Information Security Awareness Training

Size: px
Start display at page:

Download "Information Security Awareness Training"

Transcription

1 Information Security Awareness Training Various Methods and their effectiveness at New Paltz SUNY Technology Conference Lake Placid - June 2014 Paul Chauvet

2 Why the focus on training? Only amateurs attack machines; professionals target people - Bruce Schneier There is only one way to keep your product plans safe and that is by having a trained, aware, and conscientious workforce. This involves training on the policies and procedures, but also - and probably even more important - an ongoing awareness program - Kevin Mitnick

3 Why the focus on training? Targeting individuals instead of systems, can bypass some or all of your protection measures. Dollar for dollar, will have a huge benefit for security.

4 Who needs security training? Ideally, everyone - students, faculty, staff, and contractors. Realistically? Review laws, contracts, etc. for who is required to receive training (specifically PCI, GLBA, HIPAA)

5 What are the goals of the training? Getting users to understand and recognize the risks. Training users to change their instinctual responses. Making users recognize that they are at risk. Educate users as to impact to the college of a successful scam.

6 What topics should be covered? Password safety Malware Social Engineering Physical Security Security Policy Electronic & Physical security

7 Psychological Issues Fast and Slow Thinking Fast, quick judgements, relies on heuristics Slow, thoughtful, lazy Availability Heuristic Representativeness Availability Evaluation of risk Users exaggerate risks that are rare, sudden, are out of their control, or affect them personally. Users downplay risks that are common, affect others, or that are under their control.

8

9 Compliance motivation One method is via Expectancy Theory Expectancy Instrumentality Valence Make sure employees know the consequences to the college of security lapses.

10 Training methods communications Can be newsletters or specific advisories. Can easily be overwhelming when too frequent. Will be ignored by a large amount of people. If they are too long or contain too much technical jargon, they will be ignored by a larger amount of people. Posters and flyers Should be catchy while still being informative Should change frequently

11 Flyers

12 Flyers

13 Newsletter Periodic communication about security issues. Meant to communicate specific issues or to keep security issues on people s minds.

14 In-person training Initially conducted by an external security consulting firm. Transitioned to internal training the following year. Conducted annually - employees with sensitive data access such as Banner are required to attend. All other employees are strongly encouraged to attend.

15 Don t just rely on IT Take advantage of Security Evangelists outside of IT. Use their power and status to extend the reach of security messaging. Get administration support & buy-in.

16 Online Training Conducted via an external firm (Wombat Security). Training is interactive. Users cannot just click next, next, next. Users are scored on training. Topics include Security, URL Training, and Safer Web Browsing.

17 Online Training Required & Recommended groups. Compliance Rates ~ 60% Passing score required to be compliant.

18 Online Training Per-user reports Can be used to review users who have fallen for (or are suspected of falling for) phishing scams. Users who fall for phishing scams (and malware) are much more likely to have not taken the training. Not taking the training changes our response postmalware/phishing Most missed report Shows questions users have problems with. Helps adjust messaging to emphasize certain issues for all users (not just those included in the training).

19 Phishing Simulations We phish our own users. Done through an external service. Can use actual scam s (with modified links to a site we control). Can also use custom s/spear phishing. Victims who submit data are brought to a training page. When users fall for it, it breaks them out of the immunity fallacy. Works through altering the Availability Heuristic. Some users will be confused.

20 Phishing Simulations

21 Phishing Simulations

22 Phishing Simulations

23 Phishing responses Try to be patient with the users. Security is not their job. Don t allow the training to be ignored completely though. When someone ignores the training and is a repeat offender, their supervisor is notified.

24 Training results Significant drop in number of phishing victims Average phishing victims per month was 4-5. Number of victims year-to-date (2014) is now 4. Large increase in users reporting suspicious s. Significant decrease in submit rate for our phishing simulations. Generally positive reactions from faculty and staff. Some negative/apathetic reactions. Compliance rate is higher among non-teaching faculty & staff.

25 Remaining challenges Keeping users vigilant and avoiding complacency Training needs to stay relevant and fresh Reducing training costs Reducing per-user costs to include more users Creating in-house (or in-suny?) training Including students in active training methods Including students in training Secure programming/coding training Effectiveness of more sophisticated methods still is an issue (spear phishing, other social engineering methods)

26

27 Resources Psychology & Information Security course at Albany (Dr. Kevin Williams) Bruce Schneier - Psychology of Security protect.iu.edu (Indiana University) Stop, Think, Connect (stopthinkconnect.org) Internet 2 Cyber Security Awareness Resource Library (https://wiki.internet2. edu/confluence/display/itsg2/cybersecurity+awareness+re source+library)

28 Questions? Comments?

29 Evaluation site:

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Improve Phishing Knowledge and Reduce Susceptibility to Attack Do you already have some form of

More information

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building

More information

Global Manufacturing Company Reduces Malware Infections by 46%

Global Manufacturing Company Reduces Malware Infections by 46% Global Manufacturing Company Reduces Malware Infections by 46% Wombat s Security Education Platform is changing behaviors, reducing infections, and lowering remediation costs The Challenge A large international

More information

How to Spot and Combat a Phishing Attack Webinar

How to Spot and Combat a Phishing Attack Webinar How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com Agenda 1) National Cyber Security

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda 5 Reasons Your Program isn t Working 10 Learning Science Principles Continuous Training

More information

Global Construction and Engineering Services Company Lowers Malware Infections by 42%

Global Construction and Engineering Services Company Lowers Malware Infections by 42% Global Construction and Engineering Services Company Lowers Malware Infections by 42% Wombat helps organization reduce susceptibility to cyber security attacks, saving hundreds of hours in remediation

More information

SANS Securing The Human

SANS Securing The Human SANS Securing The Human Introduction Most organizations have invested in security technology to protect their information, putting in place solutions such as firewalls, encryption or IDS sensors. However,

More information

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS SIMULATED ATTACKS Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru Technical safeguards like firewalls, antivirus software, and email filters are critical for defending your infrastructure,

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Cyber Security: What you need to know to protect your business. February 2014

Cyber Security: What you need to know to protect your business. February 2014 Cyber Security: What you need to know to protect your business February 2014 Presented by: Jon Zayicek Vice President Sera-Brynn Topics: The landscape is changing What are the threats? How to protect your

More information

Is security awareness a waste of time?

Is security awareness a waste of time? Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda Importance of Secure End User Behavior 5 Reasons Your Program isn t Working 10 Learning

More information

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves

More information

Training Employees to Recognise & Avoid Advanced Threats

Training Employees to Recognise & Avoid Advanced Threats Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

National Cybersecurity Awareness Campaign Families Presentation

National Cybersecurity Awareness Campaign Families Presentation National Cybersecurity Awareness Campaign Families Presentation About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security

More information

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Addressing Big Data Security Challenges: The Right Tools for Smart Protection Addressing Big Data Security Challenges: The Right Tools for Smart Protection Trend Micro, Incorporated A Trend Micro White Paper September 2012 EXECUTIVE SUMMARY Managing big data and navigating today

More information

Deception scams drive increase in financial fraud

Deception scams drive increase in financial fraud ADDRESS 2 Thomas More Square London E1W 1YN WEBSITE www.financialfraudaction.org.uk DIRECT LINE 020 3217 8436 NEWS RELEASE EMAIL press@ukcards-ffauk.org.uk Deception scams drive increase in financial fraud

More information

Credit card acceptance and software security: Vetting your provider. Jude Augusta and Dan Rowe

Credit card acceptance and software security: Vetting your provider. Jude Augusta and Dan Rowe Credit card acceptance and software security: Vetting your provider Jude Augusta and Dan Rowe The threat to small business is real Nat l Cyber Crime Alliance Of small businesses are victims of cybercrime

More information

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE: WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if

More information

User Documentation Web Traffic Security. University of Stavanger

User Documentation Web Traffic Security. University of Stavanger User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

Cyber Crime: You Are the Target

Cyber Crime: You Are the Target Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.

More information

WHITE PAPER The Five Step Guide to Better Social Media Security

WHITE PAPER The Five Step Guide to Better Social Media Security WHITE PAPER The Five Step Guide to Better Social Media Security A Hootsuite White Paper The Five Step Guide to Better Social Media Security A Hootsuite White Paper In 2013, not a single month went by without

More information

Phishing Response Plan

Phishing Response Plan Phishing Response Plan With the increasing threat and incidence of phishing occurring at banks and credit unions across the United States, we highly recommend that your credit union consider taking the

More information

Phishing Scams Security Update Best Practices for General User

Phishing Scams Security Update Best Practices for General User Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

The State of K-12 Cyberethics, Cybersafety and Cybersecurity Curriculum in the United States

The State of K-12 Cyberethics, Cybersafety and Cybersecurity Curriculum in the United States The State of K-12 Cyberethics, Cybersafety and Cybersecurity Curriculum in the United States National Cyber Security Alliance Microsoft Corporation Zogby/463 May 2011 Methodology Zogby/463 surveyed a statistically

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

F-Secure Anti-Virus for Mac 2015

F-Secure Anti-Virus for Mac 2015 F-Secure Anti-Virus for Mac 2015 TOC F-Secure Anti-Virus for Mac 2015 Contents Chapter 1: Getting started...3 1.1 Manage subscription...4 1.2 How to make sure that my computer is protected...4 1.2.1 Protection

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

F-Secure Anti-Virus for Mac. User's Guide

F-Secure Anti-Virus for Mac. User's Guide F-Secure Anti-Virus for Mac User's Guide F-Secure Anti-Virus for Mac TOC 3 Contents Chapter 1: Getting started...5 What to do after installation...6 Manage subscription...6 Open the product...6 How to

More information

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required

More information

STOP.THINK.CONNECT A NATIONAL CYBERSECURITY AWARENESS CAMPAIGN OLDER AMERICANS PRESENTATION

STOP.THINK.CONNECT A NATIONAL CYBERSECURITY AWARENESS CAMPAIGN OLDER AMERICANS PRESENTATION STOP.THINK.CONNECT A NATIONAL CYBERSECURITY AWARENESS CAMPAIGN OLDER AMERICANS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department

More information

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security

Hot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any

More information

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY FRAUD ALERT THESE SCAMS CAN COST YOU MONEY Phishing spear phishing vishing smishing debit card skimming fake check scams THE COMMON SENSE PRECAUTIONS INSIDE CAN KEEP YOU SAFE! SCHEMES SCAMS FRAUDS Criminals

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF

More information

State of the Phish 2015

State of the Phish 2015 Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though

More information

Anti-Phishing Best Practices:

Anti-Phishing Best Practices: Anti-Phishing Best Practices: Keys to Aggressively and Effectively Protecting Your Organization from Phishing Attacks Prepared by James Brooks, Senior Product Manager Cyveillance, Inc. Overview Phishing

More information

ANNUAL SECURITY RESPONSIBILITY REVIEW

ANNUAL SECURITY RESPONSIBILITY REVIEW ANNUAL SECURITY RESPONSIBILITY REVIEW For Faculty and Staff Who Use Computers Minimally in their work May 2012 Training Topics What is Information Security? Review Security Vulnerabilities Phishing email

More information

Deploying Continuous and Measurable Security Education for Employees. Security awareness and training methodology and best practices

Deploying Continuous and Measurable Security Education for Employees. Security awareness and training methodology and best practices Deploying Continuous and Measurable Security Education for Employees Security awareness and training methodology and best practices June 2015 Executive Summary Knowing that end users are the last line

More information

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and

More information

What to Do When Hacktivists Target Your Health System

What to Do When Hacktivists Target Your Health System What to Do When Hacktivists Target Your Health System A Complimentary Webinar From healthsystemcio.com Sponsored by Proofpoint Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Housekeeping

More information

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc.

Information Security. Annual Education 2014. Information Security. 2014 Mission Health System, Inc. Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information

More information

Connect Smart for Business SME TOOLKIT

Connect Smart for Business SME TOOLKIT Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2 FAQ WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2 WHAT IS UPTIME AND SPEED MONITORING 2 WHEN I TRY TO SELECT A SERVICE FROM

More information

Phishing Attacks Methodology and Response GridSecCon 2012

Phishing Attacks Methodology and Response GridSecCon 2012 Phishing Attacks Methodology and Response Agenda Survey Questions Spear Phishing Current State Case Study - Methodology Countermeasures And Lessons Learned Question 1 If you had to guess, what percentage

More information

2016 Cyber Security Calendar. Neela, Grade 4 State of Delaware

2016 Cyber Security Calendar. Neela, Grade 4 State of Delaware 2016 Cyber Security Calendar Neela, Grade 4 State of Delaware Alexa, Grade 9 State of New Jersey January 2016 Sunday Monday Tuesday Wednesday Thursday Friday Saturday The New Year is here! Did you get

More information

Is There Such a Thing as Internet Privacy?

Is There Such a Thing as Internet Privacy? Is There Such a Thing as Internet Privacy? April 13, 2015 Danielle Graff & Kristél Kriel Western Canada s Law Firm Click Agenda to edit Master title style What is Internet Privacy? Why does it matter?

More information

Importance: From: Anthem, Inc. Communications Sent: Thursday, February 26, 2015 4:40 PM Subject: Important message from Anthem, Inc.

Importance: From: Anthem, Inc. Communications Sent: Thursday, February 26, 2015 4:40 PM Subject: Important message from Anthem, Inc. Importance: High From: Anthem, Inc. Communications Sent: Thursday, February 26, 2015 4:40 PM Subject: Important message from Anthem, Inc. An important message from Anthem, Inc. To Members: On January 29,

More information

Cyber Security. Maintaining Your Identity on the Net

Cyber Security. Maintaining Your Identity on the Net Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD

More information

HIPAA Information Security Training (v1.0 10/15/12)

HIPAA Information Security Training (v1.0 10/15/12) The HIPAA Information Security Training (formerly Information Security Online Training) is an online training test that is required by all DJJ Staff. DJJ Staff include all DJJ Employees, Non-DJJ Employees,

More information

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more

More information

Understanding Layered Security and Defense in Depth

Understanding Layered Security and Defense in Depth Understanding Layered Security and Defense in Depth Introduction Cybercriminals are becoming far more sophisticated as technology evolves. Well-publicized security breaches of major corporations are capturing

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs. PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

What Is BYOD? Challenges and Opportunities

What Is BYOD? Challenges and Opportunities Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device

More information

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE SMALL BUSINESS IT SECURITY PRACTICAL GUIDE How to make sure your business has comprehensive IT security protection #protectmybiz Small businesses come in all shapes and sizes. But in today s world, no

More information

Defensive Training for Social Engineering

Defensive Training for Social Engineering FISSEA 2009 22nd Annual Conference Defensive Training for Social Engineering Stacey Banks, CISSP, CCO, CSM Background Oxford Federal, LLC Information security solutions and services company providing certification

More information

Deploying Continuous and Measurable Security Education for Employees. Security awareness and training methodology and best practices

Deploying Continuous and Measurable Security Education for Employees. Security awareness and training methodology and best practices Deploying Continuous and Measurable Security Education for Employees Security awareness and training methodology and best practices February 2015 Executive Summary Knowing that end users are the last line

More information

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University Dissecting the Recent Cyber Security Breaches Yu Cai School of Technology Michigan Technological University Disclaimers Most information in this presentation was collected from various sources on the Internet.

More information

A B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION

A B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION A Framework to Mitigate the Social Engineering Threat to Information Security Rakesh Kumar*, Dr Hardeep Singh. Khalsa college for women, Amritsar, Guru Nanak Dev University, Amritsar rakeshmaster1980@rediffmail.com*,

More information

Developing a mobile-first strategy across your campus

Developing a mobile-first strategy across your campus Developing a mobile-first strategy across your campus Today s evolving mobile technologies, coupled with students who often carry and use multiple mobile devices, calls for a flexible, affordable mobile

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

McAfee Phishing Quiz. Partner Enablement Guide

McAfee Phishing Quiz. Partner Enablement Guide McAfee Phishing Quiz Partner Enablement Guide Use the Phishing Quiz to educate your own organization, prospects, and existing customers about phishing and how McAfee security solutions can help. This guide

More information

SK International Journal of Multidisciplinary Research Hub

SK International Journal of Multidisciplinary Research Hub ISSN: 2394 3122 (Online) Volume 2, Issue 9, September 2015 Journal for all Subjects Research Article / Survey Paper / Case Study Published By: SK Publisher (www.skpublisher.com) Novel Method to Protect

More information

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Estimated time: 45 minutes Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives Overview: Students learn strategies for guarding against

More information

Advanced Security Methods for efraud and Messaging

Advanced Security Methods for efraud and Messaging Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,

More information

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised

More information

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database 3 Email Marketing Security Risks How to combat the threats to the security of your Email Marketing Database Email Marketing Guide June 2013 Security Threats PROTECTING YOUR EMAIL DATABASE FROM HACKERS

More information

Information Security Field Guide to Identifying Phishing and Scams

Information Security Field Guide to Identifying Phishing and Scams Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting

More information

Advanced Biometric Technology

Advanced Biometric Technology INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional

More information

An Investigation into the Human/Computer Interface from a Security Perspective. Daniel J. Cross. A Proposal Submitted to the Honors Council

An Investigation into the Human/Computer Interface from a Security Perspective. Daniel J. Cross. A Proposal Submitted to the Honors Council An Investigation into the Human/Computer Interface from a Security Perspective by Daniel J. Cross A Proposal Submitted to the Honors Council For Honors in Computer Science and Engineering 15 October, 2004

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Monitoring mobile communication network, how does it work? How to prevent such thing about that? Monitoring mobile communication network, how does it work? How to prevent such thing about that? 潘 維 亞 周 明 哲 劉 子 揚 (P78017058) (P48027049) (N96011156) 1 Contents How mobile communications work Why monitoring?

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

RC284. Protect Yourself Against Identity Theft

RC284. Protect Yourself Against Identity Theft RC284 Protect Yourself Against Identity Theft Identity theft the unauthorized use of your information by third parties involves the collection and use of personal information such as your name, date of

More information

Phishing Past, Present and Future

Phishing Past, Present and Future White Paper Phishing Past, Present and Future By Theodore Green, President, SpamStopsHere.com Abstract A particularly dangerous and now common type of spam known as "Phishing attempts to trick recipients

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Emerging risks for internet users

Emerging risks for internet users Sabeena Oberoi Assistant Secretary, Cyber Security and Asia Pacific Branch Department of Broadband, Communications and the Digital Economy Government s role - DBCDE The new Australian Government Cyber

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Achieving Information Security

Achieving Information Security Achieving Information Security Beyond penetration testing and frameworks ISACA Athens Conference 25 November, 2014. All good information security presentations start with a Bruce Schneier quote - Not Bruce

More information

UW-Madison. Tips to Avoid Phishing Scams

UW-Madison. Tips to Avoid Phishing Scams UW-Madison Tips to Avoid Phishing Scams What is phishing? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information

Recurrent Patterns Detection Technology. White Paper

Recurrent Patterns Detection Technology. White Paper SeCure your Network Recurrent Patterns Detection Technology White Paper January, 2007 Powered by RPD Technology Network Based Protection against Email-Borne Threats Spam, Phishing and email-borne Malware

More information

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks WHITE PAPER The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks A Cyveillance Report October 2008 EXECUTIVE SUMMARY How much do phishing attacks really cost organizations?

More information

FISSEA Security Awareness, Training, and Education. Contest. Gretchen Morris March 2015

FISSEA Security Awareness, Training, and Education. Contest. Gretchen Morris March 2015 FISSEA Security Awareness, Training, and Education Contest Gretchen Morris March 2015 Contest Categories Website Motivational Item Poster Newsletter Training Judges Not affiliated with any of the groups

More information

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we

More information