If you receive an e-mail at home that appears suspicious, call or contact the organization listed in the From line before you respond or open any attached files

20 Vulnerabilities A vulnerability is a weakness that can be exploited by a threat. It is the hole through which a threat gains access to a protected object. Common vulnerabilities include: Weak or unprotected credentials or passwords Program installation or modification Peer-to-peer software File transfers Removable media 20

21 Vulnerabilities: Weak or Unprotected Credentials & Passwords What is it? The use of credentials to confirm a user's identity and grant access to a computer system. How can it harm? Allowing unauthorized access to HUD’s network Data breaches, theft or unauthorized modification 21

22 Vulnerabilities: Weak or Unprotected Credentials & Passwords What can I do? Keep your credentials (your passwords and smart cards) safe. Protect them like you do the keys to your home Never allow another person to use your credentials to log in as you. 22

23 Vulnerabilities: Weak or Unprotected Credentials & Passwords Do’s Select a unique password of 8 characters or more Use 3 of the 4 available character types including caps, numbers & symbols Change passwords as necessary Think creatively when creating passwords Don’t Share passwords with anyone Use the same password for multiple accounts Create group passwords Write down passwords Base passwords on information that might be guessed Begin your password with a real word 23 What can I do?

24 Vulnerabilities: Program Installation or Modification What is it? Program installation refers to loading software onto Department computers. Program modification refers to changing the settings of existing programs. 24

25 Vulnerabilities: Program Installation or Modification How can it harm? Hackers often use software vulnerabilities to exploit a network Every software program used by HUD is tested first and configured for safe use New programs or settings that have not been tested or controlled by system managers can create unknown vulnerabilities 25

26 Vulnerabilities: Program Installation or Modification What can I do? Understand how your business relies on information and information technology No non-standard software without prior approval Do not download or install unauthorized programs Do not make changes to security settings 26

27 Vulnerabilities: File Transfers What is it? Term used to describe the movement of files between computers. Common methods include: Downloading files from the Internet Receiving e-mail attachments Copying files from removable media like CDs, floppy disks, and USB drives Peer to Peer 27

28 Vulnerabilities: File Transfers How can it harm? Inadvertent introduction of malicious code The most common source of virus infection is e-mail attachments, followed by Internet downloads 28 What can I do? Before transferring anything to your computer, consider: Rule 1: If you don't need it, don't download it! Rule 2: If you need it, do you trust the source? Rule 3: Scan files that are coming from outside the Department with virus protection software before opening

29 Vulnerabilities Summary 29 Immediately call to HUD’s Call Center at 1-888-297-8689 a security incident if you encounter suspicious events on a HUD System:

30 Impact The way a protected object could be affected or harmed The way your mission operations could be affected or harmed 30 “It’s all about protecting the information, not computers.” Ira Winkler, The Grill Interview, Computerworld, July 28, 2008

31 Minimizing Impact Actively manage security risks Building Security In Reducing Exposure Standardizing Operations Enhancing Awareness and Competencies Act Securely 31

32 Minimizing Impact What information does your mission rely on? Where does that information reside? Who has access to that information? How reliable or accurate is that information? What is the back up plan should that information become unavailable? 32

33 Joyce M. Little Director, Policy and Management Division Office: 202-402-7404 Fax: 202-708-0027 Joyce.M.Little@hud.gov Marian P. Cody Chief Information Technology Officer Office: 202-402-3108 Cell: 202-412-0364 Fax: 202-708-0027 Marian.P.Cody@hud.gov John S. Hawkins Security Awareness and Training Office: 202-402-3642 Fax: 202-708-0027 John.S.Hawkins@hud.gov Contact Information: 33

Download ppt "TRACs Security Awareness FY2009 Office of Information Technology Security 1."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
How It Applies In A Virtual World

How It Applies In A Virtual World
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent emails.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.

Similar presentations

Ads by Google