Scribd
Upload
17 views

Abhay

Uploaded by

lienaxmagician
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views

Abhay

Uploaded by

lienaxmagician
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 27

WELCOME

Cyber Security
Abhay Singh Taknet

sobhasaria group of institutions


What is Cyber Security?

Cyber Security is a set of principles and


practices designed to safeguard your
computing assets and online information
against threats.
So, what does it mean?
Security Threats

Intrusion – Unauthorized individuals trying to gain access to computer


systems in order to steal information

Virus, Worm, Trojan Horse (Malware) – programs that infect your machine and
carry malicious codes to destroy the data on your machine or allow an intruder to
take control over your machine
Phishing – The practice of using email or fake website to lure the recipient in
providing personal information

Spyware – software that sends information from your computer to a third party
without your consent
Spam – programs designed to send a message to multiple users, mailing lists or
email groups
Security risks
• Compromised Personally Identifiable Information (PII);
PII data refers to name, SSN, D. Licenses, bank
accounts
• Identity Theft- computer intruders intent on stealing your
personal information to commit fraud or theft
• The use of unsecure settings of Peer to Peer File
Sharing applications.
• Compromised computer; A computer experiencing
unexpected and unexplainable
- Disk activities
- Performance degradation
- Repeated login failure or connections to unfamiliar services
- Third party complaint of a suspicious activity

Or a stolen or lost computer


Impact on work

Questions:
• How would you know whether an email sent to
you with an attachment is free from viruses?
• How do you secure sensitive data you send via
email?
• What steps would you take to secure your
computer from malware?
• What does the phrase“ safely manage your
password” mean to you?
Security Measures

1. Safely mange your password


2. Safely manage your email account
3. Secure your computer
4. Protect the data you are handling
5. Avoid risky behavior online
6. Be aware of security guidelines,
policies, and procedures
Safely manage your password

• Create and maintain a strong password


• Consider using a passphrase
• Avoid sharing your password with any one
• Avoid reusing the same password for multiple accounts
• Avoid storing your password where others can see it, or
storing it electronically in an unencrypted format (e.g. a
clear text file)
• Avoid reusing a password when changing an account
password
• Do not use automatic logon functionality
Secure your computer

• Lock your computer when not attended


• Log off or shutdown when going home
• Disconnect your computer from the wireless network when using a
wired network
• Patch and update your operating system
• Install and update your anti-virus and anti-malware with the latest
security definitions
• Create a unique user ID when sharing a computer with others
• Enable pop-up blocker on your browser
• Make an informed and rational decision prior to installing or
downloading software on your computer
• Lock your office when you leave
Protect the data you are handling - 1

• Understand the type of data stored on your machine.


• Avoid storing personally identifiable information (PII) on
local storage devices, e.g. laptop, USB, hand-held computers
- Use Identity Finder to review, remove or redact PII data
- Keep any PII data that you need for work process on a centrally
managed, secure file system.
• Pay attention to the following when you
have to email sensitive data:
- Encrypt the data
- Set password controls
- Send the document password in a
separate email
- Ensure that the recipient has a need for the
sensitive data
Protect the data you are handling - 2

• Back up your data regularly


• Be cautious when disposing data
• Segregate your personal files from your business
files
• Organize your files by project or work type
• Make sure to securely delete data from systems before
disposal when replacing or upgrading your computer.
Avoid risky behavior online

• Be wary of phishing scams


• Be cautious when handling attachments and links in
email, chatrooms or instant messages (IM)
• Avoid responding to questions via pop-up windows, or
click on links in a pop-up window
• Be cautious when using Peer to Peer File Sharing
applications.
• Be cautious when browsing the web. One spelling
mistake can direct you to undesired websites
Guidelines

• Guidelines for Appropriate Use of Administrator Access


• Guidelines for Bulk Email Distribution
• Guidelines for Copyright Violations
• Guidelines for Data Sanitization and Disposal
• Guidelines for Data Protection
• Guidelines for Mobile Device Security and Usage
• Guidelines for Password Management
• Guidelines for E-Discovery and Litigation Hold
What is Identity Theft?

Identity Theft is a crime in which an impostor


obtains key pieces of personal Identifying
Information (PII) such as Social Security
Numbers and driver’s license numbers and
uses them for their own personal gain.
How does it happen?

• Stolen wallet
- Driver license ID
- Credit cards
- Debit cards
- Bank accounts checks; last withdrawal banking statement
- Health insurance
- Auto registration and insurance card
- Frequent flyer card
• Pilfered mail
• Computer virus
• Phishing and Social Engineering
- Links to fraudulent web sites
- Email
- Phone call
- Mail
• Social Networking account
• License plate
• Health records
• Financial Data
Identity Theft related crimes include

• Check fraud
• Credit card fraud
• Financial Identity Theft
• Criminal identity theft
• Governmental identity theft
• License plate number identity theft
• Mortgage fraud
What About Everyone Else?

1. We can help keep others safe from identity


theft!

2. What happens when we don’t?


• PA Breach of Personal Information Notification Act
• What To Do If You Suspect A Breach
• ISO Breach Handling Process

3. Proper Handling of Sensitive Data – How To


Avoid Breaches
Common CMU Sources of Identity Data

• Old Class and Grade rosters


• Old Salary files
• Any Excel export file from central systems
(e.g. HRIS, SIS, etc.)
• Shadow systems (e.g. local financial aid,
admission applications, etc.)
• Research datasets
• Locally stored email
• Old backups & media
PA Breach of Personal Information Notification Act 1/2

• Effective June 20, 2006

• Triggered when computerized “Personal


Information” is compromised

• Notification must be made


“without unreasonable delay”
What To Do If You Suspect A Breach

Responding to a Compromised/Stolen Computer

Compromised - Reasonable suspicion of unauthorized interactive


access

1. Disconnect From Network


2. Do NOT Turn Off
3. Do NOT Use/Modify
4. Contact ISO & Dept Admin
5. Preserve External Backups/Logs
6. Produce Backups/Logs/Machine
ASAP For Investigation

Also report stolen computers


ISO Breach Handling Process

The ISO:
1. Confirm compromise, notifiable data, and likelihood of
data breach (stolen laptop = data breach)
2. If data breach – proceed to notification

The ISO, the organization, & General Counsel’s Office:


3. Identify population and locate current contact info via
alumni records
4. Draft & send notification letter and interface w/ law
enforcement and consumer reporting agencies as
required
5. Operate call center and respond to legal action
Proper Handling of Sensitive Data 1/5

1. Know what data is stored on your


personal computer

Run
Proper Handling of Sensitive Data 2/5

2. Delete or redact what you


don’t absolutely need.

Identity Finder for Windows (Commercial)

Tools Matrix for Windows, Mac Unix


Proper Handling of Sensitive Data 3/5

3. Don’t store it on your personal computer


especially not on your laptop or home
computer.

If you must store sensitive data, check with your


departmental computing administrator about
options to store it on a secured file server, one
with robust access control mechanisms and
encrypted transfer services.
Proper Handling of Sensitive Data 4/5

4. If you must store it on your personal


computer

A. Follow the “Securing your Computer guidelines”

B. Password protect the file if possible

C. Encrypt the file (Identity Finder’s Secure


Zip, Computing Services,PGP Desktop or
TrueCrypt)
Proper Handling of Sensitive Data 5/5

4. If you must store it on your personal computer


(cont.)
D. Only transmit via encrypted protocols (NOT Telnet, FTP, or
Windows File Shares – instead use SCP and SFTP)

E. Reformat and/or destroy your hard drive before disposal or


giving your computer to someone else Secure delete it as soon
as feasible

F. Secure your backups and media


Thank you, and stay safe!

Questions, Concerns, Feedback?

[email protected]

sobhasaria group of institutions

You might also like