1 / 33

TRACs Security Awareness FY2009

TRACs Security Awareness FY2009. Office of Information Technology Security. Course Objectives. Why Is Cybersecurity Important? How Can I Be a Safe User? How Can I Help Protect HUD and Its Information?. Overview. CyberSecurity Goals Managing and Understanding CyberSecurity Risks

benecia
Download Presentation

TRACs Security Awareness FY2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TRACs Security AwarenessFY2009 Office of Information Technology Security

  2. Course Objectives Why Is Cybersecurity Important? How Can I Be a Safe User? How Can I Help Protect HUD and Its Information?

  3. Overview CyberSecurity Goals Managing and Understanding CyberSecurity Risks CyberSecurityand Protecting HUD Information and Computer Network • Threats • Impacts • Vulnerabilities

  4. CyberSecurityGoals Confidentiality– Limiting access to information to authorized persons only Integrity– Protecting information from unauthorized or unintentional modification Availability– Ensuring that information and resources are available to those who need it when they need it

  5. Risks & Risk Management Risk is the danger that is posed to a protected object by a combination of threats& vulnerabilities

  6. Components of Risk Threat: Any person, event, or environmental factor that could impact or harm a Protected Object Vulnerability: A weakness that can be exploited by a threat. It is the hole through which a threat gains access to a protected object Impact: The way a protected object could be affected or harmed by a threat

  7. Threats A threat is any person, event, or environmental factor that could impact or harm a protected object. Threats can be either active or passive.

  8. Threats: Hackers What is it? • Unauthorized access to information or computer systems • Examples include • anti-government groups • a "kid in the basement“ • a disgruntled employee • Criminals • Trained cyber warriors How can it harm? • Loss of • Data • Identity • Money • Credibility • System availability

  9. Threats: Hackers What can I do? Do • Be suspicious • Be careful with your • Personal data • Passwords • Sensitive organizational information • Report suspicious activity • Practice security habits at all times and in all places Don't • Give out non-public information about yourself or your organization • Follow directions of others without confirming the person's authorized role • Attempt to modify or bypass security measures

  10. Threats: Cyber Warfare What is it? • An organized attack against a computer system or network by a hostile group. It is often used as part of a physical warfare strategy. How can it harm? • Impair nation's economy, critical infrastructure, or our ability to fight a physical war. What can I do? • Follow security guidelines and policies

  11. Threats: Malicious Code What is it? Software designed to: • disrupt the normal operations • allow an unauthorized access Often called "viruses” Examples: • Viruses • Worms • Trojan Horses • Adware or Spyware

  12. Threats: Malicious Code How can it harm? • Sharing sensitive data with unauthorized persons • Performance malfunctions including computer crashes • Files and records destruction • Connection overload causing denials of service

  13. Threats: Malicious Code What can I do? Do • Only accept files from valid sources • Scans files from outsiders for malicious code • Ensure antivirus software is installed and kept up-to-date Don't • Download files from questionable sources • Modify or disable antivirus software • Load suspicious media on your computer

  14. Threats: Information Gathering What is it? Collecting personal or sensitive information that an attacker can use to bypass security systems. Common techniques: • Shoulder surfing • Dumpster diving • Data mining • Searching online sources • Social engineering • Phishing

  15. Threats: Information Gathering How can it harm? Loss of • Data • Identity • Money • Credibility or Reputation

  16. Threats: Information Gathering What can I do? • Check your surroundings • Be suspicious • Verify identities • Safeguard personal information • Don’t volunteer information • Check security settings on the web • Shred sensitive material • Contact organizations by telephone if there is any doubt as to the authenticity of an e-mail or Web site

  17. Threats: Identity Theft What is it? • A crime in which someone wrongfully obtains and uses another person's personal data in a way that involves fraud or deception. • Items often stolen are: ID badges, user names and passwords, social security numbers and credit card or bank account information.

  18. Threats: Identity Theft How can it harm? • Obtain credit in you name • Incur fraudulent charges • Open accounts • Access anything your identity is used to protect. What can I do? • Protect your personal information and that of others

  19. Threats Summary If you encounter suspicious events on a HUD System: Immediately call HUD’s Call Center at 1-888-297-8689 If you receive an e-mail at home that appears suspicious, call or contact the organization listed in the From line before you respond or open any attached files

  20. Vulnerabilities A vulnerability is a weakness that can be exploited by a threat. It is the hole through which a threat gains access to a protected object. Common vulnerabilities include: • Weak or unprotected credentials or passwords • Program installation or modification • Peer-to-peer software • File transfers • Removable media

  21. Vulnerabilities: Weak or Unprotected Credentials & Passwords What is it? The use of credentials to confirm a user's identity and grant access to a computer system. How can it harm? • Allowing unauthorized access to HUD’s network • Data breaches, theft or unauthorized modification

  22. Vulnerabilities: Weak or Unprotected Credentials & Passwords What can I do? Keep your credentials (your passwords and smart cards) safe. • Protect them like you do the keys to your home • Never allow another person to use your credentials to log in as you.

  23. Vulnerabilities: Weak or Unprotected Credentials & Passwords Do’s • Select a unique password of 8 characters or more • Use 3 of the 4 available character types including caps, numbers & symbols • Change passwords as necessary • Think creatively when creating passwords Don’t • Share passwords with anyone • Use the same password for multiple accounts • Create group passwords • Write down passwords • Base passwords on information that might be guessed • Begin your password with a real word What can I do?

  24. Vulnerabilities: Program Installation or Modification What is it? • Program installation refers to loading software onto Department computers. • Program modification refers to changing the settings of existing programs.

  25. Vulnerabilities: Program Installation or Modification How can it harm? • Hackers often use software vulnerabilities to exploit a network • Every software program used by HUD is tested first and configured for safe use • New programs or settings that have not been tested or controlled by system managers can create unknown vulnerabilities

  26. Vulnerabilities: Program Installation or Modification What can I do? • Understand how your business relies on information and information technology • No non-standard software without prior approval • Do not download or install unauthorized programs • Do not make changes to security settings

  27. Vulnerabilities: File Transfers What is it? Term used to describe the movement of files between computers. Common methods include: • Downloading files from the Internet • Receiving e-mail attachments • Copying files from removable media like CDs, floppy disks, and USB drives • Peer to Peer

  28. Vulnerabilities:File Transfers How can it harm? • Inadvertent introduction of malicious code • The most common source of virus infection is e-mail attachments, followed by Internet downloads What can I do? Before transferring anything to your computer, consider: Rule 1: If you don't need it, don't download it! Rule 2: If you need it, do you trust the source? Rule 3: Scan files that are coming from outside the Department with virus protection software before opening

  29. VulnerabilitiesSummary if you encounter suspicious events on a HUD System: Immediately call to HUD’s Call Center at 1-888-297-8689 a security incident

  30. Impact The way a protected object could be affected or harmed The way your mission operations could be affected or harmed “It’s all about protecting the information, not computers.” Ira Winkler, The Grill Interview, Computerworld, July 28, 2008

  31. Minimizing Impact Actively manage security risks • Building Security In • Reducing Exposure • Standardizing Operations • Enhancing Awareness and Competencies • Act Securely

  32. Minimizing Impact • What information does your mission rely on? • Where does that information reside? • Who has access to that information? • How reliable or accurate is that information? • What is the back up plan should that information become unavailable?

  33. Contact Information: Marian P. Cody Chief Information Technology Officer Office: 202-402-3108 Cell: 202-412-0364 Fax: 202-708-0027 Marian.P.Cody@hud.gov Joyce M. Little Director, Policy and Management Division Office: 202-402-7404 Fax: 202-708-0027 Joyce.M.Little@hud.gov John S. Hawkins Security Awareness and Training Office: 202-402-3642 Fax: 202-708-0027 John.S.Hawkins@hud.gov

More Related