Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Asking the Right Questions to Protect Information

Published byElvin Atkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Awareness: Asking the Right Questions to Protect Information"— Presentation transcript:

1 Security Awareness: Asking the Right Questions to Protect Information
Keith A. Watson, CISSP Research Engineer Center for Education and Research and Information Assurance and Security

2 Overview A Brief Intro to Information Security Responsibility
Knowledge Contacts

3 A Brief Intro to Information Security
Information Security is the Process of Protecting Information and Information Resources

4 Information Security Intro
Information assets are the most critical and most valuable Applies to information in electronic and physical forms Three primary goals Confidentiality Integrity Availability

5 Information Security Examples
(Confidentiality) What would happen if sample information were accidentally published to web site? (Integrity) How reliable would sample information be if it could be modified by anyone on the network? (Availability) How would you get any work done if all the mice disappeared?

6 Responsibility Who? Why?

7 Who is Responsible? Are you responsible for the security of your system? Is the system administrator responsible? Do you have the administrator password for your system?

8 Answers You Might Not Like
You are at least partly responsible for the security of the information on the system. The system administrator might be responsible for the security of the system. If you have the administrator password, then you are probably responsible for everything.

9 But wait, I’m not an admin…
Find someone else to be in charge of the security of the system Someone who will take an active part in managing the system Give up your admin password and live the life of a lowly user

10 Why am I in charge? You have no system admin Policy puts you in charge
No budget for one Can’t find one (industry pays better) You have one, but he can’t be trusted Policy puts you in charge You create it, you manage it (functional data owner policy) Decentralized control You manage the system. The admin answers your questions.

11 Knowledge What? How?

12 The Bare Minimum Update that System! Back it Up!
Worms, Viruses, Spyware, Oh My! Shields Up!

13 Update that System! Is your system up to date? Windows (and Mac) Linux
Run software update tools at least on the second Tuesday of the month (Windows patch release day) Turn on auto updates (catch off-cycle patches) Linux Check for updates at least weekly (yum, RHN, etc) If you don’t manage updates, make sure your admin follows these guidelines

14 Back it Up! Back up strategy: Methods: Critical/Important data daily
Systems at least weekly Methods: External drives (USB/Firewire) Tapes Servers

15 Worms, Viruses, Spyware, Oh My!
You should have anti-virus/spyware software installed and updating daily Scan every Attachment File downloaded If you didn’t install and configure the anti-virus/spyware software, find out who did Make sure it is enabled and auto updating

16 *#@^%$&! Strong Passwords
We have too many passwords to remember The “Music Method’: Chose the words from a song: “Mary had a little lamb whose fleece was…” Select the first letters of the words: “M h a l l w f w” Change some of the letters to numbers: “M4a1lwfw” Change some letters to upper case: “M4A1lWfw”

17 *#@^%$&! Stronger Passwords
We have too many systems to use The “Variations on a Theme” Method: Using your MM password, modify the trailing characters for different systems: “M4A1lWnP” ==> network password “M4A1lWw5” ==> web site password “M4A1lWSv” ==> server password

18 Shields Up! Screen Locks On
Enable screensavers with passwords Lock the screen when you step away Use an idle timeout to auto lock it 10 minutes is probably good enough

19 Shields Up! Firewalls Software On
Desktop firewall software prevents some network-based inbound attacks Some limit outbound connections as well Modern operating systems have a firewall Turn it on Enable/Allow the net services that you use

20 Shields Up! “Unnecessary Stuff” Off
Remove unneeded software Fewer vulnerabilities to worry about Save some disk space too Turn off unnecessary services Fewer ways an attacker can get to you Improve performance too

21 Some Extra Stuff Above the Bare Minimum
Encrypt that Data! Lock that Door, Desk, and Cabinet! Glue that Computer Down!

22 Encrypt that Data! Disk encryption Email encryption
Stolen hardware has interesting info on it Windows XP EFS Mac OS X FileVault PGP Disk encryption is like a postcard, anyone can read it PGP or GPG S/MIME (most modern mail tools support it)

23 Lock that Door, Desk, and Cabinet!
Better Physical Security needed Have rules about locking labs and offices Move your sensitive paperwork into file cabinets before you go home Lock up your expensive gizmos in a desk

24 Glue that Computer Down!
Computers are getting smaller and sprouting legs Laptops Get a cable lock Use it at the office and when you travel Desktops Get a steel cage lock box or cable kit Two-sided carpet tape works too!

25 Contacts Who? Why?

26 Who do I contact? If a law has been broken, call the police
Ask for an officer responsible for computer crimes They may refer you to other agencies (FBI, Secret Service, state police, etc.) Be aware that they may take your system away for analysis

27 Who do I contact? If there is a problem with your system, unplug it from the network Do NOT turn it off! Call the admin and/or your local security person

28 Contact Pitfalls No one knows what to do No one wants to do anything
Next steps (before you plug it into the network): Reinstall system from original media (update) Configure security options (FW, AV/S, etc) Restore user/project data from backup

29 Summary Information is critical to the mission of the NPDN
Determine responsibility for security. Improve the security of your systems. Find out what to do when things go wrong.

Download ppt "Security Awareness: Asking the Right Questions to Protect Information"

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:

Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
For further information computersecurity.wlu.ca

For further information computersecurity.wlu.ca
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
1.1 System Performance Security Module 1 Version 5.

1.1 System Performance Security Module 1 Version 5.
Securing Your Home Computer Securing Your Home Computer Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Securing Your Home Computer Securing Your Home Computer Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
In the old days... You Your computer. Then came... The Network.

In the old days... You Your computer. Then came... The Network.

Similar presentations

Ads by Google