Smartphones, socialmedia, downloading MP3music files,watchingmovies on tablet computers—these are the types
of activities that our students are constantly engaged in. However, these are the same activities that attackers are
targeting today, yet very fewof our students knowhowto protectthemselves fromthese targeted attacks. In this
presentation we will look at practical security instruction that can be added to any computer course in order to help
our students stay secure.
PresIDIo 1 & 2 WhAT shoulD I geT ouT
Managing IT Risk and Assessing VulnerabilityAIS Network
Andrew Iwamoto of AIS Network gave a presentation on managing IT risk and assessing vulnerability at the 2016 ACCS conference. He discussed understanding the landscape for data breaches in education, establishing a risk culture, conducting an IT risk assessment and creating a risk management plan. He also covered tools and tactics for assessing and minimizing vulnerability, prioritizing remediation efforts, and improving security through testing and exercises. The presentation outlined key steps for colleges and universities to protect their networks and data from increasing cyber threats.
The document discusses the importance of computer forensics and computer security. It notes that as technology advances, security needs to advance as well to protect vital information from unauthorized access. Computer forensics is used to investigate cyber crimes and digital evidence in order to strengthen legal systems and network security. Both computer forensics and computer security are crucial fields within IT that work together to develop more efficient security measures and prevent cyber crimes from increasing.
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Program Director for Cybersecurity
Dr. Clay Wilson is the Program Director for Cybersecurity graduate studies at the American Public University, where he has responsibility for designing new courses. He is past Program Director for Cybersecurity Policy at the University of Maryland University College (UMUC), where he oversaw development of new graduate-level courses. Dr. Wilson is also a former analyst for national defense policy at the Congressional Research Service where he analyzed cyber intelligence reports for the U.S. Congress and NATO committees on net-centric warfare, cybersecurity, nanotechnology, and other vulnerabilities of high-technology military systems and critical infrastructures. More info: http://www.apu.apus.edu/academic/faculty-members/bio/4438/clay-wilson
About American Public University System (NASDAQ:APEI) American Public University System, winner of the Sloan Consortium's Ralph E. Gomory Award for Quality Online Education and first three-time recipient of Sloan's Effective Practice Award, offers more than 90 online degree programs through American Public University and American Military University. APUS's relevant curriculum, affordability and flexibility help more than 100,000 working adults worldwide pursue degrees in a diverse variety of subjects. For further information, visit www.apus.edu. http://www.apus.edu/about-us/facts.htm
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
The document discusses security challenges for information systems, including vulnerabilities from hackers, malware, and system flaws. It describes the need for organizations to implement security frameworks including policies, controls, identity management, auditing and disaster recovery planning to protect digital assets and comply with legal requirements. Specific tools mentioned for safeguarding information include identity management software, authentication methods like passwords and biometrics, and security profiles to restrict user access.
This document discusses security issues, ethics, and emerging technologies related to education. It covers topics like computer security risks and safeguards, including viruses, antivirus software, firewalls, and hardware theft. Ethics in the information age are also examined, such as information privacy, copyright laws, and filtering objectionable internet content. Emerging technologies that could impact education are explored, like enhanced digital textbooks, wireless networks, and assistive technologies. Health issues from computer use and ergonomic strategies are also outlined.
Managing IT Risk and Assessing VulnerabilityAIS Network
Andrew Iwamoto of AIS Network gave a presentation on managing IT risk and assessing vulnerability at the 2016 ACCS conference. He discussed understanding the landscape for data breaches in education, establishing a risk culture, conducting an IT risk assessment and creating a risk management plan. He also covered tools and tactics for assessing and minimizing vulnerability, prioritizing remediation efforts, and improving security through testing and exercises. The presentation outlined key steps for colleges and universities to protect their networks and data from increasing cyber threats.
The document discusses the importance of computer forensics and computer security. It notes that as technology advances, security needs to advance as well to protect vital information from unauthorized access. Computer forensics is used to investigate cyber crimes and digital evidence in order to strengthen legal systems and network security. Both computer forensics and computer security are crucial fields within IT that work together to develop more efficient security measures and prevent cyber crimes from increasing.
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Program Director for Cybersecurity
Dr. Clay Wilson is the Program Director for Cybersecurity graduate studies at the American Public University, where he has responsibility for designing new courses. He is past Program Director for Cybersecurity Policy at the University of Maryland University College (UMUC), where he oversaw development of new graduate-level courses. Dr. Wilson is also a former analyst for national defense policy at the Congressional Research Service where he analyzed cyber intelligence reports for the U.S. Congress and NATO committees on net-centric warfare, cybersecurity, nanotechnology, and other vulnerabilities of high-technology military systems and critical infrastructures. More info: http://www.apu.apus.edu/academic/faculty-members/bio/4438/clay-wilson
About American Public University System (NASDAQ:APEI) American Public University System, winner of the Sloan Consortium's Ralph E. Gomory Award for Quality Online Education and first three-time recipient of Sloan's Effective Practice Award, offers more than 90 online degree programs through American Public University and American Military University. APUS's relevant curriculum, affordability and flexibility help more than 100,000 working adults worldwide pursue degrees in a diverse variety of subjects. For further information, visit www.apus.edu. http://www.apus.edu/about-us/facts.htm
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
This lecture includes introduction to computers security and privacy. This lecture include basic concepts of terminologies and technologies involve in current securities and privacy needs.
The document discusses security challenges for information systems, including vulnerabilities from hackers, malware, and system flaws. It describes the need for organizations to implement security frameworks including policies, controls, identity management, auditing and disaster recovery planning to protect digital assets and comply with legal requirements. Specific tools mentioned for safeguarding information include identity management software, authentication methods like passwords and biometrics, and security profiles to restrict user access.
This document discusses security issues, ethics, and emerging technologies related to education. It covers topics like computer security risks and safeguards, including viruses, antivirus software, firewalls, and hardware theft. Ethics in the information age are also examined, such as information privacy, copyright laws, and filtering objectionable internet content. Emerging technologies that could impact education are explored, like enhanced digital textbooks, wireless networks, and assistive technologies. Health issues from computer use and ergonomic strategies are also outlined.
COMPUTER ETHICS AND SECURITY IS ABOUT THE RULES AND WAYS WHEN USING INTERNET.
MAKE SURE YOU DOWNLOAD IT AS POWERPOINT PRESENTATION TO SEE THE EFFECTS OF THE SLIDES
Here are the key points discussed:
- Smartphones are mini computers that store and transmit sensitive personal and business data, making them targets for hackers and malware.
- Issues include loss/theft exposing data, "jailbroken" devices without security updates, unsecured public WiFi access, and unauthorized access to work email/files on personal devices.
- Businesses must define mobile security policies, require password/PIN locks, remote wipe capabilities, and limit access to networks/data. Individuals should install updates, use antivirus, avoid public WiFi for sensitive tasks, and be wary of links/attachments from unknown sources.
- While convenient, smartphones require extra precautions to balance functionality and security. With
This document provides an overview of a cyber security lecture at Bakhtar University. It discusses the course objectives, policies, and grading evaluation. It then defines cybersecurity and outlines the major cybersecurity challenges, including advanced persistent threats and recent cyber attacks against major organizations. The document categorizes types of cyber attackers and concludes by listing reference books.
This document discusses computer ethics and security risks. It begins by defining computer ethics as moral guidelines governing computer use. It then lists seven frequently discussed areas of computer ethics: unauthorized computer use, software piracy, information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing. The document goes on to define computer security risks and common types like hackers, crackers, and cybercriminals. It also outlines methods to safeguard against risks such as viruses, unauthorized access, and theft through antivirus software, firewalls, and access controls.
This document provides an overview of computer ethics and professional practices. It begins by defining key terms like ethics and morals. It then discusses the background of ethics according to philosophers like Socrates. The document outlines some historical milestones in computer ethics and issues that arose with early computer technologies. It provides examples of topics in computer ethics like privacy, intellectual property, and computer security. The document concludes by presenting the "Ten Commandments" of computer ethics.
This document discusses system vulnerabilities and security challenges. It explains that information systems are vulnerable due to hardware and software problems, disasters, and use outside a firm's control. The document outlines internet vulnerabilities like networks being open, email attachments, and IM messages lacking security. It also discusses wireless security challenges, malicious software, hackers/computer crimes like spoofing and denial of service attacks, and identity theft. The goal is to assess security and controls to safeguard information resources.
Edhole School provides best Information about Schools in India, Delhi, Noida, Gurgaon. Here you will get about the school, contact, career, etc. Edhole Provides best study material for school students.
The document summarizes updates made to the Education Bureau's "Information Security in Schools – Recommended Practice" guidelines. Major updates include new chapters on mobile device security, malware protection, and website/web application security. Network security recommendations were also revised with new guidance on wireless network deployment, email security, and separating wired and wireless networks. The document provides an overview of IT security grants and support available to schools from the Education Bureau.
This document discusses ICT security risks in schools. It begins by defining ICT and noting its importance in education. Risks include people, physical security of assets, wireless networks, and web threats. The document then analyzes risks at a private school in Southeast Asia, identifying issues like outdated antivirus software, unsecured wireless networks, and lack of firewalls. In conclusion, the school's approach to network security is lax and improvements are needed to protect sensitive information from various security threats.
This document discusses securing information systems and covers several topics related to information security. It introduces learning objectives about privacy issues, threats to information security, defense mechanisms, auditing, and disaster recovery. Several types of threats are described, such as human errors, natural disasters, technical failures, malware, hacking, and computer crimes like identity theft and phishing. Defense techniques include privacy policies, access controls, and security management practices.
This document discusses information security and ethics in business and society. It covers topics like ensuring privacy and monitoring employee computer usage. It provides remedies for potential issues like protecting devices from viruses, not giving out sensitive information over the phone, and using safe browsing practices. The document aims to educate employees on maintaining security and ethics in their work.
Computer security involves protecting computers and data from damage, theft, or misuse. It focuses on security attacks, mechanisms to prevent attacks, and security services. The main goals of information security are confidentiality, integrity, and availability of data and systems. Common security threats include phishing, botnets, rootkits, keyloggers, hackers, and drive-by downloads. Authentication systems like passwords, biometrics, firewalls, and cryptography help verify users' identities and protect sensitive information.
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
The document discusses several topics related to computer use and security, including privacy issues, computer crimes, security measures, ergonomics, and health concerns. Specifically, it defines privacy and discusses issues around large databases and private networks. It also defines computer security and different types of computer crimes. The document outlines some security measures like passwords, antivirus software, firewalls, and backups. It defines ergonomics and its importance in reducing fatigue. Finally, it discusses the importance of considering mental and physical health for computer users.
The document provides information on techniques for keeping personal data private, such as limiting information provided on forms and not displaying phone numbers on checks. It also discusses threats like spyware, adware, spam, phishing, and social engineering. Major US privacy laws are summarized, with the earliest from 1970 regulating credit reporting and the most recent in 2006 concerning phone records privacy. The laws generally aim to restrict disclosure of personal information and give individuals access to records about them.
This document discusses cyber security risks in schools and provides recommendations for managing cyber security. It recommends establishing a cyber-secure culture through leadership, training, and modeling good security habits. It also recommends having cyber security policies and procedures, securing infrastructure and technology, providing education and training, and performing security standards and inspections. Specific recommendations include securing devices and networks, implementing filters, managing access privileges, preventing malware, updating software, and conducting vulnerability assessments. The document stresses the importance of cyber security awareness across the entire school community.
Introduction to the management of information security Sammer Qader
This document provides an introduction to information security management. It discusses the importance of information security and the manager's role in securing an organization's information assets. It describes the three communities of interest involved in information security - the information security managers, IT managers, and non-technical business managers. It also outlines the key characteristics of information security including confidentiality, integrity, availability, and others. Finally, it discusses the characteristics of management and leadership as they relate to information security management.
This document discusses the importance of cyber security, especially regarding mobile devices. It begins by defining cyber security and explaining how the increased use of technology and mobile devices has led to greater cyber threats. Individuals and businesses now rely heavily on digital information and devices, exposing them to privacy and security risks. There is also a lack of cyber security awareness and training. The document then explains why mobile devices pose unique risks as they contain sensitive information but have less security than laptops. It concludes by providing tips for how businesses can better protect information assets, such as encrypting data, using firewalls, and training employees on cyber security best practices.
Privacy , Security and Ethics PresentationHajarul Cikyen
Hamimah bte Mohd Jamil
MUHAMMAD BIN MOHD SUKERI
(A13CS0068)
NURUL EMIRA BINTI ABDUL AZIZ
(A13CS0128)
WAN HAJARUL ASIKIN BINTI WAN
ZUNAIDI (A13CS0168)
This document discusses privacy issues related to computing technology and personal information collection. It covers primary privacy issues like accuracy, property and access of personal data. It also discusses large databases, information resellers, identity theft, mistaken identity and various laws protecting personal information. The document also covers computer crimes
The document summarizes key findings from the 2010/2011 CSI Computer Security Survey. It found that the most expensive incidents were financial fraud at an average cost of $500,000, while bot infections averaged $350,000. Viruses were the most common incident at 49% of respondents. Other frequent incidents included insider abuse (44%) and theft of mobile devices (42%). Respondents reported using technologies like firewalls, antivirus software, and encryption to combat security threats.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
The document summarizes the findings of a cybersecurity awareness survey conducted by students. It includes the following key points:
- The majority of respondents were aged 18-24 and had at least a bachelor's degree. Most used the internet multiple times daily.
- While many were confident recognizing phishing emails, a significant portion lacked formal training. Password and backup practices varied in security.
- Knowledge of secure websites and malware response was poor for most. Emergency plans and sources of learning also differed.
- The data shows cybersecurity practices must be improved through targeted education, as threats constantly change requiring updated measures. Combining education, monitoring and adaptation can better protect all users.
COMPUTER ETHICS AND SECURITY IS ABOUT THE RULES AND WAYS WHEN USING INTERNET.
MAKE SURE YOU DOWNLOAD IT AS POWERPOINT PRESENTATION TO SEE THE EFFECTS OF THE SLIDES
Here are the key points discussed:
- Smartphones are mini computers that store and transmit sensitive personal and business data, making them targets for hackers and malware.
- Issues include loss/theft exposing data, "jailbroken" devices without security updates, unsecured public WiFi access, and unauthorized access to work email/files on personal devices.
- Businesses must define mobile security policies, require password/PIN locks, remote wipe capabilities, and limit access to networks/data. Individuals should install updates, use antivirus, avoid public WiFi for sensitive tasks, and be wary of links/attachments from unknown sources.
- While convenient, smartphones require extra precautions to balance functionality and security. With
This document provides an overview of a cyber security lecture at Bakhtar University. It discusses the course objectives, policies, and grading evaluation. It then defines cybersecurity and outlines the major cybersecurity challenges, including advanced persistent threats and recent cyber attacks against major organizations. The document categorizes types of cyber attackers and concludes by listing reference books.
This document discusses computer ethics and security risks. It begins by defining computer ethics as moral guidelines governing computer use. It then lists seven frequently discussed areas of computer ethics: unauthorized computer use, software piracy, information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing. The document goes on to define computer security risks and common types like hackers, crackers, and cybercriminals. It also outlines methods to safeguard against risks such as viruses, unauthorized access, and theft through antivirus software, firewalls, and access controls.
This document provides an overview of computer ethics and professional practices. It begins by defining key terms like ethics and morals. It then discusses the background of ethics according to philosophers like Socrates. The document outlines some historical milestones in computer ethics and issues that arose with early computer technologies. It provides examples of topics in computer ethics like privacy, intellectual property, and computer security. The document concludes by presenting the "Ten Commandments" of computer ethics.
This document discusses system vulnerabilities and security challenges. It explains that information systems are vulnerable due to hardware and software problems, disasters, and use outside a firm's control. The document outlines internet vulnerabilities like networks being open, email attachments, and IM messages lacking security. It also discusses wireless security challenges, malicious software, hackers/computer crimes like spoofing and denial of service attacks, and identity theft. The goal is to assess security and controls to safeguard information resources.
Edhole School provides best Information about Schools in India, Delhi, Noida, Gurgaon. Here you will get about the school, contact, career, etc. Edhole Provides best study material for school students.
The document summarizes updates made to the Education Bureau's "Information Security in Schools – Recommended Practice" guidelines. Major updates include new chapters on mobile device security, malware protection, and website/web application security. Network security recommendations were also revised with new guidance on wireless network deployment, email security, and separating wired and wireless networks. The document provides an overview of IT security grants and support available to schools from the Education Bureau.
This document discusses ICT security risks in schools. It begins by defining ICT and noting its importance in education. Risks include people, physical security of assets, wireless networks, and web threats. The document then analyzes risks at a private school in Southeast Asia, identifying issues like outdated antivirus software, unsecured wireless networks, and lack of firewalls. In conclusion, the school's approach to network security is lax and improvements are needed to protect sensitive information from various security threats.
This document discusses securing information systems and covers several topics related to information security. It introduces learning objectives about privacy issues, threats to information security, defense mechanisms, auditing, and disaster recovery. Several types of threats are described, such as human errors, natural disasters, technical failures, malware, hacking, and computer crimes like identity theft and phishing. Defense techniques include privacy policies, access controls, and security management practices.
This document discusses information security and ethics in business and society. It covers topics like ensuring privacy and monitoring employee computer usage. It provides remedies for potential issues like protecting devices from viruses, not giving out sensitive information over the phone, and using safe browsing practices. The document aims to educate employees on maintaining security and ethics in their work.
Computer security involves protecting computers and data from damage, theft, or misuse. It focuses on security attacks, mechanisms to prevent attacks, and security services. The main goals of information security are confidentiality, integrity, and availability of data and systems. Common security threats include phishing, botnets, rootkits, keyloggers, hackers, and drive-by downloads. Authentication systems like passwords, biometrics, firewalls, and cryptography help verify users' identities and protect sensitive information.
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
The document discusses several topics related to computer use and security, including privacy issues, computer crimes, security measures, ergonomics, and health concerns. Specifically, it defines privacy and discusses issues around large databases and private networks. It also defines computer security and different types of computer crimes. The document outlines some security measures like passwords, antivirus software, firewalls, and backups. It defines ergonomics and its importance in reducing fatigue. Finally, it discusses the importance of considering mental and physical health for computer users.
The document provides information on techniques for keeping personal data private, such as limiting information provided on forms and not displaying phone numbers on checks. It also discusses threats like spyware, adware, spam, phishing, and social engineering. Major US privacy laws are summarized, with the earliest from 1970 regulating credit reporting and the most recent in 2006 concerning phone records privacy. The laws generally aim to restrict disclosure of personal information and give individuals access to records about them.
This document discusses cyber security risks in schools and provides recommendations for managing cyber security. It recommends establishing a cyber-secure culture through leadership, training, and modeling good security habits. It also recommends having cyber security policies and procedures, securing infrastructure and technology, providing education and training, and performing security standards and inspections. Specific recommendations include securing devices and networks, implementing filters, managing access privileges, preventing malware, updating software, and conducting vulnerability assessments. The document stresses the importance of cyber security awareness across the entire school community.
Introduction to the management of information security Sammer Qader
This document provides an introduction to information security management. It discusses the importance of information security and the manager's role in securing an organization's information assets. It describes the three communities of interest involved in information security - the information security managers, IT managers, and non-technical business managers. It also outlines the key characteristics of information security including confidentiality, integrity, availability, and others. Finally, it discusses the characteristics of management and leadership as they relate to information security management.
This document discusses the importance of cyber security, especially regarding mobile devices. It begins by defining cyber security and explaining how the increased use of technology and mobile devices has led to greater cyber threats. Individuals and businesses now rely heavily on digital information and devices, exposing them to privacy and security risks. There is also a lack of cyber security awareness and training. The document then explains why mobile devices pose unique risks as they contain sensitive information but have less security than laptops. It concludes by providing tips for how businesses can better protect information assets, such as encrypting data, using firewalls, and training employees on cyber security best practices.
Privacy , Security and Ethics PresentationHajarul Cikyen
Hamimah bte Mohd Jamil
MUHAMMAD BIN MOHD SUKERI
(A13CS0068)
NURUL EMIRA BINTI ABDUL AZIZ
(A13CS0128)
WAN HAJARUL ASIKIN BINTI WAN
ZUNAIDI (A13CS0168)
This document discusses privacy issues related to computing technology and personal information collection. It covers primary privacy issues like accuracy, property and access of personal data. It also discusses large databases, information resellers, identity theft, mistaken identity and various laws protecting personal information. The document also covers computer crimes
The document summarizes key findings from the 2010/2011 CSI Computer Security Survey. It found that the most expensive incidents were financial fraud at an average cost of $500,000, while bot infections averaged $350,000. Viruses were the most common incident at 49% of respondents. Other frequent incidents included insider abuse (44%) and theft of mobile devices (42%). Respondents reported using technologies like firewalls, antivirus software, and encryption to combat security threats.
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
The document summarizes the findings of a cybersecurity awareness survey conducted by students. It includes the following key points:
- The majority of respondents were aged 18-24 and had at least a bachelor's degree. Most used the internet multiple times daily.
- While many were confident recognizing phishing emails, a significant portion lacked formal training. Password and backup practices varied in security.
- Knowledge of secure websites and malware response was poor for most. Emergency plans and sources of learning also differed.
- The data shows cybersecurity practices must be improved through targeted education, as threats constantly change requiring updated measures. Combining education, monitoring and adaptation can better protect all users.
What's New In CompTIA Security+ - Course Technology Computing ConferenceCengage Learning
What's New In CompTIA Security+ - Course Technology Computing Conference
Presenter: Mark Ciampa, Western Kentucky University
The new CompTIA Security+ exam (SY0-401) is projected to be rolled out in the late spring of 2014. This exam will have several significant changes from the previous exam. These include an expanded emphasis on topics such as securing mobile devices, cloud computing, cryptography, and threats and vulnerabilities. In addition, CompTIA is continuing to use performance-based questions on Security+ exams, requiring test-takers to configure firewall access control lists, match ports with services, and analyze log files. What exactly will the new Security+ exam cover? How will the updated Cengage Security+ Guide to Network Security Fundamentals 5th Edition address these changes? And what are the best ways to help students be prepared for the new Security+ exam with its performance-based questions? This session will look at what's new in CompTIA Security+ and how we can teach security to our students.
This document discusses information security and copyright in a healthcare context. It covers fair use principles, securing network information through authentication, authorization and other methods. It also discusses threats like hackers, viruses and insiders and tools to enhance security like firewalls and intrusion detection. The document concludes with questions about fair use of copyrighted material and appropriate use of patient information.
This document outlines key aspects of cybersafety for K-6 teachers and students. It defines cybersafety as the safe and responsible use of technology, with no physical, emotional, or psychological harm to oneself or others. Some cybersafety issues covered include protecting digital identity through strong passwords and privacy settings, being aware of online strangers, avoiding cyberbullying, and establishing school cybersafety policies and training. The goal is to ensure student safety online while encouraging use of technology's benefits.
This document outlines topics to be discussed in a lecture on cryptography and network security. It includes two case studies of data breaches at government organizations and a hotel chain. It discusses security needs and objectives, why security is difficult to achieve, how security became an issue, threat modeling, risk assessment, the three aspects of security (attacks, mechanisms, services), and key points to remember around security including the trade-off between security and usability.
This document proposes a standardized cyber security education platform to address the lack of cybersecurity training. It notes that 52% of security breaches are caused by human error due to inadequate user education. The proposed platform would provide cross-platform security training modules in an gamified format to certify users without requiring in-depth technical knowledge. This could incentivize colleges and companies to provide cybersecurity education to users. Financial projections estimate charging $4-6 per student and $2-4 per faculty member based on completing training modules. The milestones include implementing a prototype with a college IT department and involving more campuses and nationwide colleges over time.
Learn about current cybersecurity threats, what new threats are on the rise, and how to train the next generation of cyberprofessionals to help keep us secure.
This document discusses electronic security in computer networks. It covers securing network information through confidentiality, availability, and integrity. It describes authentication of users, acceptable use policies, and information integrity. It also discusses threats to security like hackers, viruses, and malicious insiders. Finally, it outlines security tools like firewalls, proxy servers, and intrusion detection systems that can help secure networks.
Information Technology Security BasicsMohan Jadhav
The document discusses various topics related to IT security basics. It begins by providing two examples of security breaches to illustrate why security is important. It then discusses the four virtues of security and the nine rules of security. The document also defines information security, its goal of ensuring confidentiality, integrity and availability of systems, and the potential impacts of security failures. Additionally, it outlines common security definitions, 10 security domains, and provides an overview of access control and application security.
This document discusses cyber safety, cyber ethics, and cyber security. It defines each term and provides examples. Cyber safety involves responsible online behaviors to stay safe. Cyber ethics is about positive and ethical online conduct. Cyber security protects information and computer systems from online threats. The document recommends strategies like using antivirus software and not sharing personal information. It provides additional resources from organizations that educate on internet safety.
8 building blocks for a high performance school IT networkModrus
With more use of interactive lessons, BYOD, remote access from home and greater network and internet security within Schools, IT departments are feeling the pressure. Here are 8 key building blocks to put in place to help keep your networks performing well.
Computer security risks include cybercrime, hackers, crackers, script kiddies, cyberextortionists, and cyberterrorists illegally accessing networks and computers. To protect against viruses and malware, precautions should be taken like not opening attachments from unknown sources, enabling macro security in programs, installing antivirus software and updating it frequently with the latest virus definitions.
Cyber Security presentation given by Luke Schneider, Chief Executive Officer of Medicine Bow Technologies at the 2016 Wyoming Hospital Association Annual Conference
ACS Talk (Melbourne) - The future of securitysiswarren
This document summarizes a presentation on the future of information security. It discusses trends that will impact security such as increased network speeds, wireless devices, cloud computing and the internet of things. It also covers issues like the decline of traditional computers, increased cyber attacks, the importance of online identity, hacktivism, and the need for improved security training and qualifications. The document concludes that the complexity of security will continue growing and attacks will have greater potential impacts, making security an even more important issue going forward.
This document summarizes a presentation on e-safety given by several speakers. The purpose of the session was to explore e-safety issues for educational institutions and discuss safety policies, safe systems, and educating safe users. It covered setting objectives and priorities for safety policies, external safeguards and internal systems to promote safe usage, and increasing awareness of e-safety practices. One speaker discussed their institution's computer security incident response team and examples of incidents handled, and provided tips for keeping systems and users safe. Another speaker discussed their college's approach to safeguarding students through tools like policy reviews, guidance materials, and educational programs.
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
This document provides information about a webinar on keeping nonprofits and libraries secure. The webinar covered introducing TechSoup and their security donation programs, security threats like zero-day vulnerabilities and common causes of data breaches, and basic security practices around passwords, social media, phishing, and more. It also discussed Symantec's security solutions and how to get started with free security resources.
Cybersecurity involves protecting important data, networks, and computer systems from unauthorized access or criminal activity. The demand for cybersecurity professionals is growing rapidly due to increased internet usage and cybercrime. Some key areas of study to work in cybersecurity include information security analysis, coordination, engineering, software security specialization, and cryptography. Effective cybersecurity requires protecting all aspects of an organization's people, processes, technology, computers and networks.
The document discusses promoting safe and responsible use of technology through developing students' understanding of ethical and security issues related to technology. It provides examples of security threats like hacking school networks to change grades, spreading malware through instant messages that can lead to identity theft, and infecting computers with ads for profit. The document emphasizes the importance of educating students on network security best practices like using strong passwords, backing up data, and knowing how to identify and avoid security risks online in order to protect schools and individuals from cyber threats.
Similar to Course Tech 2013, Mark Ciampa, Helping Students Stay Secure (20)
Discovering History Through Digital Newspaper CollectionCengage Learning
Hear from Seth Cayley, Director of Research Publishing at Gale, a part of Cengage Learning, as he discusses the historic media coverage of familiar and little known events, cultural phenomena, and everyday life found in 19th and early 20th century newspapers. Learn how historical newspapers can support faculty research, drive inquiry and critical thinking among students, and stimulate classroom debate.
Are Your Students Ready for Lab?
11/5/2015
Presenters: Bill Heslop and Tony Baldwin, Directors and Co-founders, Learning Science Ltd.
LabSkills is an online program that prepares students for their lab sessions through assignments inOWLv2, the leading online learning system for Chemistry. LabSkills makes it easy for you to requirestudents to complete laboratory preparation prior to attending lab with demonstrations, interactivesimulations, and quizzes. The newest version of LabSkills PreLabs is an enhanced course with 10 new techniques, plus new mobile-compatible simulations. LabSkills content is easy to assign and is automatically graded. LabSkills is currently used by schools and universities in more than 30 countries worldwide.In this webinar, you will learn how to get your students:-Engaged with practical work-Prepared when they get to the lab-Confident in performing the experiments-Using the time in the lab effectively
5 Course Design Tips to Increase Engagement and OutcomesCengage Learning
Facilitated by: Professor Greg Gellene, Texas Tech University, Lubbock, Texas
10/21/2015
How do you get the most out of your students? Do you wish for them to participate more? Complete their homework? Improve their outcomes? Listen as Greg Gellene reveals his 5 tips for designing a course to better engage college students. Greg will share his experience building a digitally-infused course that increased class attendance and drove homework completion rates to over 80%. Attend this second webinar in our Journey to Digital Professional Development Series to hear from Greg, ask advice for implementing such methods in your own course, and discover why Greg’s students say technology helped to keep them well-engaged in his course.
The Journey to Digital: Incorporating Technology to Strengthen Critical MindsCengage Learning
Dr. Dale Prentiss, Special Lecturer, Oakland University, Rochester, Michigan
Have you gone digital? 74% of surveyed college students feel that they would fare better if their instructors would use more technology. Whether you are a technology novice or a digital pro, we welcome you to a webinar inspired by a recent case study at Oakland University. Dr. Dale Prentiss will share his journey to digital, his mission to help students strengthen their critical thinking skills, and how personalizing his course resulted in better student engagement. Join Dale as he discusses the highs and lows of moving from a non-digital to a fully-digital experience and offers tips on how to make the transition in your own course in this first webinar of The Journey to Digital Professional Development Series.
Google Drive Plus TexQuest Equals a Match Made in Research HeavenCengage Learning
Learn more about how Prosper (TX) High School is using their Gale In Context resources through the Google integration with tools such as Drive, Docs, and Apps, to help their students and teachers more easily access and share content within the classroom, library and from home.
Improving Time Management: Tips that Will Help College Students Start the Yea...Cengage Learning
College students can improve their time management by creating a schedule that balances classes, studying, extracurricular activities and free time. They should block out specific times for each task and avoid distractions to stay focused on the task at hand. Managing time effectively from the start of the semester sets students up for academic success.
How successful is MindTap? Just ask the Students! We asked and you answered, students are more likely to recommend to fellow students and professors alike!
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Cengage Learning
Get up and running with Enhanced WebAssign (EWA) quickly! In this hour long peer-to-peer training session you will learn how to log in, create your own course, build and schedule assignments, and more. In addition, you’ll also get advice on what to require of students during the first couple of weeks of class.
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeCengage Learning
Hear from respected educational technologist, Lenny Schad, as he shares his experiences in leading a large Texas school district through a program of inclusion – creating an environment where it no longer matters which brands of hardware are being used or who owns the devices. Lenny is also an author with a recent ISTE published title Bring Your Own Learning.
Decimal and Fraction Jeopardy - A Game for Developmental MathCengage Learning
Each year colleges identify a significant number of students needing developmental math classes. Classes include capable students who may have fallen behind as well as students who have never acquired the skills to be successful in math. Game based learning can enhance motivation and help students succeed. Creating a game does not require advance technical skills. This user-friendly Powerpoint game is modeled on the popular Jeopardy game show and provides students with the opportunity to develop basic math skills. With game based learning, your lesson plan will become a focused, interactive opportunity for learning.
Game it up! Introducing Game Based Learning for Developmental MathCengage Learning
Addressing the needs of developmental math students is difficult but important challenge facing instructors. Game based learning adds excitement to your lesson and helps students focus. In this presentation, Dr Kathleen Offenholly reviews best practices and simple steps for adding game based learning to your class. The games are not flashy and do not require advanced technical skills. They are simple to implement and have proven to be effective.
Our esteemed guest, and author of the ASCD published title "Overcoming Textbook Fatigue", ReLeah Lent, shares ways in which over-reliance on textbooks as a sole-source of curriculum instruction can unintentionally create a barrier between our students and 21st Century effectiveness. Ms. Lent discuss actionable strategies for navigating this barrier while engaging our students more effectively.
Adult Student Success: How Does Awareness Correlate to Program Completion?Cengage Learning
Adult Student Success: How Does Awareness Correlate to Program Completion?
Presented by: Dr. Barbara Calabro and Dr. Melanie Yerk
Date Recorded: 12/9/2014
This installment of Cengage Learning’s College Success Faculty Engagement Webinar Series will help instructors and administrators to better understand the multi-faceted approaches to adult student success and retention by exploring the factors that specifically impact how adult students learn (including motivation, personality development, Maslow’s Hierarchy of Needs as they relate to adult students, self-esteem, and financial literacy) and by discussing the foundational competencies necessary for success both in college and in the workplace.
You're responsible for teaching, and your students are resonsible for learnin...Cengage Learning
This document discusses flipping the classroom for an introductory physics course. The instructor believes lecturing does not promote learning, so they have students learn content outside of class through readings and videos. In class, students work in groups to answer questions and complete problems while the instructor acts as a facilitator. The instructor provides various "carrots", or incentives, to encourage students to complete work outside of class and help each other, such as allowing problem portions of quizzes to be redone and including group grades.
What is the Impact of the New Standard on the Intermediate Accounting Course?Cengage Learning
The document discusses the new revenue recognition standard issued by the FASB and IASB in 2014. It summarizes the core principle of the new standard which is to recognize revenue when control of goods or services are transferred to a customer. It outlines the 5-step model for revenue recognition which includes identifying performance obligations, determining transaction price, allocating price to obligations, and recognizing revenue when obligations are satisfied. The standard represents a principles-based approach to revenue recognition and is expected to impact how the topic is taught with a focus on the new 5-step model.
The ABCs Approach to Goal Setting and ImplementationCengage Learning
Presented by: Dr. Christine Harrington - Director for the Center for the Enrichment of Learning and Teaching, Middlesex County College
Despite its' widespread use, you may be surprised to discover the research supporting the SMART goal setting framework is lacking. In fact, the SMART model is missing the most important factor in goal setting. Come discover a research-based framework (and the most important goal setting factor!) that will assist your students with setting and implementing effective goals that will lead to high levels of success.
Competency-based Education: Out with the new, in with the old? Cengage Learning
Presented by: Sally M. Johnstone, PhD - Vice President for Academic Advancement, Western Governors University; Dr. Larry Banks - Provost, Daymar Colleges Group, Competency Based Education Consultant, Wonderlic Assessments; and Anne Gupton, L.P.C., N.C.C. - Counselor and Associate Professor, Mott Community College
Date Recorded: 10/3/2014
The idea of competency-based education has steadily gained traction in the media, but its appropriateness in the educational arena remains questioned. How does this drive critical thinking? Should we measure learning based on the application of existing knowledge, or the ability to acquire and apply new knowledge?
Student-to-Student Learning, Powered by FlashNotes Cengage Learning
Presented by: Lester Lefton, President Emeritus of Kent State and Lou Lataif, Dean Emeritus of the School of Business at Boston University
Join Lester Lefton, President Emeritus of Kent State and Lou Lataif, Dean Emeritus of the School of Business at Boston University as they share the power of peer to peer education. We’ll also be joined by Michael Matousek as he shares the story of his company, Flashnotes.com, and its mission to compliment and reinforce the in-class experience and assigned textbook through the Flashnotes.com marketplace. By leveraging original student-created content, students have another opportunity to get help in real-time, preventing them from falling behind throughout the semester, to improve academic outcomes, student retention and graduation rate. In addition, hear the thoughts and experiences of fellow educators on this topic, and learn how you can help your students to take advantage of this technology.
Creating Career Success: A Flexible Plan for the World of WorkCengage Learning
This document describes a career development textbook that takes a flexible and self-directed approach to helping students create career success. The textbook uses integrated assessments, real-world examples, and strategic planning tools to guide students through self-assessment, career exploration, and professional marketing. It addresses the needs of today's global and changing job market. Additional resources include an online instructor site, PowerPoint slides, career portfolio tools, and options for a customized version of the textbook.
Presented by: Francine Fabricant, MA, EdM - Lecturer at Hofstra University Continuing Education
It is possible for today's students to look at an unpredictable world and feel confident about their career potential. Students are facing a rapidly-changing, technologically-advanced, global economy, where job security is a thing of the past. To help students feel more secure and optimistic, they need a new set of tools.
Using strategies from the latest academic research and best-selling authors, we'll explore the new skills for career success, including open-mindedness, proactive behavior, creative thinking, sponsorship, personal branding, and lifelong learning. We'll also discuss how structured tools can help your students, such as a career portfolio and a flexible plan of action.
3. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
4. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
14. Things Are Still Bad
• Web pages that infect by simply looking at
them (6,000 new infected pages daily, or 1
every 14 seconds)
• More attacks originate in U.S. than any
other country (33%)
• Home users were the most highly targeted
sector (93% all targeted attacks)
• An infected U.S. computer has an average
of 8 instances of malware
• U.S. has highest number of infected
computers
14
15. Things Are Still Bad
• 431 million adults experienced
cybercrime in last year
• 1+ million daily victims (14 each
second)
• 79% Internet users online 49+ hours
per week been victims
• 1 in 2.27 = odds consumer become
cybercrime victim
• $388 billion total cost cybercrime
15
16. Things Are Still Bad
• New zero-day attack
• Bypasses sandbox protection in
Adobe Reader 10 and 11
• Bypasses Windows ASLR (Address
Space Layout Randomization) and
DEP (Data Execution Prevention)
• Starts by having Windows users
clicking on a malicious PDF file
delivered in an e-mail message
16
17. Things Are Still Bad
• Opens decoy PDF document contains
travel visa application
• Also drops and executes a malware
downloader that connects to remote server
and downloads additional components to
steal passwords, gather information about
system configuration, log keystrokes
• Communication between the malware and
the command-and-control server is
compressed with zlib and encrypted with
AES (Advanced Encryption Standard)
17
18. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
19. Users Are Still Confused
• Massive data breach from computers
belonging to South Carolina's Department of
Revenue (DOR)
• Exposed Social Security numbers of 3.8
million taxpayers plus credit card & bank
account data for total of 74.7 GB
• Started with employee's computer infected
with malware after user opened phishing e-
mail
• Attacker captured the person's username and
password
• Installed tools that captured user account
passwords on 6 servers
• Eventually gained access to 36 other systems
19
20. Users Are Still Confused
• 2012 survey of American, British and
German adult computer users
• 40% not always update software on
computers when they initially prompted
• 25% said do not clearly understand what
software updates do
• 25% said do not understand the benefits
of updating regularly
• 75% said saw update notifications but
over half said needed to see notification
between 2-5 five times before decided
• 25% said do not know how to check if
their software needs updating
20
21. Uses Are Still Confused
• 88% use their home computer for online
banking, stock trading, reviewing personal
medical information, and storing financial
information, health records, and resumes
• 98% agree important to be able to know risk
level of a web site before visiting it (But 64%
admit don’t know how to)
• 92% think that their anti-virus software is up
to date (But only 51% have current anti-virus
software that been updated within last 7
days)
21
22. Users Are Still Confused
• 44% don’t understand firewalls
• 25% have not even heard of the term
“phishing” and only 13% can accurately
define it
• 22% have anti-spyware software
installed, an enabled firewall, and anti-
virus protection that has been updated
within last 7 days
22
23. Why Increase In Attacks
• Speed of attacks
• More sophisticated attacks
• Simplicity of attack tools
• Faster detection weaknesses
• Delays in user patching
• Distributed attacks
• Exploit user ignorance & confusion
23
24. User Confusion
• Confusion over different attacks:
Worm or virus? Adware or
spyware? Rootkit or Trojan?
• Confusion over different defenses:
Antivirus? Firewall? Patches?
• Users asked to make security
decisions and perform technical
procedures
24
25. Think Of a User
• Will you grant permission to
open this port?
• Is it safe to un-quarantine this
attachment?
• May I install this add-in?
25
26. User Misconceptions
• I don’t have anything on my
computer they want
• I have antivirus software so I’m
protected
• The IT Department takes care of
security here at school or work
• My Apple computer is safe
26
27. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
28. Students Want Be Secure
• Surveyed 679 students at both university and
community college
• First day of Introduction to Computers class
• Students had received no instruction about
security in class
• Students had no previous computer courses at
the school
• Asked if specific security items were important
to them
28
35. Students Want Be Secure
• Surveyed 479 students at university
• First day of Introduction to Computers class prior
to any instruction about specific security items were
important to them
•Students also rated themselves regarding their use
and knowledge of technology, personal ownership
of devices, gender, age, and employment status
•Elements were then correlated with student
responses regarding their perceived importance of
the common computer literacy topics in order to
determine if any associations exist
35
36. Students Want Be Secure
•On the basis of gender females significantly more
likely to indicate specific security tasks are
important (scanning for malware, creating backups,
verifying information, using anti-virus software,
securing wireless networks, using spam filters)
•Significant correlations were found between the
use/knowledge of technology and practical security
topics such as creating backups, configuring a web
browser, and creating a strong password
•Ownership of a Windows PC and Apple Mac were
found to be significantly associated with scanning
for malware
36
37. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
38. Security Education In Schools
• Teach comprehensive enterprise
security in CIS security track
• Teach network security to CIS majors
• Teach brief coverage of security
definitions in Introduction to
Computers
• Yet we are leaving out practical
security awareness for all students
38
39. Calls for Vigilance
• “Securing your home computer helps you and
your family, and it also helps your nation . . . by
reducing the risk to our financial system from
theft, and to our nation from having your
computer infected and then used as a tool to
attack other computers”
Janet Napolitano
Department Homeland Security
39
40. Calls for Training
• National Strategy to Secure Cyberspace (NSSC)
document, created by U.S. President’s National
Infrastructure Advisory Council, calls for
comprehensive national security awareness
program to empower all Americans, including
the general population, “to secure their own
parts of cyberspace”
• Department of Homeland Security, through the
NSSC, calls upon home users to help the nation
secure cyberspace “by securing their own
connections to it”
40
41. Calls for Training
• Action and Recommendation 3-4 of NSSC calls upon
colleges and universities to model user awareness
programs and materials
• Colloquium for Information Systems Security Education
(CISSE), International Federation of Information
Processing Working Group 11.8 on Information Security
Education (IFIP WISE), and Workshop on Education in
Computer Security (WECS) all involved in security
training in schools
• Bipartisan Cybersecurity Enhancement Act would fund
more cybersecurity research, awareness and education
(Feb 20 2011)
41
42. Calls for Training
• Researchers state that institutions of higher education (IHEs) should be
responsible for providing security awareness instruction, including Crowley
(2003), Mangus (2002), Null (2004), Tobin and Ware (2005), Valentine
(2005), Werner (2005), and Yang (2001)
• Security instruction and training important not only to meet current demands
of securing systems but also to prepare students for employment in their
respective fields
• Location of security awareness instruction and training in a college
curriculum should not be isolated in upper-level courses for IT majors,
according to Tobin and Ware (2005), Werner (2005), and others
• Instruction should be taught to all graduates as a “security awareness”
course (Valentine, 2005) along with integrating it across through the
curriculum (Yang, 2001)
• Long (1999) advocated that security instruction should begin as early as
kindergarten.
42
43. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
44. Security Education Challenge
• Need educate all students about practical
computer security in all of our courses
• “Users should be as fluent with practical
security as with using Word”
• All our courses all use technology, so
make security a “teaching moment”
• Security Across the Curriculum
45. Objections
• Students don’t care about
security
• I’m not a security expert so I
can’t teach it
• I don’t have time to teach it
45
46. Experts Not Needed
• Attacks are targeting user confusion
and misconceptions
• Need teach basic practical security
skills and not advanced security
topics
• Often security experts get too
carried away with too many details!
46
47. I Don’t Have Time To Teach It
• Is there a skill that is more important and
more useful than practical security?
•We can take the opportunity as topics
arise
•For example, when we ask them to
research using the Internet then spend 10
minutes that day talking about Internet
security
47
48. Cut Right To The Chase
• Things are still bad in security
• Users are still confused about security
• Our students want to learn to be secure
• Schools are not teaching practical security
• We can teach practical security in all our
courses
• Here’s how to teach practical security
49. How To Teach Security
Yes No
Topics Practical steps Learn definitions
Focus End user Enterprise
Emphasis Defense How it works
Device Desktop, laptop Tablet, smartphone
Resistance Tradeoff Impossible
51. Practical Security Topics
Personal Computer Internet Mobile
Passwords Malware Java Wi-Fi risks
Phishing Patches Digital certificates Bluetooth risks
Social networks Anti-virus Hyperlinks Wireless defenses
Firewalls Browser settings Public Wi-Fi
UAC
Backups
52. Password Paradox
• Password paradox – For password to remain secure
it should never be written down but must be
committed to memory.
• Password should also be of a sufficient length and
complexity that an attacker cannot easily determine
• Paradox: although lengthy and complex passwords
should be used and never written down, it is very
difficult to memorize these types of passwords.
• Users have multiple accounts for computers at work,
school, and home, e-mail accounts, banks, online
Internet stores, and each account has its own
password
53. Weak Passwords
• Common word (Eagles)
• Short passwords (ABCDEF)
• Personal information (name of a child or
pet)
• Write password down
• Predictable use of characters
• Not change password
• Reuse same password
55. Password Principles
1. Any password that can be
memorized is a weak
password
2. Any password that is
repeated on multiple
accounts is a weak password
56. Password Management Application
• Use technology instead of our memory for password
management
• Password management application – Allow user to
store username and password, along with other account
details
• Application is itself protected by a single strong
password, and can even require the presence of a file on
a USB flash drive before the program will open
• Allows user to retrieve usernames and passwords
without the need to remember or even type them
• Allows for very strong passwords:
58. Password Management Application
• In-memory protection - Passwords are encrypted while the
application is running to conceal passwords
• Key files - In order to open the password database key file must also
be present
• Lock to user account - The database can be locked so that it can
only be opened by the same person who created it
• Password groupings - User passwords can be arranged as a tree,
so that a group can have subgroups
• Random password generator - A built-in random password
generator can create strong random passwords based on different
settings
63. If You Rely On Memory Only
• Length is more important than complexity -
longisthislongerpassword over u$^#16
• Do not use passwords that consist of dictionary words or phonetic
words
• Do not use birthdays, family member names, pet names, addresses,
or any personal information
• Do not repeat characters (xxx) or use sequences (abc, 123, qwerty)
• Minimum of 12 characters in length or for accounts that require
higher security a minimum of 18 characters is recommended
• Consider using a longer passphrase:
theraininspainfallsmainlyontheplain
• Use nonkeyboard characters
64. Use Nonkeyboard Characters
• Make passwords stronger with special
characters not on keyboard
• Created by holding down ALT key while
simultaneously typing a number on numeric
keypad (but not the numbers across the top of
the keyboard); ALT + 0163 produces £.
• To see a list of all the available non-keyboard
characters click Start and Run and enter
charmap.exe; click on character and the code
ALT + 0xxx will appear in lower-right corner if
can be reproduced in Windows
64
66. Test Passwords
• Online password creators
• Password Security Tester
• How Secure Is My
Password
• Check Your Password
• The Password Meter
66
67. Phishing
• Social engineering - Relies on deceiving someone to obtain secure
information
• Phishing - Common form of social engineering is sending an e-mail
or displaying a Web announcement that falsely claims to be from a
legitimate enterprise in an attempt to trick the user into surrendering
private information
• User asked respond to an e-mail or is directed to a Web site where
instructed to update personal information, such as passwords, credit
card numbers, Social Security numbers, bank account numbers, or
other information for which the legitimate organization already has a
record
• However, Web site is actually a fake and is set up to steal the user’s
information
69. Social Networking Attacks
• Grouping individuals and organizations into clusters or
groups based on affiliation called social networking
• Web sites that facilitate linking individuals with common
interests like hobbies, religion, politics, or school
contacts are called social networking sites and
function as an online community of users
• User who is granted access to a social networking site
can read the profile pages of other members and interact
with them
• Social networking sites increasingly becoming prime
targets of attacks
70. Social Network Defenses
• Consider carefully who is accepted as a friend – Once
person has been accepted as friend that person will be
able to access any personal information or photographs
• Show "limited friends" a reduced version of your profile
- Individuals can be designated “limited friends” who
only have access to a smaller version of the user’s
profile
• Disable options and then reopen them only as
necessary - Disable options until it becomes apparent
that option is needed, instead of making everything
accessible and restricting access later after it is too late
73. Personal Firewall
• Two-way personal software firewall -
Inspects network traffic passing through it
and denies/permits passage based on rules
• Firewall restricts what can come in and go
out of your computer across the network
– Stops bad stuff from coming in
– Stops a compromised computer from infecting
other computers on network
• Application-aware firewall allows user to
specify which desktop applications can
connect to the network
73
81. User Account Control (UAC)
• User attempts to perform task that
requires administrative access then
prompted for approval or administrator
password if standard user
• Displays authentication dialog box
must be answered before continuing
– Administrators - Click Continue or
Cancel
– Standard users - Enter admin
password
84. Does Wireless Security Matter?
• Get into any folder set with file
sharing enabled
• See wireless transmissions
• Access network behind firewall
can inject malware
• Download harmful content linked
to unsuspecting owner
85. Does Wireless Security Matter?
• Barry A. get even with neighbors
• Broke WiFi WEP encryption
• Created fictitious MySpace page
with the husband's name on it and
posted picture of child
pornography
• Included note that husband was a
lawyer and could get away "doing
anything“
86. Does Wireless Security Matter?
• Barry e-mailed the same
pornography to the husband's co-
workers
• Sent flirtatious e-mail to women in
the husband's office
• Sent threatening e-mails to the Vice
President of U.S. from husband's
Yahoo account saying he was a
terrorist and would kill the VP
87. Does Wireless Security Matter?
• Husband’s law office hired forensics
investigator installed a protocol
analyzer
• In data surrounding threatening VP
e-mail was Barry's name and
account information
• FBI searched Barry's house, found
evidence also done the same to a
previous neighbor
88. Does Wireless Security Matter?
• Offered 2-year sentence but turned it
down, so prosecutors piled on more
charges
• Pled guilty and sentenced to 18
years in prison and to forfeit his
house
• Defense was he sharing a jail cell
with a double-murderer who was
"terrorizing" him
90. 2. Turn on WPA2
• On wireless router set WPA2 Personal
• WPA2 Personal security option, which
may be labeled as WPA2-PSK [AES], is
turned on by clicking the appropriate
option button
• A key value, sometimes called a
preshared key (PSK), WPA2 shared
key, or passphrase, must be entered;
this key value can be from 8 to 63
characters in length
90
92. 2. Turn on WPA2
• After turning on WPA2 Personal on
wireless router and entering a key
value, the same key value must also be
entered on each mobile device that has
permission to access the Wi-Fi network
• A mobile device that attempts to access
a wireless network with WPA2 Personal
will automatically ask for the key value
• Once the key value is entered, the
mobile device can retain the value and
does need to ask for it again
92
94. 4. Disable Bluetooth
• When using a smartphone or tablet that
supports Bluetooth, it is advisable to
disable Bluetooth and turn on this service
only as necessary
• Bluetooth devices should be turned off
when not being used or when in a room
with unknown people
• Another option is to set Bluetooth on the
device as undiscoverable, which keeps
Bluetooth turned on in a state where it
cannot be detected by another device
94
95. Student Comments
• As for the material presented in this class, it is great. I
have found all the hands on projects to be very useful. I
would recommend this class to all students. Very useful!
• I have to say that I was dreading this course because I am
definitely not a "techie", but I have been surprised by how
much I have enjoyed it so far. I love the hands on projects!
• Your class is interesting, informative, and would help
anyone learn about what threats are out there, and what
needs to be done to secure their system.
• I'm actually having an awesome time with this class. It's
kind of making me question switching my major to
something more involved in the field of computer
technology.
96. New Approaches
• “Security Across the Curriculum”
• Adding practical security to Introduction to
Computers course
• Content added to freshman orientation course
• Substitute practical security course for advanced
Office applications course
• Adding 1 hour ethics & practical security course
98. Security Awareness 4e
• Security Awareness: Applying Practical Security
in Your World, 4e
• Published December 2012
• Basic introduction to practical computer security
for all users, from students to home users to
business professionals
Smartphones, social media, downloading MP3 music files, watching movies on tablet computers—these are the types of activities that are students are constantly engaged in. However, these are the same activities that attackers are targeting today. Yet very few of our students know how to protect themselves from these targeted attacks. In this presentation we will look at practical security instruction that can be added to any computer course in order to help our students stay secure.