Professional Documents
Culture Documents
www.SCIPPinternational.org
Understanding the Risk and Taking Appropriate Steps to Mitigate Cybersecurity Threats
Global leaders in certifying and educating information security professionals with the CISSP and related concentrations, CSSLP, CAP, and SSCP.
London (Europe)
Virginia (America)
Tokyo (Japan)
United Kingdom
500+
China France Switzerland
200+
Brazil
Ireland (1)
Israel
Italy
Malaysia
Mexico
Spain
Sweden
Taiwan
PROPERTIES Allow user to leave interaction: Show Next Slide Button: Completion Button Label:
After viewing all the steps Show upon completion Next Slide
Business Requirements
www.SCIPPinternational.org
Information systems
Support business processes Store and process sensitive and critical data Are available to almost everyone
1. Incident Reporting Who and When to Call 2. Access Controls Never Share with Others
PATRIOTS
(Weak)
P@tr10ts
(Strong)
Hard to guess
Use both uppercase and lowercase letters Substitute characters for letters (e.g., @ for a) Substitute numbers for letters (e.g., 1 for i)
Lock computers when away Terminate sessions when finished Beware of shoulder surfing
Who are you really chatting with? ID Theft Should you click that ad? Phishing Secure connections
Be very careful! Sites may contain hidden programs Never change your security settings Dont download unknown files Spyware/Adware Cookies
Email SPAM
www.SCIPPinternational.org
Sometimes dangerous Activate SPAM folders Do not open email from unknown senders Do not open attachments or links in those emails
Portable Storage
www.SCIPPinternational.org
Mobile Devices
www.SCIPPinternational.org
Notebooks, tablets, etc. Tele-commuting, traveling, personal systems, and acceptable use
Smartphones
www.SCIPPinternational.org
Threat of theft/loss
Wireless Equipment
www.SCIPPinternational.org
Must be used carefully Follow local policy Enable security measures Use encrypted VPN (virtual private network)
Information Classification
www.SCIPPinternational.org
Data Backup
www.SCIPPinternational.org
How much data are you willing to lose? Backup data, operating systems, applications, and configurations Automated saves
Do Your Part
Be aware Recognize suspicious activities Follow procedures Ask if youre not sure
Insider threats
Watch for suspicious activity Report abnormal behavior
www.SCIPPinternational.org
Physical access can overcome almost all other controls Know the identity of visitors Lock it up
Entry Controls
www.SCIPPinternational.org
Beware of tailgating Issue badges to visitors Display badges Report lost credentials
Physical Protection
www.SCIPPinternational.org
Need to protect from loss, damage, and theft Power surges and spikes Manmade and natural threats
Easiest form of hacking Dont be manipulated or persuaded When in doubt, follow policy and report an incident
Identity Theft
www.SCIPPinternational.org
Phishing Attacks
www.SCIPPinternational.org
Dumpster Diving
www.SCIPPinternational.org
Retrieving sensitive information from garbage dumpsters In most jurisdictions, its not against the law
Privacy
www.SCIPPinternational.org
1. Incident Reporting Who and When to Call 2. Access Controls Never Share with Others
Member Support
Thank you!
"All that is necessary for the triumph of evil is that good men do nothing.",