Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robert Leonard Information Security Manager Hamilton

Published byCarol Scott Modified over 5 years ago

Similar presentations

Presentation on theme: "Robert Leonard Information Security Manager Hamilton"— Presentation transcript:

1 Robert Leonard Information Security Manager Hamilton
IT Annual Training-2016 Information Security – Creating Awareness, Educating Staff, and Protecting Information Robert Leonard Information Security Manager Hamilton

2 Understanding Threats
What is valuable? Trade Secrets CPNI Personal Identifiable Data What is vulnerable? Desk Work Area What can we do to safeguard and mitigate threats? What can we do to prepare ourselves? Education Annual Testing Most believe they will win lottery before getting hit by malicious code

3 Keep Sensitive Data Private
Protecting Information like: CPNI Drivers license number Insurance numbers Passwords and PIN’s Banking information Trade Secrets

4 Passwords Select a good one Keep passwords safe Change them often
At least 7 characters Mixture of upper and lowercase characters Mixture of alpha and numeric characters Do not use dictionary words Keep passwords safe Change them often Don’t share or reuse passwords

5 & Chat Services and chat are sent in clear text over the Internet Data can easily be captured and read by savvy computer users and systems administrators Do not use these programs for sending/receiving sensitive information Thought---What are some other possible ways we can accomplish this??

6 Enhance Our Work Area Security
Secure workstations Lock our systems (Windows+L) Shut down Double check our virus scanning software is up to date Password protect files Apply software patches What else can we do to secure the work area??

7 Incident Response Do you know what to do and who to contact if a security breach occurs? Report immediately to your Business Line Manager or Information Security Manager (Rob Leonard) Write down all pertinent information about the breach so you don’t forget details.

8

9 What is Social Engineering?
Social engineering is the psychological manipulation of people for the purpose of gathering information, fraud, or system access.

10 5 Types of Social Engineering
Pretexting Phishing Baiting Quid Pro Quo Tailgating

11 Pretexting Creating an invented scenario to manipulate a person to divulge information or perform an action. Example – You get a call from someone claiming to be from your bank. They say that there has been some suspicious purchases from your account. To correct the problem they ask for your account information. The attacker then use this information to access your bank account.

12 Phishing Attempting to acquire sensitive information by masquerading as a trustworthy source in an . Example – Attacker send you an stating your PayPal account has had to many failed logons and requires you to change your password. A link in the leads to a web page that looks like it is the PayPal webpage. Once you enter your logon information they now have your username and password to access your account.

13 Quid pro quo A hacker offers a service or benefit in exchange for information or access. Example – Attacker pretends to be from an IT service and offers assistance to each victim. They promise a quick fix if the person would disable their Anti-Virus program. They then install a piece of malware on the computer that assumes the appearance of software updates.

14 Baiting An attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. Example - A flash drive may be placed on the ground labeled 2016 Financials. A user then picks up the disk and plugs it into there computer. Malware on the computer then infects it.

15 Tailgating Someone who lacks the proper authentication following an employee into a restricted area. Example – A person posing as a delivery driver asks for an employee to hold the door, thereby gaining access to the facility.

16 How to Prevent Social Engineering Attacks
Never provide confidential information or credentials to unknown sources. If you receive an with a link to an unknown site, avoid the instinct to click it. If you are unsure if an is legitimate, try contacting the company directly or contact your IT staff. Always be wary of USB drives and disks you find lying around. Don’t hold a door open for someone in a secure building. Always require them to use the hand scanners for access.

17 Thank You!!! If you have any questions, feel free to contact your Business Line Manager or Hamilton's Information Security Manager (ISM) at Ext REMEMBER to take the test on the Intranet site to satisfy your responsibility to have Annual Security Training.

Download ppt "Robert Leonard Information Security Manager Hamilton"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
8 Mistakes That Expose You to Online Fraud to Online Fraud.

8 Mistakes That Expose You to Online Fraud to Online Fraud.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.

Information Security – Creating Awareness, Educating Staff, and Protecting Information Session 46 Chris Aidan, CISSP Information Security Manager Pearson.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.

Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Topic 5: Basic Security.

Topic 5: Basic Security.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,

Similar presentations

Ads by Google