Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Academy: Better Cybersecurity for Instructors and Administrators

Published bySophie Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing the Academy: Better Cybersecurity for Instructors and Administrators"— Presentation transcript:

1

2 Securing the Academy: Better Cybersecurity for Instructors and Administrators

3 PRESENTER: Dennis Thibodeaux, CISSP
Global Top 25 Technical Instructor at New Horizons Computer Learning Centers Certified Fraud Examiner, IT pro, and information security specialist with a professional focus on incident response and investigations CompTIA Security+, CSA+, CASP, Linux+, Project+, Server+, Cloud+, Network+, A+, Mobility+, CDIA, etc. (15 CompTIA certifications – and counting…)

4 It’s getting rough out there…

5 It’s getting rough out there…

6 It’s getting rough out there…

7 It’s getting rough out there…

8 CORPORATE vs. ACADEMIC computing environments
SPIFFCO BANK Member FDIC FUNKYTOWN COMMUNITY COLLEGE

9 Meet my smart uncle…

10 Meet my smart uncle…

11 Meet my smart uncle…

12 Meet my smart uncle…

13 Ten essential cyber security practices
1. Protect information/systems/networks from damage by viruses, spyware, ransomware, and other malicious code

14 Ten essential cyber security practices
1. Protect information/systems/networks from damage by viruses, spyware, ransomware, and other malicious code But beware of FAKE anti-malware products…

15 Ten essential cyber security practices
2. Provide security for your connection to the Internet

16 Ten essential cyber security practices
2. Provide security for your connection to the Internet This usually means firewalls, often in conjunction with IDS/IPS

17 Ten essential cyber security practices
2. Provide security for your connection to the Internet My cheapskate solution… This usually means firewalls, often in conjunction with IDS/IPS

18 Ten essential cyber security practices
3. Install and activate software firewalls on all of your classroom computers and faculty/staff workstations

19 Ten essential cyber security practices
3. Install and activate software firewalls on all of your classroom computers and faculty/staff workstations

20 Ten essential cyber security practices
3. Install and activate software firewalls on all of your classroom computers and faculty/staff workstations DANGER!

21 Ten essential cyber security practices
4. Patch your operating systems and applications

22 Ten essential cyber security practices
4. Patch your operating systems and applications

23 Ten essential cyber security practices
5. Make backup copies of important data

24 Ten essential cyber security practices
6. Control physical access to computers and network components

25 Ten essential cyber security practices
7. Secure your wireless access points and wireless networks Wi-Fi hacking tools are plentiful and cheap (often free) Malicious hackers and script kiddies have the advantage when you use weak encryption. Avoid old and busted WEP - Wired Equivalent Privacy

26 Ten essential cyber security practices
7. Secure your wireless access points and wireless networks

27 Ten essential cyber security practices
7. Secure your wireless access points and wireless networks Accurate assessment of WEP encryption strength

28 Ten essential cyber security practices
7. Secure your wireless access points and wireless networks Accurate assessment of WEP encryption strength

29 Ten essential cyber security practices
8. Train students/faculty/staff in basic security principles

30 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff

31 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Classic approach: COMPLEX PASSWORDS Uppercase, lowercase, numerals, punctuation marks, etc.

32 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Classic approach: COMPLEX PASSWORDS Uppercase, lowercase, numerals, punctuation marks, etc. HelloKitty

33 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Classic approach: COMPLEX PASSWORDS Uppercase, lowercase, numerals, punctuation marks, etc. HelloKitty H3ll0Kitty

34 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Classic approach: COMPLEX PASSWORDS Uppercase, lowercase, numerals, punctuation marks, etc. HelloKitty H3ll0Kitty H3ll0Kitty!

35 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Classic approach: COMPLEX PASSWORDS Uppercase, lowercase, numerals, punctuation marks, etc. HelloKitty H3ll0Kitty H3ll0Kitty!

36 Ten essential cyber security practices
9. Require individual user accounts (with good passwords) for all students/faculty/staff Password length has been found to be a primary factor in characterizing password strength. Users should be encouraged to make their passwords as lengthy as they want, within reason. - NIST SP B

37 Ten essential cyber security practices
10. Limit unauthorized access to data and information, and limit authority to install software

38 Five important questions
Do we know what is connected to our systems and networks?

39 Five important questions
Do we know what is connected to our systems and networks? Do we know what software is running (or trying to run) on our systems and networks?

40 Five important questions
Do we know what is connected to our systems and networks? Do we know what software is running (or trying to run) on our systems and networks? Are we continuously managing our systems using “known good” configurations?

41 Five important questions
Do we know what is connected to our systems and networks? Do we know what software is running (or trying to run) on our systems and networks? Are we continuously managing our systems using “known good” configurations? Are we continuously looking for and managing “known bad” software?

42 Five important questions
Do we know what is connected to our systems and networks? Do we know what software is running (or trying to run) on our systems and networks? Are we continuously managing our systems using “known good” configurations? Are we continuously looking for and managing “known bad” software? Do we limit and track the people who have the administrative privileges to change, bypass, or override our security settings?

43 Five important questions
Do we know what is connected to our systems and networks? Do we know what software is running (or trying to run) on our systems and networks? Are we continuously managing our systems using “known good” configurations? Are we continuously looking for and managing “known bad” software? Do we limit and track the people who have the administrative privileges to change, bypass, or override our security settings? Source: The National Campaign for Cyber Hygiene

44 THANKS FOR YOUR TIME AND ATTENTION. Dennis. Thibodeaux@NewHorizons
THANKS FOR YOUR TIME AND ATTENTION! @Dennis_CFE

Download ppt "Securing the Academy: Better Cybersecurity for Instructors and Administrators"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Keeping Data Safe Revision Summer 2013. How many ways can data be lost? Start a list… Physical Loss or Corruption of data Accidental or Deliberate Unauthorised.

Keeping Data Safe Revision Summer How many ways can data be lost? Start a list… Physical Loss or Corruption of data Accidental or Deliberate Unauthorised.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

Similar presentations

Ads by Google