The Psychology. Behind Security. By Greg Sternberg ISSA member, Denver, USA Chapter

Size: px
Start display at page:

Download "The Psychology. Behind Security. By Greg Sternberg ISSA member, Denver, USA Chapter"

Transcription

1 ISSA Preeminent Trusted Global Information Security Community The Psychology Behind Security By Greg Sternberg ISSA member, Denver, USA Chapter Information security often overlooks what motivates people. Psychology can help us understand how best to work with our users to improve security. Abstract Information security often overlooks what motivates people. Everything people do is for a reason we may not agree with the reason, or even fully realize it, but the reason exists. The fact is we have to contend with thousands of years of instinct and basic human nature. Psychology can help us understand how best to work with our users to improve security. Quick question: How many of your users use good passwords? According to the analysis done by Imperva on the 32 million passwords 1 that were exposed in a recent database intrusion at RockYou Inc., the answer is probably not enough. Imperva discovered that about 30% of the passwords were six characters or smaller, while 60% were passwords created from a limited set of alphanumeric characters. Nearly 50% were easily guessable names, common slang words, adjacent keyboard keys, and consecutive digits. In fact, the most common password was , followed by and Rounding out the top five were the passwords password and iloveyou. I propose, for the most part, these users did not consider their passwords to be risky or unsafe. And even for those users who might have had momentary qualms about their password selection, they were willing to accept the risks posed by their 1 Jaikumar Vijayan, Users still make hacking easy with weak passwords, Computer World, January 21, still_make_hacking_easy_with_weak_passwords. weak passwords. As Bruce Schneier put it, Security is both a feeling and a reality. And they re not the same. 2 So what makes us feel secure? Actually a better question is: Where does convenience of use cross the line of risk we are willing to accept? The most secure computer system is one encased in five feet of concrete, powered off, disconnected, and at the bottom of the ocean, but that is not a very useful computer system (or very convenient). How the brain assesses risk Deciding where to draw the line between convenience and security is something we do constantly, whether deciding what route to take to get to the office or whether to allow our teenager to drive to the movies alone. In fact, our brains have two different systems which assess risk; the amygdala which handles the processing of immediate risk and the neocortex which handles the processing of future risks. The brain is a beautifully engineered get-out-ofthe-way machine that constantly scans the environment for things out of whose way it should right now get. That s what brains did for several hundred million years and then, just a few million years ago, the mammalian brain learned a new trick: to predict the timing and location of dangers before they actually happened. 2 Bruce Schneier, The Psychology of Security, January 21, com/essay-155.html. 12 All Web and links can be clicked to visit the URL, retrieve a resource, view an online article, or send an to the author.

2 Our ability to duck that which is not yet coming is one of the brain s most stunning innovations, and we wouldn t have dental floss or 401(k) plans without it. But this innovation is in the early stages of development. The application that allows us to respond to visible baseballs is ancient and reliable, but the add-on utility that allows us to respond to threats that loom in an unseen future is still in beta testing. Daniel Gilbert 3 Information and sensory input is sent to both the amygdala and the neocortex. The amygdala does a quick scan of a small portion of the input and rapidly comes to a conclusion based on instinct and previous history. It gathers any emotional context which might have been previously experienced and sends the entire data packet to the neocortex. It also prepares the body for a response if it feels the input represented a threat. The neocortex, on the other hand, looks everything over in a logical manner and takes a correspondingly longer time to draw a conclusion. This delay, could result in the amygdala s conclusion overriding the neocortex. 4 It is this override mechanism which makes us jump at loud sounds or feel uncomfortable walking down dark alleyways. Both the amygdala and neocortex need data before they can evaluate the situation. This data must be accurate and timely or our risk evaluation results may be flawed. Both the amygdala and the neocortex reference past events in coming to their conclusions, but it is the amygdala which references the emotional context and the neocortex which references abstract concepts like how reliable the data is or how reasonable the initial response is. 5 Unfortunately we are flooded with so much information (some 3.6 zettabytes 6 worth in ) from a host of sources such as TV, radio, Internet, newspapers, books, blogs, Twitter, movies, Facebook, other people, etc., that we have trouble remembering where we heard a particular piece of information and how reputable the source was. Fully and completely processing the information we receive is beyond the capabilities of either the amygdala or the neocortex, so we have developed mental short-cuts, called heuristics, to keep up. These heuristics are our way of handling the immensely complex world we live in. In fact, we use these heuristics without even realizing it. For example, count the number of Fs in the following text: Finished files are the result of years of scientific study combined with the experience of years. 3 Daniel Gilbert, If Only Gay Sex Caused Global Warming, Los Angeles Times, July 2, Daniel Kahnemann, A Perspective on Judgment and Choice, 2003, American Psychologist. 5 Amos Tversky and Daniel Kahneman, Judgement under Uncertainty: Heuristics and Biases, Science, zettabyte = 1 billion terabytes. 7 Doug Ramsey, How Much Information Americans Consume, UC San Diego News, If you are like most people, you answered 3 but there are actually six. Or to use the example in Don Norman s essay Being Analog : How many animals of each type did Moses take on the Ark? Most people would say two but the actual answer is none. Moses did not take animals into the ark, Noah did. This mental adjustment happens because our brains are wired to notice big differences like day vs. night or bears vs. blueberries since it is important we notice those our lives might depend on it. However, if the difference is subtle (i.e., Moses and Noah are both biblical) we may miss the difference entirely. When these heuristics and biases are accurate, they are incredibly useful. After all, it really does not matter how many Fs are in the sentence, since being close is usually good enough and much faster to determine. It also does not matter that Moses was used in the question above, since most of us mentally substitute Noah and in most situations that is the question that was really being asked. The ISSA Store Is Open Order Your ISSA Shirt Today Stand out at your next chapter or regional event by wearing the navy blue polo shirt featuring the embroidered ISSA logo. The stainless steel Thermos makes a statement and is the perfect beverage companion. Each tumbler holds 16 oz. of your favorite beverage. Our logoed pens with fraudresistant ink are a popular choice. Paired the fraud-resistant pen and ISSA notepad make for the perfect chapter or industry event door prize/giveaway, thank you gift for speakers, welcome gift for new members, or to express appreciation to volunteers. To find out more about purchasing these or other ISSA promot i o n a l products, contact Dana Paulino, , U.S. tollfree; , international; extension All Web and links can be clicked to visit the URL, retrieve a resource, view an online article, or send an to the author. 13

3 When these heuristics and biases are inaccurate or based on faulty information, we make dangerous or invalid risk assessments such as hiding under a tree or thinking lightning does not strike the same place twice. 8 While we use many heuristics and biases in our daily lives, the following ones have a direct relation to how secure we feel. Risking gains and accepting losses When it comes to evaluating gains or losses, people have a built-in heuristic against risking gains or accepting losses. Called the Prospect Theory, this is best demonstrated by an experiment 9 put together by Daniel Kahneman and Amos Tversky in which they gave one group the following gainrelated alternatives: Alternative A: A sure gain of $500 Alternative B: A 50% chance of gaining $1,000 and another group loss-related alternatives: Alternative C: A sure loss of $500 Alternative D: A 50% chance of losing $1,000 The results of the experiment were 84% chose the sure gain of A over the risky gain of B, but when faced with loss only 30% chose the sure loss of C over the risky loss of D. This translates into our users being more likely to risk a larger security loss (i.e. a break-in) then accept the certainty of a small security loss (i.e. forgetting a password). Especially when one considers that a break-in will likely have little direct affect on the user but forgetting a password certainly will and has the emotional context of embarrassment. It won t happen to me While this heuristic enables us to strive in the face of adversity or continue when others have failed, it also is the cause of much frustration for security personal. The optimistic bias is best described as...the demonstrated systematic tendency for people to be over-optimistic about the outcome of planned actions. This includes over-estimating the likelihood of positive events and under-estimating the likelihood of negative events. 10 And the more control we have over an event the more optimistic we tend to be - i.e. I would not let it happen that way. Research suggests this bias is largely due to people overestimating how skilled they are relative to other people. 11 The most interesting effects of this bias are that: individuals who had the least experience rated themselves to be far more capable then they actually were 8 wikihow Caught-Unawares. 9 Daniel Kahneman and Amos Tversky, Prospect Theory: An Analysis of Decision Under Risk, Econometrica, Wikipedia 11 David Dunning and Justin Kruger, Unskilled and Unaware of It: How Difficulties in Recognizing One s Own Incompetence Lead to Inflated Self-Assessments, Journal of Personality and Social Psychology, PaperDownload.aspx?paperID=883&fileName=Psych _ pdf. individuals who had the most experience rated themselves to be slightly less capable then they actually were Or as one researcher put it, The more you know the less you think you know. This heuristic goes a long way in explaining why our most naive users feel safer than those of us who have decades of experience on our side. The trust factor People instinctively trust other people. 12 We trust people to follow the rules of the road when we drive; we trust people to take care of our children; we trust taxi drivers to take us to our destination in a strange city. Colman described some fundamental components of trust which have direct correlations to security: Placement of trust allows actions which are otherwise not possible The vast majority of people turn their computers on with the expectation their computers will just work and have very little idea or care how they work. 2. If the person being trusted is trustworthy, then the person doing the trusting is better off; conversely if the person being trusted is untrustworthy, then the person doing the trusting is worse off Our users trust the sites they visit and the programs they run. When they work, we are better off; but when they do something unexpected or undesired, then we are worse off especially if our identity is compromised. 3. Trust is an action involving the voluntary placement of resources at the disposal of the person being trusted with no real commitment from the trustee As we know, allowing webpages to install programs requires a significant amount of trust not only of the webpage but in the software being installed, the connection between computers, the writers of the webpage, etc. Our users, however, only see a popup that they click on so it will go away. Small change blindness As long as the changes in our environment occur slowly, we adapt and are unlikely to detect the change. Eventually, if the change is cumulative, like the number of minutes the sun is up from day to day, we will notice, but it may be weeks or months before the accumulation of changes is great enough. 14 Sitting in front of a computer we are blissfully unaware of what is happening behind the curtains. We notice when someone breaks into our house because the damage and/or missing property is visible. We are unlikely to notice when 12 Niklas Luhmann, Trust: A Mechanism For the Reduction of Social Complexity, Trust and Power: Two Works by Niklas Luhmann, New York. John Wiley & Sons, James Coleman, Foundations of Social Theory, Belknap Press, Cambridge, MA, Ronald Rensink, J. Kevin O Regan, and James Clark, To See or Not To See, Psychological Science, download/psychsci97-rr.pdf. 14 All Web and links can be clicked to visit the URL, retrieve a resource, view an online article, or send an to the author.

4 Finally, unified content security. Visit websense.com to learn more.

5 someone breaks into our computer because the damage is invisible 15 (unless you know exactly how and where to look) and nothing is missing our data is still there. In fact, unless something noticeable happens, usually outside the realm of the computer, like money being siphoned out of our bank account, our system could remain infected for years. 16 What this means In the general IT industry there is the misconception that end users are dumb and all the training in the world will not help them. This mind set is prevalent even in the information security field, hence decals and T-shirts which say Social Engineering Specialist: Because There Are No Patches For Human Stupidity. If, however, we view their decisions (right or wrong) in the light of psychology, we begin to realize why they made those decisions, and even better, how we might affect a change in those decisions. We know there is no magic potion to keep users from clicking on unknown attachments or smart pills for recognizing phishing scams, but it is our job to develop the tools of awareness, training, and education 17 which our users need to make our jobs easier. Awareness To some, security is the use of a username and password and a vague impression of a group that makes it difficult to get things done. We need to raise the awareness of both the board and our users by evangelizing security. This evangelism needs to be in the spirit of security can help you and not in the spirit of repent sinner for it to be successful. From NIST publication 800: Awareness is not training. Security awareness is a blended solution of activities that promote security, establish accountability, and inform the workforce of security news. Awareness seeks to focus an individual s attention on an issue or a set of issues. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize information security concerns and respond accordingly. 18 NIST goes even further in SP 800, suggesting some activities to raise the awareness of security: Host an information security day Conduct briefings on current issues, like the dangers of social networking Distribute promotional items with motivational slogans (think coffee mugs, mouse pads) 15 Jeffrey Carr, Under attack from invisible enemies, The Independent, Kelly Higgins, The World s Biggest Botnets, DarkReading, darkreading.com/security/management/showarticle.jhtml?articleid= I don t know what it is about triads in security but there certainly are a lot of them. 18 NIST Special Publication , Information Security Training Requirements: A Role- and Performance-Based Model, Section Provide login banners serving as security reminders Show awareness videos (Computer Security Awareness Poster & Video Contest 2009) Distribute posters and flyers Whatever approach chosen, it is important to make it a regular event and not be repetitive in form but repetitive in message. A bored audience will remember little other than boredom; an interested and engaged audience will remember the message. Training It is important for our users to develop the skills necessary to be secure. In most companies security has to place a particular level of trust in their users (i.e., security cannot be everywhere at once). You have to trust users to adhere to security policies, use secure coding practices, take appropriate precautions when around secret or classified hardware and software, etc. This requires an understanding of how secure the systems need to be, what materials and processes will be needed to bring the users up to the appropriate level of secure, and what materials and processes will be needed to keep them there. Processes within security need to be implemented to ensure this training is appropriate, accurate, frequent, and up-to-date. Training which is not relevant or empowering to the user will be ignored at best and subverted at worst. Education Chris Christensen describes ten essential principles which can be used to teach adults in How Do People Learn? 19 Four of them are discussed below: Education is only one part of a behavior change program For education to be effective it must be reiterated on a regular basis and reinforced by other things such as an awareness program, visual reminders, or even included in quarterly performance goals. Apply learning immediately Learning is highly dependent on reinforcement. Reinforcement can come in the form of repetition or practice. For example, we remember that two plus two equals four because we have heard it so many times. Reinforcement can also occur via an emotional context. For example, people remember where they were when they heard about the World Trade Center because of the highly emotional context surrounding that event. Education must improve the business Sometimes in security we fail to understand the risks our users face. We see our users not following proper security procedures and assume the user does not understand the risks. To a user the biggest risk is not a security breach; rather it is 19 Chris Christensen, How Do People Learn? library/howdopeoplelearn.pdf. 16 All Web and links can be clicked to visit the URL, retrieve a resource, view an online article, or send an to the author.

6 not getting his job done. Almost all users, when faced with the risk of not doing their job or not following a security policy, will opt to not follow the security policy, especially if the penalties are not very severe. However, if the business sees security as a vital component, then users will be far more inclined to follow the security policy since it is a natural component of their jobs. Education must entertain As previously mentioned, emotional context is a key to learning. While either a positive or negative reinforcement can be used, researchers have found positive reinforcement results in lasting behavioral modification, whereas punishment only temporarily changes behavior. 20 Conclusion We all have commiserated with our colleagues about the seemly unbelievable risks our users have taken and still take. We express disbelief when people hold open secured doors for their colleagues (or total strangers) and circumvent the million dollar card-access system we fought so hard to have installed. Feeling frustrated by the very people we are trying to protect, we begin to rely on expensive technology, impossible to enforce policies, or over-zealous watch-dogging. We need to step back and consider the why behind what people do or do not do. Everything people do is for a reason. We may not agree with the reason, or even fully realize it, but the reason exists. We need to understand that while our policies and procedures are intended to keep the company safe, they may be, and likely are, viewed as impediments by the very people we are trying to protect. 21 The fact is we have to contend with thousands of years of instinct and basic human nature. 20 B. F. Skinner, Walden Two, Macmillan, Toronto, Larry Greenemeier, The Threat Within: Employees Pose The Biggest Security Risk, Information Week, showarticle.jhtml?articleid= As technologists, we often overlook what motivates people; we focus only on the symptoms. The research into human psychology and motivation has much to teach us about our users and their reactions. Improving security involves changing beliefs, attitudes, and behavior, both of individuals and of groups. Psychology can help us understand how best to work with our users to achieve the goal of improving security: Understanding how people think helps us understand how to craft training Knowing why people think helps us overcome improper ingrained (or instinctual) reactions Looking from the user s point of view and being aware of what motivates him shows us how to persuade and change attitudes Understanding how groups think helps us enhance our security procedures by protecting users from social pressures which might encourage risky behavior In short, we in security must understand why our users make the decisions they do and how we need to influence our users so they buy into security. To paraphrase a cliche: If you make a user secure; you are safe for today. If you convince a user to be secure; you are safe for a lifetime. About the Author My name is Greg Sternberg and at some point I have worked in every aspect of software engineering for almost three decades. My involvement in security started on the wrong side very early in my career, but I soon moved into the light. Since then I have worked on integrating security into the development life cycle, secure coding practices, compliance, and security architecture. I currently hold a CISSP and am TOGAF-certified. I can be reached at Advanced Persistent Threat: Sacramento Valley February Meeting Now on Connect Kevin Spease In February, David Blackburn of the Sacramento Valley Chapter recorded a presentation by Greg Hoglund, which has been posted in ISSA Connect so that all ISSA members might share. Presentation Overview: The term Advanced Persistent Threat (APT) has been used to describe high profile incidents such as the one reported by Google earlier this year. The primary means for data theft are malware programs that infect computers in your Enterprise. Malware has always had the ability to steal data, and malware has always been operated by real humans. The true threat is not the malware itself, but the human behind the malware. This is why existing security products cannot stop the attacks - the attacker is always evolving. By examining the malware attacks in your enterprise, you can gain insight into the intent of the attacker, and also his methods and capabilities. Technical analysis of malware will reveal actionable intelligence that can be used immediately to detect additional infections, update perimeter security devices, and shutdown data egress points. This information is critical for mitigating risk. All Web and links can be clicked to visit the URL, retrieve a resource, view an online article, or send an to the author. 17

Reputation Management for Local Businesses: Protect Your Image

Reputation Management for Local Businesses: Protect Your Image By: James Iannelli RI Reputation Management www.reputationmanagementri.com (401) 316-2931 1 Introduction As a business owner, you already know that managing a business is a LOT of work; from keeping the

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey.

How to Deploy the Survey Below are some ideas and elements to consider when deploying this survey. SECURITY AWARENESS SURVEY Is a survey necessary A survey will give you insight into information security awareness within your company. The industry has increasingly realized that people are at least as

More information

Pinterest has to be one of my favourite Social Media platforms and I m not alone!

Pinterest has to be one of my favourite Social Media platforms and I m not alone! Pinterest has to be one of my favourite Social Media platforms and I m not alone! With 79.3 million users, 50 billion pins and 1 billion boards it is host to an enormous amount of content. But many of

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

INTRODUCTION TO PENETRATION TESTING

INTRODUCTION TO PENETRATION TESTING 82-02-67 DATA SECURITY MANAGEMENT INTRODUCTION TO PENETRATION TESTING Stephen Fried INSIDE What is Penetration Testing? Terminology; Why Test? Types of Penetration Testing; What Allows Penetration Testing

More information

Open an attachment and bring down your network?

Open an attachment and bring down your network? Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak

More information

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Protect Yourself. Who is asking? What information are they asking for? Why do they need it? Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary

More information

Cyber Crime: You Are the Target

Cyber Crime: You Are the Target Cyber Crime: You Are the Target When talking about computer crime, we often hear the observation from computer users that they aren t rich and therefore what they have isn t worth much to a cyber criminal.

More information

7 Biggest Mistakes in Web Design 1

7 Biggest Mistakes in Web Design 1 7 Biggest Mistakes in Web Design 1 7 Biggest Mistakes in Web Design 2 Written by Senka Pupacic This is not a free e-book! Printing out more than one copy - or distributing it electronically is prohibited

More information

Optimizing Network Vulnerability

Optimizing Network Vulnerability SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965

More information

Website Security: What do I need to know? What do I need to do?

Website Security: What do I need to know? What do I need to do? Website Security: What do I need to know? What do I need to do? This document describes some of the emerging security issues for and threats to websites as well as some of the options to address them.

More information

Security Awareness for Social Media in Business. Scott Wright

Security Awareness for Social Media in Business. Scott Wright Security Awareness for Social Media in Business Scott Wright Security Perspectives Inc COUNTERMEASURE 2012 10/29/2012 Copyright 2012. Security Perspectives Inc. 1 10/29/2012 Copyright 2012. Security Perspectives

More information

CYBER SECURITY THREAT REPORT Q1

CYBER SECURITY THREAT REPORT Q1 CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

I m Graydon Trusler and I ve been doing all the Marketing for my wife s divorce law firm in Austin for 8 years or so.

I m Graydon Trusler and I ve been doing all the Marketing for my wife s divorce law firm in Austin for 8 years or so. I m Graydon Trusler and I ve been doing all the Marketing for my wife s divorce law firm in Austin for 8 years or so. I m going to take the same approach with you that I have with our marketing aimed at

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Internet Safety Guide for Parents

Internet Safety Guide for Parents Internet Safety Guide for Parents How to Talk to Your Kids about Staying Safe Online Presented by Keith Dunn http://www.kdcop.com Page 1 Now I know each and every single one of you is extremely busy. Both

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Class 3: Identify Tricks and Scams Online

Class 3: Identify Tricks and Scams Online Class 3: Identify Tricks and Scams Online Identify Tricks and Scams Online Instructor s Overview DESCRIPTION: In this lesson, students will learn how to avoid online tricks and scams, and learn best practices

More information

COMEAU WEB COPY. by Brett Comeau. Comeau Web Copy. lead marketing. e: BrettC@comeauwebcopy.com o: 1(888) 454-4907 c: 1(310) 913-5323

COMEAU WEB COPY. by Brett Comeau. Comeau Web Copy. lead marketing. e: BrettC@comeauwebcopy.com o: 1(888) 454-4907 c: 1(310) 913-5323 8 Effective Techniques of Direct Response Marketing by Brett Comeau Comeau Web Copy writing and editing lead marketing global messaging e: BrettC@comeauwebcopy.com o: 1(888) 454-4907 c: 1(310) 913-5323

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

Human trafficking is the buying and selling of men, women and children within countries and across borders in order to exploit them for profit.

Human trafficking is the buying and selling of men, women and children within countries and across borders in order to exploit them for profit. Learn. Act. Share. Human trafficking is the buying and selling of men, women and children within countries and across borders in order to exploit them for profit. The trafficker takes away the basic human

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

STOP. THINK. CONNECT. Online Safety Quiz

STOP. THINK. CONNECT. Online Safety Quiz STOP. THINK. CONNECT. Online Safety Quiz Round 1: Safety and Security Kristina is on Facebook and receives a friend request from a boy she doesn t know. What should she do? A. Accept the friend request.

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0

More information

An Investigation into the Human/Computer Interface from a Security Perspective. Daniel J. Cross. A Proposal Submitted to the Honors Council

An Investigation into the Human/Computer Interface from a Security Perspective. Daniel J. Cross. A Proposal Submitted to the Honors Council An Investigation into the Human/Computer Interface from a Security Perspective by Daniel J. Cross A Proposal Submitted to the Honors Council For Honors in Computer Science and Engineering 15 October, 2004

More information

What you need to know to keep your computer safe on the Internet

What you need to know to keep your computer safe on the Internet What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

Cybersecurity Best Practices

Cybersecurity Best Practices Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%

More information

National Cybersecurity Awareness Campaign. Kids Presentation

National Cybersecurity Awareness Campaign. Kids Presentation National Cybersecurity Awareness Campaign Kids Presentation About Stop.Think.Connect. In 2009, President Obama asked the Department of Homeland Security to create the Stop.Think.Connect. Campaign to help

More information

Profitable vs. Profit-Draining Local Business Websites

Profitable vs. Profit-Draining Local Business Websites By: Peter Slegg (01206) 433886 07919 921263 www.besmartmedia.com peter@besmartmedia.com Phone: 01206 433886 www.besmartmedia.com Page 1 What is the Difference Between a Profitable and a Profit-Draining

More information

The Importance of Goal Setting When Starting Your Own Online Business

The Importance of Goal Setting When Starting Your Own Online Business The Importance of Goal Setting When Starting Your Own Online Business A Special Report By: Tom Browne 1. Dare to Have Big Dreams 2. Dream Boards 3. How to Set a Goal 4. Short- and Long-Term Goals 5. Identify

More information

White Paper. Benefits and Challenges for Today s Online B- to- B Research Methodology. By Pete Cape, Director, Global Knowledge Management.

White Paper. Benefits and Challenges for Today s Online B- to- B Research Methodology. By Pete Cape, Director, Global Knowledge Management. White Paper Benefits and Challenges for Today s Online B- to- B Research Methodology By Pete Cape, Director, Global Knowledge Management March 2015 Survey Sampling International, 2015 ABOUT THE AUTHOR

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

Email Security. 01-15-09 Fort Mac

Email Security. 01-15-09 Fort Mac Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging

More information

Overcoming Your Content Challenges

Overcoming Your Content Challenges Overcoming Your Content Challenges How to create engaging content for your marketing campaigns 2014 Copyright Constant Contact, Inc. 14-3931 v1.0 Helping Small Business Do More Business Coming up with

More information

Internet Marketing for Local Businesses Online

Internet Marketing for Local Businesses Online Dear Business Owner, I know you get calls from all sorts of media outlets and organizations looking to get a piece of your advertising budget. Today I am not pitching you anything. I would just like to

More information

Copyright (c) 2015 Christopher Small and The Art of Lawyering. All rights reserved.

Copyright (c) 2015 Christopher Small and The Art of Lawyering. All rights reserved. Copyright (c) 2015 Christopher Small and The Art of Lawyering. All rights reserved. 1 In this special report, I ll be sharing with you the ten biggest mistakes that lawyers make when marketing their law

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Security tips for the use of social media websites

Security tips for the use of social media websites CYBER SECURITY OPERATIONS CENTRE NOVEMBER 2012 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

27 Ways To Get More Retweets On Twitter. By Marc Guberti

27 Ways To Get More Retweets On Twitter. By Marc Guberti 27 Ways To Get More Retweets On Twitter By Marc Guberti Getting more retweets on Twitter has been established as one of the most powerful ways to spread on Twitter. However, most of the people who send

More information

c01_1 09/18/2008 1 CHAPTER 1 COPYRIGHTED MATERIAL Attitude Is Everything in a Down Market http://www.pbookshop.com

c01_1 09/18/2008 1 CHAPTER 1 COPYRIGHTED MATERIAL Attitude Is Everything in a Down Market http://www.pbookshop.com c01_1 09/18/2008 1 CHAPTER 1 Attitude Is Everything in a Down Market COPYRIGHTED MATERIAL c01_1 09/18/2008 2 c01_1 09/18/2008 3 Whether you think you can or you think you can t, you are right. Henry Ford

More information

Digital Citizenship Lesson Plan

Digital Citizenship Lesson Plan Digital Citizenship Lesson Plan This course is to help people to understand how to use the Internet in a safe, productive way. Additional resources and links are available on the TechTECS website. http://techtecs.com/digital-citizenship

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

Perception and knowledge of IT threats: the consumer s point of view

Perception and knowledge of IT threats: the consumer s point of view Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of

More information

More effective protection for your access control system with end-to-end security

More effective protection for your access control system with end-to-end security More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Developing the Security Program Jan 27, 2005 Introduction Some organizations use security programs to describe the entire set of personnel, plans, policies, and initiatives

More information

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

WHITE PAPER. PCI Compliance: Are UK Businesses Ready? WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,

More information

OAuth Web Authorization Protocol Barry Leiba

OAuth Web Authorization Protocol Barry Leiba www.computer.org/internet computing OAuth Web Authorization Protocol Barry Leiba Vol. 16, No. 1 January/February, 2012 This material is presented to ensure timely dissemination of scholarly and technical

More information

Lesson One: Introduction to Customer Service

Lesson One: Introduction to Customer Service Student s Name: Date: / / Lesson One: Introduction to Customer Service 1. Customer service is a relatively complex puzzle. While engaging customers, we are attempting to offer services in a manner that

More information

Problem-Solution Essay

Problem-Solution Essay Strong Student Model These writing models are also available in Assessment Masters. The Case for Graduated Licenses Statistics about teenage driving are illuminating: automobile accidents are the leading

More information

Google Lead Generation For Attorneys - Leverage The Power Of Adwords To Grow Your Law Business FAST. The Foundation of Google AdWords

Google Lead Generation For Attorneys - Leverage The Power Of Adwords To Grow Your Law Business FAST. The Foundation of Google AdWords Google Lead Generation For Attorneys - Leverage The Power Of Adwords To Grow Your Law Business FAST You re about to discover the secrets of fast legal practice success with Google AdWords. Google AdWords

More information

Buyers Guide to Web Protection

Buyers Guide to Web Protection Buyers Guide to Web Protection The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these

More information

WHITE PAPER The Five Step Guide to Better Social Media Security

WHITE PAPER The Five Step Guide to Better Social Media Security WHITE PAPER The Five Step Guide to Better Social Media Security A Hootsuite White Paper The Five Step Guide to Better Social Media Security A Hootsuite White Paper In 2013, not a single month went by without

More information

Google Lead Generation for Attorneys

Google Lead Generation for Attorneys 1 Google Lead Generation For Attorneys Leverage The Power Of AdWords To Grow Your Law Business FAST You re about to discover the secrets of fast legal practice success with Google AdWords. Google AdWords

More information

How to register and use our Chat System

How to register and use our Chat System How to register and use our Chat System Why this document? We have a very good chat system and easy to use when you are set up, but getting registered and into the system can be a bit complicated. If you

More information

CERT's role in national Cyber Security: policy suggestions

CERT's role in national Cyber Security: policy suggestions CERT's role in national Cyber Security: policy suggestions Subject: Legal Aspect of Cyber Security. Author: Vladimir Chitashvili Lecture: Anna-Maria Osula What is national Cyber Security is? In another

More information

Almost 400 million people 1 fall victim to cybercrime every year.

Almost 400 million people 1 fall victim to cybercrime every year. 400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked

More information

Security from the Cloud

Security from the Cloud Security from the Cloud Remote Vulnerability Scanning Writer: Peter Technical Review: David Contact: info@hackertarget.com Published: April 2008 Summary: This white paper describes advantages of using

More information

The Online Generation Gap. Contrasting attitudes and behaviors of parents and teens

The Online Generation Gap. Contrasting attitudes and behaviors of parents and teens The Online Generation Gap Contrasting attitudes and behaviors of parents and teens The Online Generation Gap: Contrasting attitudes and behaviors of parents and teens Submitted to: The Family Online Safety

More information

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect

More information

Web Hosting Tips & Tricks For Affiliates

Web Hosting Tips & Tricks For Affiliates Web Hosting Tips & Tricks For Affiliates References http://hagency.com/top-web-hosts.php http://minisitemanager.com http://hagency.com/enom Introduction Hosting a website can be a very confusing experience

More information

SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS. What s Inside? OVERVIEW KEY # 1: RESPECT YOUR AUDIENCE

SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS. What s Inside? OVERVIEW KEY # 1: RESPECT YOUR AUDIENCE SPECIAL REPORT INFUSIONSOFT: 7 KEYS TO TOP RESULTS OVERVIEW You have your data imported, some follow-up sequences, and some initial results with Infusionsoft. Now what? Infusionsoft is a powerful product,

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Powerful English Speaking

Powerful English Speaking Powerful English Speaking Table of Contents I. Introduction II. The Effortless English System Overview III. Body IV. Mind V. Method VI. Next Step VII. Doʼs & Donʼts VIII. Lessons Introduction What is English

More information

It may look like this all has to do with your password, but that s not the only factor to worry about.

It may look like this all has to do with your password, but that s not the only factor to worry about. Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like web-based email, online banking and social media (Facebook, Twitter).

More information

Measuring Software Security

Measuring Software Security Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: July 1, 2014 at 14:53 Dr. Bill Young: 1 Why Is CyberSecurity

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

Maximising the Effectiveness of Information Security Awareness

Maximising the Effectiveness of Information Security Awareness Maximising the Effectiveness of Information Security Awareness This thesis offers a fresh look at information security awareness using research from marketing and psychology. By Geordie Stewart and John

More information

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Collateral Effects of Cyberwar

Collateral Effects of Cyberwar Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global

More information

Finding a Job. When You Have a Record

Finding a Job. When You Have a Record Finding a Job When You Have a Record Looking for work Y ou want a job. The fact is, to have any kind of future, you need a job. But you re probably asking yourself, Yeah, right, but who s going to hire

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved

State of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

More information

The Art of the Ask. How to Overcome the Fear of Asking for Referrals BEST PRACTICES GUIDE SOCIAL MEDIA MARKETING

The Art of the Ask. How to Overcome the Fear of Asking for Referrals BEST PRACTICES GUIDE SOCIAL MEDIA MARKETING The Art of the Ask How to Overcome the Fear of Asking for Referrals 2013 Copyright Constant Contact, Inc. 12-3149 BEST PRACTICES GUIDE SOCIAL MEDIA MARKETING When you think about your main source of new

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

IS YOUR DATA WAREHOUSE SUCCESSFUL? Developing a Data Warehouse Process that responds to the needs of the Enterprise.

IS YOUR DATA WAREHOUSE SUCCESSFUL? Developing a Data Warehouse Process that responds to the needs of the Enterprise. IS YOUR DATA WAREHOUSE SUCCESSFUL? Developing a Data Warehouse Process that responds to the needs of the Enterprise. Peter R. Welbrock Smith-Hanley Consulting Group Philadelphia, PA ABSTRACT Developing

More information

Back to School: Working with Teachers and Schools

Back to School: Working with Teachers and Schools Back to School: Working with Teachers and Schools Starting school each fall is a challenge for the student and parents. The following article offers some valuable suggestions as your child starts a new

More information

Marketing. Marketing Your Business. The Ground Work

Marketing. Marketing Your Business. The Ground Work Marketing Your Business Marketing is a complex process of bringing your business to the attention of the right clients. It s often difficult to link marketing activities to results and that drives business

More information

to get more customers online

to get more customers online ONLINE MARKETING WITH 25 MARKETING TIPS & TRICKS to get more customers online @ 2015 ReachLocal, Inc. All Rights Reserved. REACHLOCAL is a registered trademark. reachlocal.com 1 In the perfect world, getting

More information

Online Security Tips

Online Security Tips Online Security Tips Is your computer set to automatically check for software and security updates? Do you type your name in search engines to see what personal information is online? Have you customized

More information

branding guide for tax pros

branding guide for tax pros by Your Business Matters the branding guide for tax pros how to grow your tax business by building a powerful brand What s in this guide? What branding means Why branding matters in your tax practice How

More information

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD

KEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD CASE STUDY Take Cover The costs of exposing or losing patient information can ruin a dental practice. Cloud-based solutions can protect your business and your patients against these threats: Unauthorized

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

The Builder s Guide to Online Reputation Management

The Builder s Guide to Online Reputation Management The Builder s Guide to Online Reputation Management Builders can t hide their reputation. It s highly visible and immediately accessible with just one click. Do you know what it takes to improve your online

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

Introduction to Using Video to Grow Your Dental Practice

Introduction to Using Video to Grow Your Dental Practice Dental Practice Marketing Guide Introduction to Using Video to Grow Your Dental Practice By Vincent Messina CEO/Founder Otimo Sales and Marketing Hey there! Use video grow your dental practice Welcome

More information

My brain made me do it How to avoid six common investing mistakes

My brain made me do it How to avoid six common investing mistakes Patrick L. McFawn CFP, CPA & Dale L. White CFP, CPA My brain made me do it How to avoid six common investing mistakes Pop quiz Fill in the blank Buy Low High Sell Low High The fundamental principle of

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information