1 / 36

The Role of Information Security in Everyday Business

The Role of Information Security in Everyday Business. <Company>. Information Security Explained. Information Security Explained The Need for Information Security Your Security Role at <Company> Vital <Company> Assets Security Threats & Countermeasures Home Computer Use

ivria
Download Presentation

The Role of Information Security in Everyday Business

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Role of Information Security in Everyday Business <Company>

  2. Information Security Explained • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  3. Information Security Explained Information security involves the preservation of: • Confidentiality: Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals • Integrity: Ensuring the accuracy and completeness of information and processing methods • Availability: Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals

  4. The Need for Information Security • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  5. The Need for Information Security • It is the law • <Provide overview here>

  6. The Need for Information Security (2) • In the news • “Mcafee: Auditor failed to encrypt employee-recordsCD, left it on plane,” mercury news, 2/23/06 • “Another security breach reported - Stolen laptop hadclients' private data, says Ernst & Young,” San FranciscoChronicle, 2/25/06 • “The network is the risk: in August, the Zotob virus disabled CNN and ABC News...” Risk & Insurance Magazine, 9/15/05 • “Glouco employee charged with theft: He and his brother are accused of creating fake firms to take $110,000-plus from the utilities authority,” The Philadelphia Inquirer, 2/24/06 • “ChoicePoint multi-million dollar penalty illustrates need for congress to enact strong id-theft protections, regulate data brokers,” US Newswire, 1/26/06 • Consequences • Many of the victims are you, the people. • Reputations are compromised through media coverage. • Substantial financial loss is incurred by impacted organizations.

  7. The Need for Information Security (3) • Previous <company> security incidents • <Provide overview of applicable previous security incidents experienced by company here>

  8. The Need for Information Security (4) • The consequences of insufficient security • Loss of competitive advantage • Identity theft • Equipment theft • Service interruption (e.g., e-mail and <application>) • Embarrassing media coverage • Compromised customer confidence; loss of business • Legal penalties

  9. Your Security Role at <Company> • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  10. Your security role at <company> • You can prevent several security threats facing <company> • Comply with our corporate security policies • Key policy one • Key policy two • Key policy three • All of <company>’s corporate security policies may be located: • <Provide all locations here>

  11. Your security role at <company> • You can prevent several security threats facing <company> (2) • Treat everything you do at <company> as you would treat the well-being of anything of vital importance to you • Examples of questions you should ask yourself before performing a specific activity include: • Could the actions I am about to perform in any way either harm myself or <company>? • Is the information I am currently handling of vital importance either to myself or <company>? • Is the information I am about toreview legitimate / authentic? • Have I contacted appropriate<company> personnel withquestions regarding my uncertaintyof how to handle this sensitivesituation?

  12. Your security role at <company> • Whom to contact • It is critical for you to contact appropriate <company> personnel the moment you suspect something is wrong • <Name “1”, title, reason to contact> • <…> • <Name “n”, title, reason to contact>

  13. Vital <company> Assets • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  14. Vital <company> assets • Your effectiveness in securing <company>’s assets begins with understanding what is of vital importance to <company> • <Asset “1”> • <…> • <Asset “n”>

  15. Security Threats & Countermeasures • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  16. Security threats & countermeasures • Malicious software: viruses • Malicious code embedded in e-mail messages that are capable of inflicting a great deal of damage and causing extensive frustration • Stealing files containing personal information • Sending emails from your account • Rendering your computer unusable • Removing files from your computer • What you can do • Do not open attachments to e-mails: • Received from unknown individuals • That in any way appear suspicious • If uncertain, contact <contact> • Report all suspicious e-mails to <contact>

  17. Security threats & countermeasures • Malicious software: spyware • Any technology that aids in gathering informationabout you or <company> without their knowledgeand consent. • Programming that is put in a computer to secretly gather information about the user and relay it to advertisers or other interested parties. • Cookies are used to store information about you on your own computer. • If a Web site stores information about you in a cookie of which you are unaware, the cookie is considered a form of spyware. • Spyware exposure can be caused by a software virus or in result of installing a new program. • What you can do • Do not click on options in deceptive / suspicious pop-up windows. • Do not install any software without receiving prior approval from <contact>. • If you experience slowness / poor computer performance or excessive occurrences of pop-up windows, contact <contact>.

  18. Security threats & countermeasures • Unauthorized systems access • Individuals maliciously obtain unauthorized access to computers, applications, confidential information, and other valuable assets • Not all guilty parties are unknown; some can be your co-workers • Unauthorized systems access can result in theft and damage of vital information assets • What you can do • Use strong passwords for all accounts • Commit passwords to memory • If not possible, store all passwords in a secure location (i.e., not on a sticky note affixed to your monitor or the underside of your keyboard) • Never tell any one your password • Never use default passwords • Protect your computer with a password-protected screensaver • Report suspicious individuals / activities to <contact> • Report vulnerable computers to <department>

  19. Security threats & countermeasures • Shoulder surfing • The act of covertly observing employees’ actions with theobjective of obtaining confidential information • What you can do • Be aware of everyone around you… and what they are doing • Airline and train travel • Airports, hotels, cafes, and restaurants; all public gathering areas • Internet cafes • Computer labs • Do not perform work involving confidential <company> information if you are unable to safeguard yourself from shoulder surfing • Request a privacy screen for your <company>-issued laptop computer from <contact>

  20. Security threats & countermeasures • Unauthorized facility access • Individuals maliciously obtain unauthorized access to offices with the objective to steal equipment, confidential information, and other valuable <company> assets • What you can do • Do not hold the door for unidentified individuals; i.e., do not permit “tail gaiting” • <Provide company procedures regarding challenging and reporting individuals with no visible visitor / employee ID badges> • Shred all <company> confidential documents • Do not leave anything of value exposed in your office / work space (e.g., Lock all <company> confidential documentsin desk drawers / file cabinets) • Escort any of your own visitors throughout theduration of their visit

  21. Security threats & countermeasures • Curious personnel • An employee who is not necessarily malicious thatperforms activities testing the limits of their network and facilities access • What you can do • Retrieve your <company> confidential faxes and printed documents immediately • Shred all <company> confidential documents • Lock all <company> confidential documents in desk drawers / file cabinets • Follow the guidance previously provided to prevent unauthorized systems access • Report suspicious activity / behavior to your supervisor

  22. Security threats & countermeasures • Disgruntled employees • Upset / troubled employees with an intent to harm other employees or <company> • What you can do • Contact <contact> if you suspect an employee is disgruntled and potentially dangerous • Be observant of others and report suspicious / inappropriate behavior to <contact> • Exercise extreme care when awareof unfriendly termination

  23. Security threats & countermeasures • Social engineering • Taking advantage of people’s helping nature /conscience for malicious purposes • What you can do • Never lose sight of the fact that successful socialengineering attacks rely on you, <company> employees • If a received phone call is suspicious, request to return their call • Do not provide personal / confidential <company> information to a caller until you are able to verify the caller’s identity, and their association with their employer’s company • Never provide a caller with any one’s password, including your own • Report any unrecognized person in a <company> facility to <contact>

  24. Security threats & countermeasures • Phishing • An online scam whereby emails are sent by criminals who seek to steal your identity, rob your bank account, or take over your computer • What you can do • Use the “stop-look-call” technique: • Stop: Do not react to phishing ploys consisting of “upsetting” or “exciting” information • Look: Look closely at the claims in the email, and carefully review all links and Web addresses • Call: Do not reply to e-mails requesting you to confirm account information; call or email the company in question to verify if the email is legitimate • Never email personal information • When submitting personal / confidential information via a Web site, confirm the security lock is displayed in the browser • Review credit card and bank accountstatements for suspicious activity • Report suspicious activity to <contact>

  25. Security threats & countermeasures • Information theft through free instant messaging services (IM) • Privacy threats caused by using free IM services in the workplace include personal information leakage, loss of confidential information, and eavesdropping • <Corporate IM security policy here> • What you can do • Depending upon with whom you are communicating, and how IM was implemented, every message you send – even to a co-worker sitting in the next cubicle – may traverse outside of <company>’s corporate network • All of the messages you send may be highly susceptible to being captured and reviewed by malicious people • Never send confidential messages or any files to individuals • Realize that there is no means of knowing that the person you are communicating with is really who they say they are

  26. Home Computer Use • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  27. Home computer use • Specific conditions and procedures should be followed when using home computers for business purposes • <Condition “1”> • <…> • <Condition “n”>

  28. Home computer use • Specific conditions and procedures should be followed when using home computers for business purposes (2) • <Procedure summary “1”> • <…> • <Procedure summary “n”>

  29. Helpful Security Resources • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  30. Helpful security resources • Outlined below are several helpful security resources • http://www.microsoft.com/athome/security/default.mspx • Security guidance for home computer use, which in many cases also apply to <company> computer use

  31. Helpful security resources • Outlined below are several helpful security resources (2) • http://www.microsoft.com/athome/security/spyware/software/default.mspx & http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx • Microsoft’s Windows Defender product, which is a free program that helps protect your home computers against pop-ups, slow performance, and security threats caused by spyware and other unwanted software

  32. Helpful security resources • Outlined below are several helpful security resources (3) • http://safety.live.com/site/en-US/center/howsafe.htm • Microsoft resources that help protect your home computers against hackers, malicious software, and other security threats

  33. Helpful security resources • Outlined below are several helpful security resources (4) • http://www.microsoft.com/presspass/newsroom/msn/factsheet/WindowsOneCareLiveFS.mspx • Windows Live OneCare is a service that continually protects and maintains your home computers

  34. Closing Comments • Information Security Explained • The Need for Information Security • Your Security Role at <Company> • Vital <Company> Assets • Security Threats & Countermeasures • Home Computer Use • Helpful Security Resources • Closing Comments

  35. Closing comments • Be security-conscious regarding anything of vital importance to <company> and yourself • When your personal safety, <company>’s safety, or any confidential information is involved, always ask yourself, “what measures should I perform to keep myself and my employer safe, and my employer’s confidential information protected against harm, theft, and inappropriate disclosure?” • Apply similar considerations discussed in today’s security awareness session when at home • Threats do not stop at the work place; they extend to your home and other surroundings • Do not allow this security awareness session lead to paranoia • Use what you learned today to make more informed decisions to protect yourself, <company>, and others • This security awareness session is the beginning of <company>’s information security awareness and training program • <Provide a brief summary of what should be expected next, and the strategic direction of your ISATP>

  36. Questions and Answers

More Related