04EACSession46.pptxVIP专享VIP免费原创优质

下载本文档

阅读 139
下载 16
格式 pptx
大小 727.32 KB
约28页
2025-02-01 发布于陕西
收藏
评论
点赞(0)
海报
举报

/28

InformationSecurity–CreatingAwareness,EducatingStaff,andProtectingInformationSession46ChrisAidan,CISSPInformationSecurityManagerPearsonTopicsCoveredDataPrivacySpyware&AdwareSPAM&SPIMPhishingPasswordsSocialEngineeringEmail&ChatServicesSecuringWorkstationsDataBackupsEquipmentDisposalDataRecoveryDemoDataDisposalAccessRightsPhysicalSecurityEmergingThreatsIncidentResponseCreatingAwarenessQuestionsUsefulLinksWhySecurity?LiabilityPrivacyConcernsCopyrightViolationsIdentityTheftResourceViolationsReputationProtectionMeetExpectationsLaws&RegulationsUnderstandingThreatsWhatisvaluable?Whatisvulnerable?Whatcanwedotosafeguardandmitigatethreats?Whatcanwedotoprepareourselves?MostbelievetheywillwinlotterybeforegettinghitbymaliciouscodeProtectingInformationlike:SocialSecurityNumberDriverslicensenumberInsurancenumbersPasswordsandPIN’sBankinginformationKeepSensitiveDataPrivateTerminologyHackers–whitehat–greyhat–blackhatDOS&DDOS1337(Leet)speakWarezScriptkiddiesSpyware&Adware(Scumware)Spyware-ApplicationsthatmonitoractivitywithoutexpresspermissionAdware-Applicationsthatmonitoractivitywithexpresspermission–ReadtheEULASPAM&SPIMSPAM-–JunkemailSPIM-SPAMhascometoInstantMessaging–Uncontrolledviewing(pop-upwindows)–BotgeneratedPhishingPhishingisacomputerscamthatusesSPAM,SPIM&pop-upmessagestotrickusintodisclosingprivateinformation(SocialSecurityNumber,CreditCards,bankingdata,passwords,etc)–Oftensentfromsomeonethatwe“trust”orareinsomewayassociatedwithus–Appearstobealegitimatewebsite–Embeddedinlinksemails&pop-upmessage–PhishingemailsoftencontainspywaredesignedtogiveremotecontroltoourcomputerortrackouronlineactivitiesSelectagoodone–Atleast7characters–Mixtureofupperandlowercasecharacters–Mixtureofalphaandnumericcharacters–Don’tusedictionarywordsKeeppasswordssafeChangethemoftenDon’tshareorreusepasswordsTwo-factorauthenticationPasswordsSocialEngineeringSocialEngineeringistheartofpryinginformationoutofsomeoneelsetoobtainaccessorgainimportantdetailsaboutaparticularsystemthroughtheuseofdeceptionEmail&ChatServicesEmailandchataresentincleartextovertheInternetDatacaneasilybecapturedandreadbysavvycomputerusersandsystemsadministratorsSafeguardsshouldbeputintoplacepriortousingtheseprogramsforsending/receivingsensitiveinformationlikeSocialSecurityNumbersEnhanceOurWorkAreaSecuritySecureworkstations–Lockoursystems(Ctrl-Alt-Delete)–Shutdown–Runuptodatevirusscanningsoftware–Passwordprotectfiles–Applysoftwarepatches–Installcablelocks–RunadesktopfirewallIsOurDataBeingBackedUp?TestbackupsSecurelystorebackupmedia(offsite)RestrictaccesstowhocanperformrestorationEquipmentDisposalWhathappenstooldcomputerwhentheyarereplaced?Dothosesystemscontainsensitiveinformation?SeveralprogramstosecurelyremovedatafromcomputersystemsarecommerciallyavailableDataRecoveryDEMODumpsterDivingWeneverknowwhoislookinginourtrashShredsensitivedocumentsSecureshredbarrels,andmakesurethatproperhandlingproceduresareinplaceAccessRightsOnlyallowaccessthatisabsolutelyrequiredDon’tgrantaccountsbasedonthefactthataccess“may”berequiredUseleastprivilegeaccesspoliciesthatstateaccesswillonlybegrantedifrequired,notbydefaultAreaccountsremovedandpasswordschangedwhensomeonechangesjobsoristerminated?Perf...

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容