information security best practices l.
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security Best Practices PowerPoint Presentation
Download Presentation
Information Security Best Practices

Loading in 2 Seconds...

play fullscreen
1 / 14

Information Security Best Practices - PowerPoint PPT Presentation

  • Uploaded on

Information Security Best Practices John R. Burnette Tuesday, December 9, 2008 Introduction Today there are e-mail viruses, Trojans, Internet worms, keystroke loggers (i.e. malware) and hackers.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Information Security Best Practices' - benjamin

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information security best practices

Information Security Best Practices

John R. Burnette

Tuesday, December 9, 2008


Today there are e-mail viruses, Trojans, Internet worms, keystroke loggers (i.e. malware) and hackers.

Twenty years ago the first computer virus was written to protect floppy disk software from bootleggers.

1990s viruses were created for cyber vandalism

Michelangelo virus – 1990

SoBig-F virus – download programs from the web at a specific time

Delete a hard disk or corrupt a spreadsheet

2008 malware is created for securing financial assets

Keystroke logger – waits until a victim visits a banking website and then records the user’s account numbers and passwords and sends the information to a hacker.

information security targets

Information Security Targets

All Businesses with monetary assets, Intellectual Property, and

personal identity information (i.e. identity theft)

All U.S. citizens and foreign nationals with monetary assets

Business and Personal BankAccounts

Checking and Savings Numbers

Business and Personal Checks

Business and Personal Computers

Business and Personal Data

Social SecurityNumbers

Employee Addresses and TelephoneNumbers

Business and Personal Debit Cards

Business and Personal Credit Cards

Credit Card Receipts(i.e. carbon copy)

Credit CardNumbers

Credit Card Statements

information insecurity threat
Information Insecurity - Threat

Hackers, Phishing, E-Mail Scams, Trojans, Worms

Attacks originate from 106 countries – benefit of a prosperous global economy





China, People’s Republic of China


Eastern Block (i.e. Yugoslavia, Albania, Romania)







Korea, Democratic People’s Republic of (North Korea)














United States and Europe

information security business and personal computers
Information Security – Business and Personal Computers

Provide an air gap between your sensitive and non-sensitive data

Computer No. 1

Internet Usage – access web sites

Internet Explorer – search the world wide web


Computer No. 2

Vulnerable Business and Personal Information

Bank Account Numbers

Investment Account Numbers

Credit Card Numbers

Tax Returns

Social Security Numbers and Personnel Information

Financial spreadsheets

Computers are standalones – no internet access or e-mail capability

Microsoft products are extremely vulnerable

Cost/Benefit Analysis – Second computer compared to compromised financial records.

information insecurity malware
Information Insecurity - Malware

Commercial CDs loaded with malware.  Legitimate looking CDs that are freely available at trade shows, conventions, foreign travel.

Malware – uses e-mail and websites

Storm – 2007 “utilizes social engineering techniques to make its messages highly appealing to open and click through.”

2008 Internet Malware Trends, Cisco, IronPort.

The estimate is 50 million computers have been infected.

information security best practices7
Information Security – Best Practices

Use a strong password for your computer and password protect your documents. A strong password will have a variety of letters, numbers, and characters.

Use Encryption – PKI, PGP

Double Your Protection – use both a strong password and encryption for sending documents (both internal and external). The encryption provides both security and confidentiality for the sender and receiver.

Install antivirus/firewall software on your laptop computer

Use a physical lock for your laptop computer (i.e. business travel and college students)

Sanitize your laptop computer when returning from business or personal travel to a foreign country.

information security email
Information Security - Email

Incoming e-mail

Never open e-mail from a party that you do not know.

Read the e-mail address carefully

Instead of the address may read

E-mail client should be set to prevent attachments from being displayed or opened unless confirmed by the owner of the system

Attachments may contain executable and malicious software

Install a Spam blocker utility

information security wireless networking
Information Security – Wireless Networking

Separate wireless from wired networks where practical

Separate security into two distinct problems: user (client) access security and wired network security. Breaking into the user network does not provide access to many information resources.

Business best practices

Make wireless access networks external to wired networks

Manage wireless network equipment out-of-band

Personal best practices

Use very strong (long) WPA/WPA2 personal passwords

Use secure (VPN/SSL) connections to email, websites

Maintain configuration of laptops (patches, anti-spyware, firewall)

information security best practices10
Information Security Best Practices

Use a biometric fingerprint reader for your laptop computer.

Use good configuration management practices for all client devices (patches, anti-malware, host firewall, periodic vulnerability scans to verify)

Use “thin client” methods where possible (applications and data are on secure server not client computer)

Use removable USB thumb drives to store sensitive information in encrypted form (reduces exposure to threats)

information security bank accounts
Information Security – Bank Accounts

OPSEC – Operations Security

Monitor and balance your monthly bank statements

Check for errors, overdraft charges, transfers

Balance your checkbook and savings accounts on a daily basis (i.e. Gesa Call 24)

Guard your passwords and account numbers – memorize instead of written on a Post-It Note hidden under the computer keyboard

Discrepancies – contact bank immediately

Shred all checkbook and savings account receipts (i.e. identity theft)

Mail all bills, birthday cards with checks at the post office instead of through your personal mailbox. Business and personal mailboxes are vulnerable to theft – ink on checks can be erased and rewritten.

information insecurity attacks
Information Insecurity - Attacks

E-Mail – Nigerian Scam – Please send me your bank account number, and I will deposit a large sum of money in your account.

Phishing – Gesa, Ebay – E-Mail, Telephone call

Many of the e-mail messages have the correct logo of the company and appear to be legitimate (i.e. U.S. DOE MSC announcement).

Check the e-mail address for accuracy.

Rule of Thumb – if the message is by e-mail or telephone immediately contact your bank/credit card company – do not use the telephone number provided in the message and do not provide any information to the caller.

Train your employees and family members in case of an attack.

Vulnerability – everyone

Easy targets – elderly, students

Trojans – Internet, E-Mail – infiltrate your computer and send your business and personal information to the sender – (i.e. Downloader)

Worms – Internet, E-Mail – Infiltrate your computer and send your business and personal information to the sender.

information security computers
Information Security - Computers

Guard your computer passwords – memorize

Do not give anyone your passwords

Lock your computer when leaving your desk –

Control Alt Delete Lock Computer

Screen saver has a ten minute lock

Keep your office door closed and locked when you are away from the building

best practices
Best Practices

Keep system patched

Use anti-virus and anti-spyware

Least permissions mode

Use due diligence (no magic bullet)

As the global economy continues to falter the number of cyber attacks will increase.