1 / 10

NSF Security Awareness Training for general users

NSF Security Awareness Training for general users. 19 September 2009. Purpose of Security.

lucie
Télécharger la présentation

NSF Security Awareness Training for general users

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NSF Security Awareness Trainingfor general users 19 September 2009

  2. Purpose of Security • “The purpose of [security awareness training] is to focus attentionon security, creating sensitivity to the threats and vulnerabilities of computer systems and recognition of the need to protect data, information and systems.” [my emphasis added] • Source: http://www.units.muohio.edu/mcs/information_security/sec_aware/index.shtml

  3. Threats to Information Systems • Misuse of information systems by users • Stolen equipment (laptops, PDAs) • Malware • Botnets • Compromised USB drives and other mobile devices • Computer viruses • Email worms, network worms

  4. What can you do to minimize threats to information systems? • Create a strong password because they are one of the most common methods hackers use to gain access to systems. • Use a minimum of 8 characters and a combination of at least 3 of the following: capital letters, lower case letters, numbers and/or special characters. • No proper names or words from the dictionary. • Do NOT ever write down or share a password. • Examples • Gr3en EGg$ @NdH@m! • !IhtFGfbt$ • Quote: “A weak password is the product of a weak mind.”

  5. What can you do to minimize threats to information systems? • Email threats • Do not open or reply to SPAM emails. • Do not open attachments from people you do not know. • Do not forward chain emails. • Do not respond to emails asking for personal information or click on unknown links. • Anti-virus/anti-spyware • Have anti-virus software on every computer • UPDATE it regularly – turn on automatic updates • Avast and AVG are free anti-virus software • Use anti-spyware programs like spybot

  6. What can you do to minimize threats to information systems? • Recognize signs of invasion • Such signs include • Slow performance • Unknown files • Disk drive runs all the time • Files disappear from directories • What to do when you notice an invasion • Contact system administrator • Don’t panic • Do not restart computer or remove from network

  7. What can you do to minimize threats to information systems? • Physical security • Lock office doors and lock computer (Windows key+L) or (Ctrl+Alt+Del) • Use password controlled screensaver • Keep monitor and keyboards turned away from common access areas (to minimize shoulder surfing and onlookers) • Handle sensitive data properly (lock drawers, keep sensitive data covered)

  8. Scenarios based quiz • If you leave your computer to grab some coffee, what combination of keys should you hit to secure your system? • Alt+F4 • Fn+Alt • Windows key+L • Ctrl+Backspace

  9. Scenarios based quiz • If you notice your computer running slowly and files disappearing, what should you do? • Call 911 • Restart the computer • Notify IT staff or system administrators • Remove hard drive

  10. Sources • http://irtsectraining.nih.gov/Default.aspx • http://webtutorials.ucsd.edu/csecforOP/index.html • http://www.units.muohio.edu/mcs/information_security/sec_aware/index.shtml

More Related