1 / 28

Information Security Awareness Training

Information Security Awareness Training. Why Information Security?. Information is a valuable asset for all kinds of business More and more information related crimes happen Information leakage, damage will impact, even finish business. Do’s and don’ts. Do use licensed and supported software

edwinr
Download Presentation

Information Security Awareness Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information SecurityAwareness Training

  2. Why Information Security? • Information is a valuable asset for all kinds of business • More and more information related crimes happen • Information leakage, damage will impact, even finish business

  3. Do’s and don’ts • Do use licensed and supported software • Do have anti-virus tool, keep it up to date, and scan portable media before usage

  4. Verify your Anti-virus is up to date

  5. Verify your Anti-virus is up to date

  6. Do’s and don’ts (continued) • Do have your Personal Firewall set to ON

  7. Verify your Personal Firewall is ON

  8. Verify your Personal Firewall is ON

  9. Verify your Personal Firewall is ON

  10. Verify your Personal Firewall is ON

  11. Configure Screen Saver

  12. Configure Screen Saver

  13. Do’s and don’ts (continued) • Do keep Windows XP security patches up to date • Do keep software up to date • Do choose a strong password, change it periodically, and make sure that you are the only person that knows it

  14. Pa55VV0RD!! • Don't use your login name in any form • Don’t use word or words contained in any language dictionary • Don't use numbers significant to you or someone close to you, or associated with the University • Don't use passwords based on simple keyboard patterns • Remember it or keep it in a protected place, such as a locked safe

  15. Do’s and don’ts (continued) • Do use Laurier’s resources for business purposes, please! • Do lock your screen/computer when unattended • For laptop users, do keep your eyes on it, use chain locks when necessary • Do contact the ITS Help Desk when necessary • Do report incidents, abnormal things to designated people, and leave the scene untouched if don’t know what to do • Do back up your documents • Do think about IT security on a regular basis

  16. Do’s and don’ts (continued) • Do not shut down security applications on your computer, including anti-virus tool, Firewall, automated update etc • Do not let unknown people touch your computer, feel free to challenge his/her ID when necessary • Do not give out your password to anyone, including ITS staff • Do not provide your password in an email reply • Do not connect personal computing devices to the WLU wired network • Do not use insecure wireless connections • Do not open an email attachment unless you are certain of the veracity of its contents • Do not open an unknown website or URL unless you are certain of its veracity

  17. Example

  18. Example

  19. Example

  20. Example

  21. Example

  22. Social Engineering • Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of an inappropriate trust relationship with insiders • The goal of social engineering is to trick someone into providing valuable information or access to that information

  23. Suggestion 1 • If you cannot personally identify a caller who asks for personal information about you or anyone else, for information about your computer system, or for any other sensitive information, do not provide the information. Insist on verifying the caller’s identity by calling them back at their proper telephone number as listed in telephone directory. This procedure creates minimal inconvenience to legitimate activity when compared with the scope of potential losses.

  24. Suggestion 2 • Remember that passwords are sensitive. A password for your personal account should be known ONLY to you. Systems administrators or maintenance technicians who need to do something to your account will not require your password. They have their own password with system privileges that will allow them to work on your account without the need for you to reveal your password. If a system administrator or maintenance technician asks you for your password, be suspicious.

  25. Suggestion 3 • Systems maintenance technicians from outside vendors who come on site should be accompanied by the local site administrator. If the site administrator is not familiar to you, or if the technician comes alone, it is wise to give a call to your known site administrator to check if the technician should be there. Unfortunately, many people are reluctant to do this because it makes them look paranoid, and it is embarrassing to show that they do not trust a visitor.

  26. Thanks for your time !Any questions or suggestions?To download this slides, go to computersecurity.wlu.ca, Security Awareness TrainingRecommend : Tips of The Day Guidelines to Password Selection Grant Li Ex. 2797 Email: gli@wlu.ca

More Related