Scribd Logo
Upload

Welcome to Scribd!

  • 59 views

    Security Awareness Training: Security Is Everyone's Responsibility

    Uploaded by

    Hemant Dusane
    This document provides an overview of security awareness training. It discusses the importance of security awareness and how the human factor is the biggest threat to information systems. The training agenda covers choosing strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. It provides tips for creating strong passwords, safely browsing the web, securing email, using mobile devices securely, questioning strangers, and preventing social engineering attacks like phishing. The document emphasizes that employees are key to effective security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Security Awareness Training: Security Is Everyone's Responsibility

    Uploaded by

    Hemant Dusane
    59 views21 pages
    This document provides an overview of security awareness training. It discusses the importance of security awareness and how the human factor is the biggest threat to information systems. The training agenda covers choosing strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. It provides tips for creating strong passwords, safely browsing the web, securing email, using mobile devices securely, questioning strangers, and preventing social engineering attacks like phishing. The document emphasizes that employees are key to effective security.

    Original Description:

    Original Title

    nmssecurityawarenesstraining-180607181251

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of security awareness training. It discusses the importance of security awareness and how the human factor is the biggest threat to information systems. The training agenda covers choosing strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. It provides tips for creating strong passwords, safely browsing the web, securing email, using mobile devices securely, questioning strangers, and preventing social engineering attacks like phishing. The document emphasizes that employees are key to effective security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    59 views21 pages

    Security Awareness Training: Security Is Everyone's Responsibility

    Uploaded by

    Hemant Dusane
    This document provides an overview of security awareness training. It discusses the importance of security awareness and how the human factor is the biggest threat to information systems. The training agenda covers choosing strong passwords, safe web browsing, email security, mobile device security, physical security, and protecting against social engineering. It provides tips for creating strong passwords, safely browsing the web, securing email, using mobile devices securely, questioning strangers, and preventing social engineering attacks like phishing. The document emphasizes that employees are key to effective security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    Security Awareness Training

    Security is everyone’s Responsibility

    Denis KISINA
    Bsc CS, CompTIA Network+, Security+
    Technologydoctor.ug
    Choosing good passwords
    Safe Web browsing
    Email Security
    Agenda Mobile Devices
    Physical Security
    Social Engineering
    IMPORTANTANCE OF SECURITY AWARENESS

     The behavior of employees and contractors with access to data affects information
    systems and assets
     The human factor (what employees do or don’t do) is the biggest threat to
    information systems and assets.
    Use Strong Passwords

    1. Use unique passwords for all of your accounts


    2. Lengthy
    At lest 8, more is better.

    3. Complex
    Mix upper, lower, numbers, and symbols

    4. Do not use common or predictable passwords


    Examples of bad passwords: your own birthday, people's names, your phone number

    5. Change passwords periodically (90 days)


    6. Keep your passwords secret
    Do not share with others or write them down.
    Strategies for Creating Strong Passwords

     Avoiding common passwords


    Word combinations rather than single word
    Incorporating Acronyms or non-English language words
    Full sentence phrases
     Substitute letters with numbers or symbols
    Example: purp!3ClothingDiscOunt
    Example: P4sswords@reg00d!
    Safe Web Browsing

     Before logging into or entering sensitive information into a website, look for the security padlock
    symbol in the URL bar.

     Double clicking the icon will display the certificate information for the page you are viewing to
    guarantee that you re as a safe, secure website
     The “https” is another indication that the page you are viewing is secure.
     Pay attention to the web address – if it has changed or doesn’t seem right it may be a fraudulent site.
    Safe Web Browsing
    Safe Web Browsing

     www.facebook.com
     www.facebook.com
     www.facebook.com
    Safe Web Browsing

     How to safely close Scareware Popups


    Hold the Alt+F4 key
     NOTE: Never click on any of these buttons
    Email Security Best Practices

    Don’t use your personal email account for work purposes


    Do not open attachment is unfamiliar emails
    Do not click on suspicious links.
    Use secure email encryption whenever sending any
    restricted or sensitive information.
    Carefully Inspect Emails
    Carefully Inspect Emails
    Mobile Devices

     Protect your devices with a password/PIN (6 Digit recommended


    minimum)
     Device encryption, Remote wipe, GPS location, physical security
     Do not download apps from unknown sources.
     Read what others are saying about the app in the review section.
     Avoid using public Wi-Fi hotspots, especially when access any password-
    protected sites or where you will enter any personal or confidential
    information.
    Physical Security

    Question all Strangers. Alert security guards and/or


    management to suspicious individuals.
    Be sure authorized visitors/contractors have properly checked
    in.
    Make sure individuals use their own key fobs/card keys when
    entering secure areas.
    Physical Security

    Piggy-backing or Tail-gating
     Following employees into non-public areas while pretending to be a
    vendor, employee, or customer
    Physical Security

     Always lock your computer screen whenever leaving your computer


    unattended.
     Secure sensitive paper documents when leaving work areas unattended
    and at the end of the day. Understand and comply with your
    organization’s end-of-day closing procedures.
     Use secure shred bins for disposing of sensitive paper documents and
    electronic media
    Social Engineer

    Email Phishing
    Example: A social engineer sends an email that appears to come
    from a fellow employee asking the recipient to download an
    attachment or click on link.
    Social Engineer
    Social Engineer

     Pretext Phone Calls


     Example: A social engineer calls and pretends to be a fellow employee or
    a trusted outside authority (such s law enforcement, vendor, or an
    auditor).
     Physical Social Engineering
     Example: piggy-backing/Tail-gaiting - Can you hold the door for me? I
    don’t have my access card on me.
    7 Security Tips

    1. Follow a clean desk policy


    2. Be aware when creating or disposing paper documents.
    3. Consider carefully what information you put out there.
    4. Prevent unauthorized people accessing your company.
    5. Just because they know you, doesn’t mean you know them!
    6. Phishing scams: Don’t bite.
    7. Prevent damage from malware.
    You are the key to effective security!

    Q&A.

    You might also like