idb capital limited

8/6/2019 IDB Capital Limited

1/20

COMPUTER,INFORMATIONAND NETWORK SECURITY


2/20


3/20

SECURITY THREATS

A computer virus is a program written to alter the way a computer operates, without the permission

or knowledge of the user. A virus replicates and executes itself, usually doing damage to your

computer in the process

Computer Virus and Worms

Is any program that monitors your online activities or installs programs without your consent for

profit or to capture personal information

Spyware

Hackers are programmers who victimize others for their own gain by breaking into computer systems

to steal, change or destroy information as a form of cyber-terrorism.

Hackers

Masquerading as a trustworthy person or business, phishers attempt to steal sensitive financial or

personal information through fraudulent email or instant messages.

Phishing


4/20

Prevention Measures.

Use of Computer and Internetsecurity softwares.e.g antivirus

Using Firewalls.

Passwords and data encryption.

|4


5/20

Never use a computer which has no antivirus installed.

Always run the Company standard, supported anti-virussoftware . Download and run the current version;

download and install anti-virus software updates as theybecome available.

Never download files from unknown or suspicioussources.

Back-up critical data and system configurations on aregular basis and store the data in a safe place.

ANTIVIRUSGUIDELINES


6/20

Antivirus guidelines (contd...)

6

New viruses are discovered almost every day.

Periodically check the antivirus update databaseandprocesses list for updates.

Always scan a removable disks from an unknown sourcefor viruses before using it.

Never download files from unknown or suspicioussources.

Periodically scan your computer fully for viruses, worms,Trojan horses e.t.c


7/20

FIREWALLSDefinition:

Is a device or set of devices designed to permit

or deny network transmissions based upona set of rules and is frequently used toprotect networks from unauthorized accesswhile permitting legitimate

communications to pass.

7


8/20

Firewalls (contd)Basic example:


9/20

F

irewalls (contd)Windows security centre


10/20

PASSWORDS POLICY

The purpose of this policy is to establish a standard forcreation of strong passwords, the protection of thosepasswords, and the frequency of change.

General:All user-level passwords (e.g., email, web, desktop computer,

etc.) must be changed at least every six months.


11/20

GeneralPassword ConstructionGuidelines

Strong passwords have the following characteristics:

Contain at least three of the five following character classes:

Lower case characters

Upper case characters

Numbers

Punctuation

Special characters (e.g. @#$%^&*()_+|~-=\`{}[]:";'/ etc)

Contain at least fifteen alphanumeric characters.

Passwords (contd)


12/20

Weak passwords :

The password contains less than fifteen characters

The password is a word found in a dictionary (English or foreign)

The password is a common usage word such as:

Names of, friends, co-workers, etc. family, pets

Computer terms and names, commands, sites, companies, hardware,software.

The words "", safaricom", safcom" or any derivation.

Birthdays and other personal information such as addresses and phonenumbers.

Passwords (contd)


13/20

Passwords (contd)Password ProtectionStandards:

Always use different passwords for different accounts (e.g.,

email, facebook, bank ATM, phone, etc.).

Do not share company passwords with anyone, includingadministrative assistants or secretaries. All passwords are tobe treated as sensitive, confidential company information.

Do not hint at the format of a password (e.g., "my family

name")

Always decline the use of the "Remember Password" featureof applications (e.g., Firefox, Outlook, internet explorer).


14/20

E-MAIL POLICYPurpose:

To prevent tarnishing the public image of a company.When email goes out from a company the general

public will tend to view that message as an officialpolicy statement from the company.

Caution:

NEVER open any files or macros attached to an emailfrom an unknown, suspicious or untrustworthy source.Delete these attachments immediately, then "double

delete" them by emptying your Trash.

14


15/20

E-mails (contd)

Delete spam, chain, and other junk email without

forwarding, in with company'sA

cceptableU

se Policy.

Never download files from unknown or suspicious

sources.


16/20

Using secure networks and wirelessconnections.

Disabling and/or deleting browsercookies and avoiding the rememberpassword on this site and rememberme features.

Use of proxy servers.

Other Security measures


17/20

HOME PC SECURITY Install and Use Anti-Virus Programs

Use Care When Reading Email with Attachments

Install and Use a Firewall Program

Make Backups of Important Files and Folders

Use Strong Passwords

Use Care When Downloading and Installing Programs

Install and Use a Hardware or software Firewall

Install and Use a File Encryption Program and Access

Controls


18/20

SECURITY RISKS FOR MOBILE

DEVICES


19/20

ENHANCING COMPUTER

SECURITYOWASP

-Web Application

S

ecurity Project- is an open-source application security

project.

OP

EN SOURCE/LINUX

- Guaranteed security/no using antivirus e.t.c


20/20

Q & A

page 20

THANK YOU

idb capital limited

Documents