Transcript Information Security Awareness Training Why Information Security? Information is a valuable asset for all kinds of business More and more information related crimes happen Information leakage,

Information Security
Awareness Training
Why Information Security?
Information is a valuable asset for all
kinds of business
More and more information related
crimes happen
Information leakage, damage will
impact, even finish business
Do’s and don’ts
Do use licensed and supported
software
Do have anti-virus tool, keep it
up to date, and scan portable
media before usage
Verify your Anti-virus is up to date
Verify your Anti-virus is up to date
Do’s and don’ts (continued)
Do have your Personal Firewall
set to ON
Verify your Personal Firewall is ON
Verify your Personal Firewall is ON
Verify your Personal Firewall is ON
Verify your Personal Firewall is ON
Configure Screen Saver
Configure Screen Saver
Do’s and don’ts (continued)
Do keep Windows XP security
patches up to date
Do keep software up to date
Do choose a strong password,
change it periodically, and make
sure that you are the only
person that knows it
Pa55VV0RD!!
Don't use your login name in any form
Don’t use word or words contained in any
language dictionary
Don't use numbers significant to you or
someone close to you, or associated with
the University
Don't use passwords based on simple
keyboard patterns
Remember it or keep it in a protected
place, such as a locked safe
Do’s and don’ts (continued)
Do use Laurier’s resources for business purposes,
please!
Do lock your screen/computer when unattended
For laptop users, do keep your eyes on it, use
chain locks when necessary
Do contact the ITS Help Desk when necessary
Do report incidents, abnormal things to
designated people, and leave the scene
untouched if don’t know what to do
Do back up your documents
Do think about IT security on a regular
basis
Do’s and don’ts (continued)
Do not shut down security applications on your
computer, including anti-virus tool, Firewall,
automated update etc
Do not let unknown people touch your computer,
feel free to challenge his/her ID when necessary
Do not give out your password to anyone,
including ITS staff
Do not provide your password in an email reply
Do not connect personal computing devices to
the WLU wired network
Do not use insecure wireless connections
Do not open an email attachment unless you are
certain of the veracity of its contents
Do not open an unknown website or URL unless
you are certain of its veracity
Example
Example
Example
Example
Example
Social Engineering
Social Engineering is the acquisition
of sensitive information or
inappropriate access privileges by an
outsider, based upon the building of
an inappropriate trust relationship
with insiders
The goal of social engineering is to
trick someone into providing valuable
information or access to that
information
Suggestion 1
If you cannot personally identify a caller
who asks for personal information about
you or anyone else, for information about
your computer system, or for any other
sensitive information, do not provide the
information. Insist on verifying the caller’s
identity by calling them back at their
proper telephone number as listed in
telephone directory. This procedure
creates minimal inconvenience to
legitimate activity when compared with
the scope of potential losses.
Suggestion 2
Remember that passwords are sensitive. A
password for your personal account should
be known ONLY to you. Systems
administrators or maintenance technicians
who need to do something to your account
will not require your password. They have
their own password with system privileges
that will allow them to work on your
account without the need for you to reveal
your password. If a system administrator
or maintenance technician asks you for
your password, be suspicious.
Suggestion 3
Systems maintenance technicians from
outside vendors who come on site should
be accompanied by the local site
administrator. If the site administrator is
not familiar to you, or if the technician
comes alone, it is wise to give a call to
your known site administrator to check if
the technician should be there.
Unfortunately, many people are reluctant
to do this because it makes them look
paranoid, and it is embarrassing to show
that they do not trust a visitor.
Thanks for your time !
Any questions or suggestions?
To download this slides, go to computersecurity.wlu.ca,
Security Awareness Training
Recommend : Tips of The Day
Guidelines to Password Selection
Grant Li
Ex. 2797
Email: [email protected]