DNR-Security-Awareness-Training.pptxVIP专享VIP免费原创优质

GetCompliant.GetTraceSecurity.InformationSecurityDNREmployeeAwarenessTrainingAndrewC.JohnsonWhatisInformationSecurity?Protectstheconfidentiality,integrity,andavailabilityofimportantdataControlscanbePhysicalorTechnicalLocksandsafes–encryptionandpasswordsTechnologyhasmadeourliveseasierinmanyways,butthisconveniencehasalsoincreasedourexposuretothreatsThievesandattackerscanalsoworkmoreeffectivelyWhyShouldICare?TheftisbecomingincreasinglydigitalEaseofidentity,account,andcredentialtheftmakeseveryoneanidealtargetAppliestoorganizationsthathousesuchdataorindividualsthemselvesCompromisemayaffectcustomers,coworkers,friends,andfamilyHistoricalPerspectiveManyhistoricalmethodsofmonetarytheftStagecoachRobberiesTrainHijackingArmedAssault“InsideJobs”Lossesfromtensofthousandsofdollars,upintothemillionsToday,mostbanksdonothouse“millionsofdollars”on-premisesLiquideconomyDataisthenewcommodityIn2006therewere7,272“robberies”totalingover$72,687,678Statistics$239.1million(2007)TotaldollarlossfromallreferredcasesoffraudIncreasedfrom$198.4millionin2006MalecomplainantsreportedgreaterlossthanfemalesHighestdollarlosseswerefoundamonginvestmentandcheckfraudvictimsEmailandwebpagesstillprimarymechanismsbyhowthefraudulentactionhappened*FederalBureauofInvestigationInternetCrimeComplaintCenter-CrimeReportfor2007ModernThreatsViruses,Trojans,Worms,andRootKitsAdware/SpywareSpam,Phishing,andotherEmailattacksIdentityTheftSocialEngineeringVirusesVirusesaremaliciousprogramsthathidethemselvesonyourcomputerUsuallyverysmallMayhaveaccesstoviewordeleteyourinformationOftencontractedthroughawebsite,email,orp2papplicationsMaydestroyyourdocuments,formatyourharddrive,sendemailsfromyourcomputeroravarietyofothernefariousactions–itjustdependsonthestrain!VirusesarecreatedforthesolepurposeofcausingtroubleTakingrevenge,politicalstatements,etc…Mostmodernvirusesarefinanciallymotivated–mayholddataforransomorstealinformationJustlikerealviruses,computervirusesspreadtoothers…OthercomputersonthenetworkSendingoutemailreplicationsofitselfAlwaysuseanti-virusprotection!Famousviruses:LoveBugCodeRedWorms,Trojans,andRootKitsTrojanappearsasalegitimateprogramPossibletorepackageTrojanswithlegitimateprogramsWormsareself-replicatingTypicallypropagatethroughun-patchedsystemsBlasterSasserRootKitsLowlevelprogramsthatembedthemselvesintheoperatingsystemitselfDifficultifnotimpossibletodetectAdware/SpywareSomemalwareisdesignedtosolicityou,orgatherinformationaboutyourcomputinghabitsWhichwebsitesyouvisit?When?Whattimes?Whatareyoupurchasing?Howlongdospendsurfingthewebsite?Howorwhatdoyouuseyourcomputerfor?Example:Sony“RootKit”Intendedfor“MarketingPurposes”Commonlyinstalledwithp2porfreesoftwareMaybeonlyanannoyanceandcausenoharmWhatelsemaybeinstalledalongsideadware?EmailCommonAttacksPhishingMaliciousattachmentsHoaxesSpamScams(offerstoogoodtobetrue)BestPracticesDon’topensuspiciousattachmentsDon’tfollowlinksDon’tattemptto“unsubscribe”PhishingDeceptiveemailstogetuserstoclickonmaliciouslinksEntersensitiveinformationRunapplicationsLookidenticaltolegitimateemailsYourBankPayPalGovernmentVariantsVishing–sameconceptbutwithvoiceUserinstructedtocallintosystemTextmessagesandpostalmailP...