Security Awareness Training

By: Katlego Motlafe (ISRO). InfoSec Awareness Training.

Information Security Awareness Training What is Information Security Goals for Today Purpose of training Social Engineering Phishing Password Security Ransomware Confidentiality Integrity Availability InfoSec Policies Gift Card Fraud.

What is Information Security. Access to information should be restricted to only those who need access to it.

Technology Process People. People Training and Awareness Organizational Culture Professional Skills and Qualifications Competent resources Process Governance Frameworks and Best practice Processes and procedures Assessments and IT Audits Technology Technological controls Tools and systems.

Purpose of training. To promote awareness of currently existing information security policies, procedures and standards. To answer any questions about information security requirements and procedures. To promote general computer security awareness.

Can you find the the mistake?. https://www.instagram.com.

Can you find the the mistake?. https://www.instagram.com.

Social Engineering. Distraction. and. Misdirection.

Phishing. When Scammers fool you to think they are someone you trust in order to make you do something..

Search. You may be surprised, but some of the top search results in Google are phishing links. Scammers also invest in search engine optimization and work hard to rank their scam sites in the top search results..

Social Media Scams. Social media is full of fake accounts. It could also be a fake account with the same name and photo as one of your real friends that will later try to scam you. Or a Compromised account.

QR Code Scams. Who thought a QR code could be dangerous? They are everywhere, especially in restaurants. Criminals can place their own sticker over the legitimate one. So that when you scan it, you will be redirected to a fake site..

Vishing (voice phishing) is a type of phishing attack made over the telephone. Scammers can spoof a phone number that looks identical to a known number, like your bank..

What Helps Protect You From Phishing Attacks?. If it’s urgent, don’t let the emotions cloud your judgment Call and verify! - Verify that you are talking to the correct person Check the address - Always check the email address and URL for spelling mistakes Enable Multi-Factor Authentication Look at the style of the message. If it’s odd, call and verify Ask questions.

What is Payment Fraud?. If you’re tricked into sending money to a fraudulent bank account, the bank may not be there to help you. After all, it’s you who transferred the money, not the criminal..

[image]. Verify that the bank info match the one on file.

[image] PASSWORD ACCOL_JNI blow. Don’t reuse passwords!.

7 characters < 1 Sec 1 minute 6 Minutes 8 characters 5 Seconds 1 hour 8 Hours 9 characters 2 Minutes 3-4 days 3 Weeks 10 characters 58 Minutes 7 months 5 Years 11 characters 1 day 40 year 400 Years 12 characters 3 weeks 2000 years 34 000 Years.

[image]. [image]. HOWEVER….. So even if you have a STRONG PASSWORD, it may still not be enough..

And That is Why…. [image]. [image] Security. This will help to protect your account if your password was stolen or leaked in a data breach..

Or even better yet, a physical USB key. What type of Multi-Factor Authentication to use?.

Ransomware. [image] YOUR PE SO AL FILES ARETENC! Make payment o will be dest 12 Hours TED key.

[image] YOUR PEFSO AL FILES ARETEWCf TED key Make payment o will be destro 12 Hours 01..

Encrypt the data on the USB device in case you lose it or it gets stolen..