SlideShare une entreprise Scribd logo

BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze

D
DataExchangeAgency

• Common Threats and vulnerabilities Types and examples of information security threats: Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam, Denial of Service, Identity Theft. • Planning and building of awareness program How to plan information security awareness program taking to note cultural differences, available resources and objectives By Vasil Tsvimitidze

Technologie
1  sur  13
Georgia NATO BUILDING AWARENESS AND AWARENESS PROGRAM Turkey, Ankara 2012 Vasil Tsvimitidze
Common Threats and vulnerabilities 2 Common Threats and vulnerabilities Types and examples of information security threats Planning and building of awareness program Main principles tool and techniques for awareness rising.How to plan information security awareness program taking to note cultural differences, available resources and objectives. Hands on development specific awareness program, depending on Georgian practice. Defining awareness program and identify priorities. Identification of success assessment metrics. Development or localization materials for government organizations, business companies and citizens.
Common Threats and vulnerabilities 3 There are many information security threats that we need to be constantly aware of and protect against in order to ensure our sensitive information remains secure. This article details 12 different information security threats that are commonly found, together with some preventative measures that can be taken. This article is just one of the many materials that form part of the ’Highway of Threats’ awareness campaign. See the Campaigns section of the site for more details on this. Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam Denial of Service Identity Theft.
Common Threats and vulnerabilities 4 Unauthorized Access – Enter at your own risk The attempted or successful access of information or systems, without permission or rights to do so. - Ensure you have a properly configured firewall, up to date malware prevention software and all software has the latest security updates. - Protect all sensitive information, utilizing encryption where appropriate, and use strong passwords that are changed regularly. Cyber Espionage – Hey, get off my network! The act of spying through the use of computers, involving the covert access or ‘hacking’ of company or government networks to obtain sensitive information. - Be alert for social engineering attempts and verify all requests for sensitive information. - Ensure software has the latest security updates, your network is secure and monitor for unusual network behavior.
Common Threats and vulnerabilities 5 Malware – You installed what?! A collective term for malicious software, such as viruses, worms and trojans; designed to infiltrate systems and information for criminal, commercial or destructive purposes. - Ensure you have a properly configured firewall, up to date malware prevention and all software has the latest security updates. - Do not click links or open attachments in emails from unknown senders, visit un-trusted websites or install dubious software. Data Leakage – I seek what you leak The intentional or accidental loss, theft or exposure of sensitive company or personal information. - Ensure all sensitive information stored on removable storage media, mobile devices or laptops is encrypted - Be mindful of what you post online, check email recipients before pressing send, and never email sensitive company information to personal email accounts.
Common Threats and vulnerabilities 6 Mobile Device Attack – Lost, but not forgotten The malicious attack on, or unauthorized access of, mobile devices and the information stored or processed by them; performed wirelessly or through physical possession. - Keep devices with you at all times, encrypt all sensitive data and removable storage media, and use strong passwords. - Avoid connecting to insecure, un-trusted public wireless networks and ensure Bluetooth is in ‘undiscoverable’ mode. Social Engineering – Go find some other mug Tricking and manipulating others by phone, email, online or in- person, into divulging sensitive information, in order to access company information or systems. - Verify all requests for sensitive information, no matter how legitimate they may seem, and never share your passwords with anyone – not even the helpdesk. - Never part with sensitive information if in doubt, and report suspected social engineering attempts immediately.
Common Threats and vulnerabilities 7 Insiders – I see bad people An employee or worker with malicious intent to steal sensitive company information, commit fraud or cause damage to company systems or information. - Ensure access to sensitive information is restricted to only those that need it and revoke access when no longer required. - Report all suspicious activity or workers immediately. Phishing – Think before you link A form of social engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. - Look out for emails containing unexpected or unsolicited requests for sensitive information, or contextually relevant emails from unknown senders. - Never click on suspicious looking links within emails, and report all suspected phishing attempts immediately.
Common Threats and vulnerabilities 8 System Compromise – Only the strong survive A system that has been attacked and taken over by malicious individuals or ‘hackers’, usually through the exploitation of one or more vulnerabilities, and then often used for attacking other systems. - Plug vulnerable holes by ensuring software has the latest security updates and any internally developed software is adequately security reviewed. - Ensure systems are hardened and configured securely, and regularly scan them for vulnerabilities. Spam – Email someone else Unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware. - Only give your email to those you trust and never post your address online for others to view. - Use a spam filter and never reply to spam emails or click links within them.
Common Threats and vulnerabilities 9 Denial of Service – Are you still there? An intentional or unintentional attack on a system and the information stored on it, rendering the system unavailable and inaccessible to authorized users. - Securely configure and harden all networks and network equipment against known DoS attacks. - Monitor networks through log reviews and the use of intrusion detection or prevention systems. Identity Theft – You will never be me The theft of an unknowing individual’s personal information, in order to fraudulently assume that individual’s identity to commit a crime, usually for financial gain. - Never provide personal information to un-trusted individuals or websites. - Ensure personal information is protected when stored and securely disposed of when no longer needed.
Principles of awareness 10 Main principles tool and techniques for awareness rising. Principles of awareness  Source of threats are people  Mission of threats are people  Successful awareness program is combination of Technologies and Capabilities  Skillful motivated people are key  It’s the combination of Marketing + Information Technologies sciences + Public relationship + risk management And creativity
Risk management 11  Vulnerability  Threat  Risk  Probability  Impact Priority Threat Vulnerability Probability Impact Risk R_ID
Gergian Example 12  Segmentation  Government organizations  Critical infrastructure  Citizens (gender, age, education etc.)  Communication Channels  Internet  Conferences  TV  Printing media  Meeting and presentations  Awareness Activity  Material development  Results assessment R_ID Segment Channel Activity Material result Phase
Thank You Questions…

Recommandé

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
Ceh intro
Ceh introCeh intro
Ceh intro
Animesh Roy
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
Ali Habeeb
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 

Recommandé

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
Ceh intro
Ceh introCeh intro
Ceh intro
Animesh Roy
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
AT-NET Services, Inc. - Charleston Division
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
Ali Habeeb
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
kelsports
 
Information security
Information securityInformation security
Information security
Yogeshwari M Yogi
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
Gryffin EJ
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
An Introduction to Cyber security
An Introduction to Cyber securityAn Introduction to Cyber security
An Introduction to Cyber security
Samanvay Jain
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Securign siem for small business
Securign siem for small businessSecurign siem for small business
Securign siem for small business
Rajul Sthapak
 
Vulnerability in ai
Vulnerability in ai Vulnerability in ai
Vulnerability in ai
SrajalTiwari1
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
9784
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
Co op Ambassador PowerPoint
Co op Ambassador PowerPointCo op Ambassador PowerPoint
Co op Ambassador PowerPoint
monadnockcoop
 
Building awareness & engaging champions of your cause
Building awareness & engaging champions of your causeBuilding awareness & engaging champions of your cause
Building awareness & engaging champions of your cause
CAMHFoundation
 

Contenu connexe

Tendances

Cyber threats
Cyber threatsCyber threats
Cyber threats
kelsports
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 

Tendances (20)

GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Information security
Information securityInformation security
Information security
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
An Introduction to Cyber security
An Introduction to Cyber securityAn Introduction to Cyber security
An Introduction to Cyber security
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Securign siem for small business
Securign siem for small businessSecurign siem for small business
Securign siem for small business
 
Vulnerability in ai
Vulnerability in ai Vulnerability in ai
Vulnerability in ai
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 

En vedette

Co op Ambassador PowerPoint
Co op Ambassador PowerPointCo op Ambassador PowerPoint
Co op Ambassador PowerPoint
monadnockcoop
 
005 measurement
005 measurement005 measurement
005 measurement
physics101
 
Folder Horst4 Dsign2
Folder Horst4 Dsign2Folder Horst4 Dsign2
Folder Horst4 Dsign2
horst4D
 
ARTDM 171, Week 10: Navigation Schemes
ARTDM 171, Week 10: Navigation SchemesARTDM 171, Week 10: Navigation Schemes
ARTDM 171, Week 10: Navigation Schemes
Gilbert Guerrero
 
ARTDM 171 Week 3: Tags + Group Projects
ARTDM 171 Week 3: Tags + Group ProjectsARTDM 171 Week 3: Tags + Group Projects
ARTDM 171 Week 3: Tags + Group Projects
Gilbert Guerrero
 
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuariosMás inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
Igni
 
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
Mauro de Oliveira
 

En vedette (20)

Co op Ambassador PowerPoint
Co op Ambassador PowerPointCo op Ambassador PowerPoint
Co op Ambassador PowerPoint
 
Building awareness & engaging champions of your cause
Building awareness & engaging champions of your causeBuilding awareness & engaging champions of your cause
Building awareness & engaging champions of your cause
 
Storytelling, Evangelism, and Behind the Seams: Establishing a Social Culture...
Storytelling, Evangelism, and Behind the Seams: Establishing a Social Culture...Storytelling, Evangelism, and Behind the Seams: Establishing a Social Culture...
Storytelling, Evangelism, and Behind the Seams: Establishing a Social Culture...
 
005 measurement
005 measurement005 measurement
005 measurement
 
Folder Horst4 Dsign2
Folder Horst4 Dsign2Folder Horst4 Dsign2
Folder Horst4 Dsign2
 
ARTDM 171, Week 10: Navigation Schemes
ARTDM 171, Week 10: Navigation SchemesARTDM 171, Week 10: Navigation Schemes
ARTDM 171, Week 10: Navigation Schemes
 
Oct 11 2015 Announcements
Oct 11 2015 AnnouncementsOct 11 2015 Announcements
Oct 11 2015 Announcements
 
ARTDM 171 Week 3: Tags + Group Projects
ARTDM 171 Week 3: Tags + Group ProjectsARTDM 171 Week 3: Tags + Group Projects
ARTDM 171 Week 3: Tags + Group Projects
 
#WoMMX Marketing Digital: Casos de Éxito
#WoMMX Marketing Digital: Casos de Éxito#WoMMX Marketing Digital: Casos de Éxito
#WoMMX Marketing Digital: Casos de Éxito
 
Más efectividad: Aprovecha en profundidad los datos para mejorar tu comunicac...
Más efectividad: Aprovecha en profundidad los datos para mejorar tu comunicac...Más efectividad: Aprovecha en profundidad los datos para mejorar tu comunicac...
Más efectividad: Aprovecha en profundidad los datos para mejorar tu comunicac...
 
1ºeso pagina 35-39-sin soluciones
1ºeso pagina 35-39-sin soluciones1ºeso pagina 35-39-sin soluciones
1ºeso pagina 35-39-sin soluciones
 
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuariosMás inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
Más inteligencia: Mejora el engagement, alcance y relevancia con tus usuarios
 
Twitter para iniciantes
Twitter para iniciantesTwitter para iniciantes
Twitter para iniciantes
 
Analise e aplicações de mídias sociais na gestão de empresas
Analise e aplicações de mídias sociais na gestão de empresas Analise e aplicações de mídias sociais na gestão de empresas
Analise e aplicações de mídias sociais na gestão de empresas
 
Knowledge Management Program in the Canadian Forest Service
Knowledge Management Program in the Canadian Forest ServiceKnowledge Management Program in the Canadian Forest Service
Knowledge Management Program in the Canadian Forest Service
 
O papel do conteúdo na experiência do cliente
O papel do conteúdo na experiência do clienteO papel do conteúdo na experiência do cliente
O papel do conteúdo na experiência do cliente
 
Arianny Borda González
Arianny Borda GonzálezArianny Borda González
Arianny Borda González
 
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
Does Life Satisfaction influence the intention (We-Intention) to use Facebook?
 
Apresentação Cidiz 2016
Apresentação Cidiz 2016Apresentação Cidiz 2016
Apresentação Cidiz 2016
 
ĂN TRONG RESORT NHƯ THẾ NÀO?
ĂN TRONG RESORT NHƯ THẾ NÀO?ĂN TRONG RESORT NHƯ THẾ NÀO?
ĂN TRONG RESORT NHƯ THẾ NÀO?
 

Similaire à BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze

InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 

Similaire à BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptxOffice_Cypersecurity_Basic_Training_Decmeber2022.pptx
Office_Cypersecurity_Basic_Training_Decmeber2022.pptx
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
ISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptxISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptx
 
Module 5: Safety
Module 5: SafetyModule 5: Safety
Module 5: Safety
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Ceferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual TechnologiesCeferov Cefer Intelectual Technologies
Ceferov Cefer Intelectual Technologies
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Dernier (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

BUILDING AWARENESS AND AWARENESS PROGRAM - Vasil Tsvimitidze

  • 1. Georgia NATO BUILDING AWARENESS AND AWARENESS PROGRAM Turkey, Ankara 2012 Vasil Tsvimitidze
  • 2. Common Threats and vulnerabilities 2 Common Threats and vulnerabilities Types and examples of information security threats Planning and building of awareness program Main principles tool and techniques for awareness rising.How to plan information security awareness program taking to note cultural differences, available resources and objectives. Hands on development specific awareness program, depending on Georgian practice. Defining awareness program and identify priorities. Identification of success assessment metrics. Development or localization materials for government organizations, business companies and citizens.
  • 3. Common Threats and vulnerabilities 3 There are many information security threats that we need to be constantly aware of and protect against in order to ensure our sensitive information remains secure. This article details 12 different information security threats that are commonly found, together with some preventative measures that can be taken. This article is just one of the many materials that form part of the ’Highway of Threats’ awareness campaign. See the Campaigns section of the site for more details on this. Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam Denial of Service Identity Theft.
  • 4. Common Threats and vulnerabilities 4 Unauthorized Access – Enter at your own risk The attempted or successful access of information or systems, without permission or rights to do so. - Ensure you have a properly configured firewall, up to date malware prevention software and all software has the latest security updates. - Protect all sensitive information, utilizing encryption where appropriate, and use strong passwords that are changed regularly. Cyber Espionage – Hey, get off my network! The act of spying through the use of computers, involving the covert access or ‘hacking’ of company or government networks to obtain sensitive information. - Be alert for social engineering attempts and verify all requests for sensitive information. - Ensure software has the latest security updates, your network is secure and monitor for unusual network behavior.
  • 5. Common Threats and vulnerabilities 5 Malware – You installed what?! A collective term for malicious software, such as viruses, worms and trojans; designed to infiltrate systems and information for criminal, commercial or destructive purposes. - Ensure you have a properly configured firewall, up to date malware prevention and all software has the latest security updates. - Do not click links or open attachments in emails from unknown senders, visit un-trusted websites or install dubious software. Data Leakage – I seek what you leak The intentional or accidental loss, theft or exposure of sensitive company or personal information. - Ensure all sensitive information stored on removable storage media, mobile devices or laptops is encrypted - Be mindful of what you post online, check email recipients before pressing send, and never email sensitive company information to personal email accounts.
  • 6. Common Threats and vulnerabilities 6 Mobile Device Attack – Lost, but not forgotten The malicious attack on, or unauthorized access of, mobile devices and the information stored or processed by them; performed wirelessly or through physical possession. - Keep devices with you at all times, encrypt all sensitive data and removable storage media, and use strong passwords. - Avoid connecting to insecure, un-trusted public wireless networks and ensure Bluetooth is in ‘undiscoverable’ mode. Social Engineering – Go find some other mug Tricking and manipulating others by phone, email, online or in- person, into divulging sensitive information, in order to access company information or systems. - Verify all requests for sensitive information, no matter how legitimate they may seem, and never share your passwords with anyone – not even the helpdesk. - Never part with sensitive information if in doubt, and report suspected social engineering attempts immediately.
  • 7. Common Threats and vulnerabilities 7 Insiders – I see bad people An employee or worker with malicious intent to steal sensitive company information, commit fraud or cause damage to company systems or information. - Ensure access to sensitive information is restricted to only those that need it and revoke access when no longer required. - Report all suspicious activity or workers immediately. Phishing – Think before you link A form of social engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. - Look out for emails containing unexpected or unsolicited requests for sensitive information, or contextually relevant emails from unknown senders. - Never click on suspicious looking links within emails, and report all suspected phishing attempts immediately.
  • 8. Common Threats and vulnerabilities 8 System Compromise – Only the strong survive A system that has been attacked and taken over by malicious individuals or ‘hackers’, usually through the exploitation of one or more vulnerabilities, and then often used for attacking other systems. - Plug vulnerable holes by ensuring software has the latest security updates and any internally developed software is adequately security reviewed. - Ensure systems are hardened and configured securely, and regularly scan them for vulnerabilities. Spam – Email someone else Unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware. - Only give your email to those you trust and never post your address online for others to view. - Use a spam filter and never reply to spam emails or click links within them.
  • 9. Common Threats and vulnerabilities 9 Denial of Service – Are you still there? An intentional or unintentional attack on a system and the information stored on it, rendering the system unavailable and inaccessible to authorized users. - Securely configure and harden all networks and network equipment against known DoS attacks. - Monitor networks through log reviews and the use of intrusion detection or prevention systems. Identity Theft – You will never be me The theft of an unknowing individual’s personal information, in order to fraudulently assume that individual’s identity to commit a crime, usually for financial gain. - Never provide personal information to un-trusted individuals or websites. - Ensure personal information is protected when stored and securely disposed of when no longer needed.
  • 10. Principles of awareness 10 Main principles tool and techniques for awareness rising. Principles of awareness  Source of threats are people  Mission of threats are people  Successful awareness program is combination of Technologies and Capabilities  Skillful motivated people are key  It’s the combination of Marketing + Information Technologies sciences + Public relationship + risk management And creativity
  • 11. Risk management 11  Vulnerability  Threat  Risk  Probability  Impact Priority Threat Vulnerability Probability Impact Risk R_ID
  • 12. Gergian Example 12  Segmentation  Government organizations  Critical infrastructure  Citizens (gender, age, education etc.)  Communication Channels  Internet  Conferences  TV  Printing media  Meeting and presentations  Awareness Activity  Material development  Results assessment R_ID Segment Channel Activity Material result Phase