Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Phishing Update CTC

Published byJoel Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Phishing Update CTC"— Presentation transcript:

1 Information Security Phishing Update CTC
15 April 2015 Julianne Tolson

2 Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Wikipedia:

3 Phishing & password compromises
The increase in phishing messages sent to SF State accounts is related to the increase in SF State password compromises. The primary reason for recent password compromises is that SF State individuals responded to phishing messages. 

4 Other reasons for password compromises
Absence of password policy on some accounts that permit brute force attacks Using the same password and login on other sites that are compromised Using predictable passwords Malware on devices that capture every keystroke using a keylogger Malware on devices that redirects users to a fake web site

5 Risks of an account compromise
Breach of sensitive information Interruption of business operations Harm to SF State’s reputation  

6 Phishing / account compromise strategy
Procedure changes I User education Message filtering Account management Log analysis / management Procedure changes II & III

7 Compromised account procedure changes I
Lock accounts quickly Change password when locked How compromised? Unlock & communicate Improve ticket flow & communication

8 User education strategy
Phishing / security awareness campaign CSU Skillport security awareness / FERPA training Phishme.com Campus communication authenticity

9 Message filtering strategy
Exchange Online Protection (EOP) Security Appliances Block specific message subjects Implement Sender Policy Framework (SPF)

10 Account management strategy
De-provision or move accounts of separated employees De-provision unused Emeritus accounts Identify unneeded secondary accounts Apply password policy to all exchange accounts – identify service accounts

11 Compromised account procedure changes II
Improve ticket flow & communication – need help listing phone numbers in campus directory Reduce emphasis on devices Provide list of possible phishing reasons

12 Possible phishing reasons
Did you "share your password" with anyone? Did you "upgrade your quota"? Did you "verify your account"? Did you click on an link to login to Web Mail? Did you use this password for any other account/login Do you use a ‘numbering’ system or other recognizable password pattern?

13 Compromised account procedure changes III
If compromise is explainable as phishing and only symptom is sending Device could be compromised so a device scan should still be run Review phishing awareness with users of account Account can be unlocked before the scan is run and used on a safe device Delegated access strongly recommended

14 Other Security Initiatives
Multi factor authentication (MFA) Identity Manager Endpoint management (SCCM/Casper)

15 Questions and Suggestions?

Download ppt "Information Security Phishing Update CTC"

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Employee Self Service (ESS) Registration

Employee Self Service (ESS) Registration
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.

  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.

Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
AI&SS Administrative Group April, 2015. Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”

AI&SS Administrative Group April, Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.

Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Similar presentations

Ads by Google