InfoSec Training 2020

InfoSec Training 2020.

TABLE OF CONTENTS. Password Policy & Security Email Security Roles & Responsibilities Question & Answers Informaiton Security Agenda.

[Audio] Agenda for this Training are 1) INFORMATION Security : Physical Security Data Security Credit card information security Secured links Understand threats & types Consequences 2) Password Policy & Security : Importance Regularly change Minimum length Complex strong passwords Four characters Example of bad and strong passwords :.

[Audio] Information Security Types are: Physical Security Data Security Credit card information security Secured links Understand threats & types Consequences.

[Audio] Physical Security Not all threats are "cyber threats" Information one commodity that can be stolen without being "taken" Physically barring access is first line of defense Do not allow any one to tail-gate you. Always wear your ID card In case of lost or stolen ID card, immediately inform your supervisor and IT personal..

Information Security. WHY?. THE REALITY OF DATA BREACHES IN 2019 DATA RECORDS COMPROMISED IN FIRST HALF OF 2019 3,046,456 records lost or stolen every day 126,936 records every hour records every minute 35 records every second.

Information Security. WHY?. eu!l wouoq J!eql papedul! eneq setpeelq elep Ples OMM sa!uedwo) 0/0LZ KJ!Apnp0Jd aeK01dwa pepedw! KIBAAe6au peq secpealq e)ep P!es OMM sa!uedwo) @ 0/0Lt sacpea18 eleo JO pedwl sseu!sng cpealq uep e JO llnsau e se sa)uenbasucn lepuauut.uo) pa)uawadxa sa!uedwo) SIN3010Nl 06 0/06 K6010utpa1 O/OLL O/OLL uoneonpa 81 L O/OZL lepueu!d LEI 0/07L luawuuaA09 SiN3010Nl 6GL 0/091 O/OLZ a.]eoqueaH KJFnpul Kq seqoeeJ8.

Information Security. Data Security. Where do you store data? Are you responsible for that data? Whom you have shared that data? Whom you have shared your access? Why information security is important to you?.

Information Security. Sensitive Data Security. Ability to secure a computer’s data influenced by the security of every computer to which it is connected Need to ensure that confidential data is only available to correct people. Information System (IS) is entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization Security should be considered balance between protection and availability Impossible to obtain perfect security—it is a process, not an absolute To achieve balance, level of security must allow reasonable access, yet protect against threats.

Information Security. Sensitive Data Security. CISO: Encryption is eeded to protect secrets of the organization. Access Security User I: Encrypting e-mail is a hassle. User 2: Encrypting e-mail slows me d Balancing Information Security and Access.

Information Security. Credit Card Security. Remember to NEVER store payment card data in any form for any reason. Do not store sensitive authentication data after authorization Protect stored Card Holder Data (CHD) Do not store full track, CVV or PIN Make sure AV is installed and enabled. Try to use only https (SSL) connections Please share any malicious things to your respective TL or IT personal. Recognize unusual or suspicious activity/transactions.

Information Security. Credit Card Security. http://www.rfiimp0rts.com/cpg146/albums/home/ Suspicious Website X Welcome - PayPal PayPal Welcome Member Email Address password Suspicious website This might be a phishing website. Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Microsoft recommends that you do not give any of your information to such websites. Report whether or not this is a phishing website. What is Phishing Filter? N Ices For »Shop WithoutS n Your Financial Information PayPal. Privacy is built in. Learn more.

Information Security. Understand Threats. Risks caused by poor security knowledge and practice : Identity Theft, Monetary Theft, Legal Ramifications (for yourself and companies), Termination if company policies are not followed According to www.SANS.org , the top vulnerabilities available for a cyber criminal are: Web Browser, Attachment, Web Applications, Excessive User Rights Security VS Safety: Security: We must protect our computers and data in the same way that we secure the doors to our homes. Safety: We must behave in ways that protect us against risks and threats that come with technology The internet allows an attacker to attack from anywhere on the planet.

Password Policy & Security. Importance Regularly change Minimum length Complex strong passwords Four characters Example of bad and strong passwords.

Password Security. WHY?. Passwords are the entry point to IT and other enterprise resources, an important aspect of computer security. They are the front line of protection ensuring logical access controls on Network elements, applications, devices, security devices, laptops and desktops. A poorly chosen password may result in the compromise of Ascendum corporate network. As such, all users (including contractors and third-party employees having access to Ascendum information systems) are responsible for taking the appropriate precautions/ steps, as outlined below, to select and secure their passwords. The purpose of this document is to provide a set of minimum-security standards to be implemented on Ascendum IT systems and network components for password management..

Password Security. How?. Your password is yours alone . Don’t share your password with anyone, including your supervisors, assistants or IT persons. Never write down your passwords any where. (Diary, chits, sticky notes, mobile, email drafts etc) Always keep strong passwords, use phrases and 4 characters. Don’t use personal information in passwords. Never save your passwords in browsers or any other applications. Stay alive, someone looking over your shoulder can discover your password. Don’t keep a copy of your password in a desk drawer, on a monitor, or under a keyboard..

Password Security. 4 Characters. English uppercase letters (A, B, C). English lowercase letters (a, b, c). Arabic numerals (1, 2, 3). Special characters ( !, *, $, or other punctuation symbols)..

Password Security. Bad Passwords. Using persons name or team names: Sachin , Virat , India, Indian Using Number sequence: *12345*007*987*000* Using Letter string: AAAAAA Using Mixed-case sequence : ABcdEFgh Using Company name : Ascendum, RecordFlow Keyboard sequence : QwERty or ASdFgh Worlds or anything similar to : Password, Login, Security Don’t use any term that could easily be guessed by someone who is familiar with you..

Password Security.

Password Security. Conclusion. A password is the key to your organization’s resources. A strong password can protect your official account. Take strides to make strong passwords that are not obvious to someone familiar with you. Your password should be minimum 8 character long. Remember to change your password on a regular basis. Should not contain personal identification numbers, including those on a license plate, your telephone number, birth date, or any part of your Social Security number. They consist of known words that can be found in many hacker password dictionaries..

E-mail Security. Disclosure of sensitive information Exposure of systems to malicious code Denial-of-Service ( DDoS ) Unauthorized accesses Malware & Phishing.

E-mail Security. Leading Threats. Virus Worm Trojan Horse Logic Bomb Social Engineering Rootkits Botnets Zombies Ransom ware Spywares.

E-mail Security. Sample Phishing Email…. From: To: Cc: Subject: Internal Revenue Ors-service @IRS.GOVI Official Notification Sent: Tue 2/3/2009 3:55 PM Phishing emails are often sent from addresses that look official. After the last annual calculations of your fisca are eligible to receive a tax refund of $92.50. Please submit the tax refund request and allow us 3-6 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for our tax refund, please click here cimaonline . ca f m Internal Revenue Service index. html Regards, Internal Revenu Service . @ Copyright 2089, ternal Revenue Service U.S.A. Notice that the URL does not direct you to an official IRS website. Clicking on this link would take you to a fraudulent website with a form to enter your personal information..

E-mail Security. Sample Phishing Email…. From: Cc: Subject: on behalf of 7:55 PM Amazon management amazoncen3de anc. on. Suspension ca amazon.com Dear Client. VVe have sent you this e-mail. because we have strong reason to belive. your account has been used by someone else.ln order to prevent anv fraudulent activit•,' from occurrinq we are required to open an investiaation into this matter. Weve locked your Amazon account. and you have 36 hours to verify it. or v..ee have the right to terminate it. To confirm ur ident • wtth us click the link bellow: https:rmrvvvv_amazon_comfexecfobidosfsiqn-in_html Sincerely. Hovering: over the.link.reveals. sj.tee- "http The Amazon Associates Team 01996-201 3. Amazon-corn. Inc. or its affiliates.

E-mail Security. General Principles:. Neither IT support staff nor any legitimate business will EVER ask for your password in an email!!! Use common sense and logic – if it’s too good to be true, it probably is. Think before you click – many have fallen victim due to a hasty reply Don’t be timid about asking for help from your IT support person or the IT Help Desk Don’t open email attachments you were not expecting From someone you do not know From someone you know, but weren’t expecting them to send you a file (infected computers can send malicious emails from the owner of the computer to everyone in their email addressbook ) This is especially true if the content of the email message is brief, vague, and/or unusual.

E-mail Security. Characteristics of scam email. Poor grammar and spelling The “Reply-to:” or “From:” address is unfamiliar Uses unfamiliar or inappropriate terms (like “send your account information to the MAIL CONTROL UNIT”) It asks for private information like a password or account number The message contains a link where the displayed address differs from the actual web address It is unexpected (you weren’t expecting Joe to send you an attachment) Does not provide explicit contact information (name, address, phone #) for you to verify the communication. Good example is spear phishing scam that tries to steal your eID password is signed “Webmail administrator”.

E-mail Security. Evaluating Attachments. Ignore or delete it if it’s not expected or important ; not worth the risk of opening it and infecting your computer and inform the compliance team about attachment Beware of executable files embedded in .zip attachments – is a common way for hackers to send .exe files that would normally be deleted by email systems If there’s any reason to believe it might be legitimate, validate the attachment before opening it Contact the sender and ask if it is legit Ask your IT support person or the IT Help Desk Test it with antivirus software to see if it is a known malicious program Saving it to your desktop without opening it or executing it is usually safe If Symantec recognizes it as malicious, it will prevent you from saving it to the desktop (a function of the “real time scan”) If not detected, is either OK or a new variant of malware.

Roles & Responsibilities. Understanding of policy and procedure Informing malicious activity Privacy, Confidentiality, Integrity Dos & Don'ts Tips http://kpslive.asckps.com/.

Roles & Responsibilities. DOs. First comes Physical Security. Always wear your ID card. Know your company policies and follow them. Make sure your account is protected with a strong password and keep it confidential. Lock your computer when not in use. Beware of where you do your online banking – Validate the website you are accessing Report all suspicious activity and cyber incidents to your manager and ISO/ designated security representative. Be aware of your surroundings when printing, copying or discussing sensitive information. Destroy information properly when it is no longer needed. Be accountable for your IT assets and data.

Roles & Responsibilities. DON’Ts. Don’t do or allow tale-gating. Don’t keep yourself logged into important accounts Don’t leave your computer unattended and unlocked Don’t share your passwords to others. Never write or save your passwords or critical information in any manner. Don’t click on options in suspicious pop-up windows, just close them. Don’t click on links from an unknown or untrusted source. Don’t let your browser store/remember important passwords Don’t leave sensitive info lying around the office Don’t plug in personal devices without the OK from IT Don't open email attachments from unknown sources.

Tips. Tips. Use these practices at home and at work to keep safe and secure. Always use secure browser to do online activities. Keep your anti-virus updated and always on. If you experience slowness / poor computer performance or excessive occurrences of pop-up windows, contact IT. Please inform your supervisor or IT personal immediately about any suspicious activity you have noticed around..

Question & Answer.

Thank you!.