EPISODE I USE THE FORCE SENSITIVE INFORMATION IS

  • Slides: 27
Download presentation
EPISODE I: USE THE FORCE SENSITIVE INFORMATION IS POURING THROUGH THE FLOODGATES WHICH SIDE

EPISODE I: USE THE FORCE SENSITIVE INFORMATION IS POURING THROUGH THE FLOODGATES WHICH SIDE OF THE FORCE WILL YOU USE?

FROM A CAMPUS. . . NOT SO FAR AWAY Forrest H. Swick Information Security

FROM A CAMPUS. . . NOT SO FAR AWAY Forrest H. Swick Information Security University of Northern Colorado

EPISODE I: USE THE FORCE THE GALACTIC REPUBLIC – WITH TODAY’S BYOD ENVIRONMENT –

EPISODE I: USE THE FORCE THE GALACTIC REPUBLIC – WITH TODAY’S BYOD ENVIRONMENT – EVERYONE CARRIES A PERSONAL • SMARTPHONE OR 2 • TABLETS • LAPTOPS • BLUETOOTH LIGHTSABERS • THUMBDRIVES

EPISODE I: USE THE FORCE – AND THEY DEMAND! – SEAMLESS. . . EASY

EPISODE I: USE THE FORCE – AND THEY DEMAND! – SEAMLESS. . . EASY CONNECTIVITY – TO THE CAMPUS NETWORK • FOR EMAIL • REPORT ACCESS • PRINTING • APPOINTMENT UPDATES • BASICALLY. . . THEY NEED TO DO THEIR JOBS? • AND OF COURSE WOOKIELEAKS…EPISODE IV – WHICH BRINGS US TO. . .

EPISODE I: USE THE FORCE THE PLANET OF NABOO – SENSITIVE INFORMATION IS AT

EPISODE I: USE THE FORCE THE PLANET OF NABOO – SENSITIVE INFORMATION IS AT RISK – OUR SUPREME CHANCELLORS • HAVE INFORMATION SECURITY NEEDS • THEY KNOW THE RESPONSIBILITY LIES WITHIN • AND NOT JUST ON INFORMATION SECURITY • DON’T HAVE JEDI KNIGHTS TO DISPATCH • DUE TO THEM BEING SITH

EPISODE I: USE THE FORCE THERE IS NO PADAWAN (APPRENTICE) – YET WE CAN

EPISODE I: USE THE FORCE THERE IS NO PADAWAN (APPRENTICE) – YET WE CAN • CLASSIFY DATA • DEVELOP GUIDELINES • CREATE DATA HANDLING PROCEDURES • HAVE EFFECTIVE AWARENESS TRAINING – POLICIES ARE EVEN MORE CRITICAL! • WE KNOW DARTH SIDIOUS IS BEHIND EVERY RISK

EPISODE I: USE THE FORCE JAR BINKS KNOWS – MOBILE DEVICES ARE • EASILY

EPISODE I: USE THE FORCE JAR BINKS KNOWS – MOBILE DEVICES ARE • EASILY LOST • THE TOP TARGET OF THIEVES – THE DEFAULT SETTINGS • NO PASSWORD • NO PIN • NO PATTERN LOCK

EPISODE I: USE THE FORCE WITH THE BATTLE OF THE DROIDS – MOBILE DEVICES

EPISODE I: USE THE FORCE WITH THE BATTLE OF THE DROIDS – MOBILE DEVICES HAVE • OVER 8 GB OF FREE SPACE • INSECURE COMMUNICATIONS • INFLATED APP PERMISSIONS • IMPROPER APP SECURITY CONTROLS – YET MANAGEMENT WANTS • CAMPUS EMAIL ACCESS • CLOUD APPLICATIONS AND ACCESS TO DATA • IT FEELS AS IF EVERYONE FAVORS FUNCTIONALITY SECURITY

EPISODE I: USE THE FORCE EVEN QUEEN AMIDALA – CANT AFFORD TECHNOLOGIES • TO

EPISODE I: USE THE FORCE EVEN QUEEN AMIDALA – CANT AFFORD TECHNOLOGIES • TO SEE ALL THE RISKS • TO STOP EVERY THREAT – HER PERSONAL JEDI CANT • STOP MOBILE DEVICE COMMUNICATION • STOP CELLULAR PROVIDERS NETWORKS COVERAGE – WHO CAN AFFORD ENOUGH SECURITY INFRASTRUCTURE?

EPISODE I: USE THE FORCE ANAKIN SKYWALKERS OWN DROID – C 3 PO –

EPISODE I: USE THE FORCE ANAKIN SKYWALKERS OWN DROID – C 3 PO – WAS BUILT FOR PROTOCOLS • TO DEVELOP GUIDELINES • TO CREATE POLICIES • TO CREATE PROCEDURES • TO CLASSIFY DATA • TO BUILD AN INFORMATION SECURITY PROGRAM – YET – WHAT IS MISSING?

EPISODE I: USE THE FORCE WIN A PODRACING TOURNAMENT? – THIS WONT FREE YOU

EPISODE I: USE THE FORCE WIN A PODRACING TOURNAMENT? – THIS WONT FREE YOU FROM • COMPLIANCE REQUIREMENTS • LEARNING ABOUT DARTH MAUL RISKS • UNDERSTANDING SECURITY LITERACY • NEEDING TO LEARN AWARENESS MINDTRICKS – WHO IS THE CHOSEN ONE IN SECURITY?

EPISODE I: USE THE FORCE Padmé IS THE REAL QUEEN – WHICH MAKES AWARENESS

EPISODE I: USE THE FORCE Padmé IS THE REAL QUEEN – WHICH MAKES AWARENESS THE KEY* • ON HOW TO CLASSIFY DATA • ABOUT CAMPUS GUIDELINES • ABOUT ESTABLISHED POLICIES • ABOUT PROCEDURES • ABOUT YOUR CAMPUS INFOSEC TEAM – THIS IS THE JEDI MINDTRICK! *sorry Charlie Miller. . .

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – SUBTLY MAKE CAMPUS AWARE •

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – SUBTLY MAKE CAMPUS AWARE • OF WHERE TO LOOK TO CLASSIFY DATA • OF YOUR CAMPUS GUIDELINES • OF YOUR ESTABLISHED POLICIES • OF YOUR PROCEDURES • OF HOW TO SELF IDENTIFY RISKS – IT IS AS SIMPLE AS • “THESE ARE NOT THE DROIDS YOU ARE LOOKING FOR”

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – IT IS NOT A LIGHTSABER

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – IT IS NOT A LIGHTSABER DUAL – DON’T TEACH SECURITY LITERACY • WHAT IS A PHISHING ATTACK? – DO TEACH SECURITY AWARENESS • HOW TO SPOT A PHISHING ATTACK!

EPISODE I: USE THE FORCE http: //www. unco. edu/cybersecurity/faculty/Phishing. html - GENERIC EMAIL GREETING:

EPISODE I: USE THE FORCE http: //www. unco. edu/cybersecurity/faculty/Phishing. html - GENERIC EMAIL GREETING: - A typical phishing email will have a generic greeting, such as “Dear User. ” - FALSE SENSE OF URGENCY - “Your account will be disabled if it’s not updated within three (3) business days!” - DECEPTIVE URL - http: //signin. paypal. com@10. 19. 2. 4/

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – DON’T. . . PUNISH BAD

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – DON’T. . . PUNISH BAD BEHAVIOR – DO. . . REWARD GOOD BEHAVIOR • IT SECURITY HERO OF THE WEEK AWARDS

EPISODE I: USE THE FORCE

EPISODE I: USE THE FORCE

EPISODE I: USE THE FORCE

EPISODE I: USE THE FORCE

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – DON’T. . . TELL THEM

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – DON’T. . . TELL THEM HOW TO BE SECURE – DO. . . SHOW THEM HOW TO: • HELP OTHERS • HELP THEIR KIDS STAY SECURE ONLINE • HELP THEIR PARENTS SHOP SECURELY • HELP THEIR ELDERLY NEIGHBORS – MAKE OTHERS YOUR APPRENTICE

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – GET INVOLVED WITH CAMPUS EVENTS

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – GET INVOLVED WITH CAMPUS EVENTS • FALL STUDENT INVOLVEMENT FAIR (AUG) • HEALTH AND SAFETY FESTIVAL (SEPT) • NATIONAL CYBER SECURITY AWARENESS MONTH (OCT) • NATIONAL DATA PRIVACY DAY (JAN) • NATIONAL DATA PRIVACY MONTH (FEB) • EARTH DAY – INFOSEC SHREDFEST (APR) • STAR WARS DAY – MAY 4 TH

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – AWARENESS ACTIVITIES • GUEST SPEAKERS

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – AWARENESS ACTIVITIES • GUEST SPEAKERS IN CAMPUS CLASSROOM • BE AVAILABLE FOR FACULTY/STAFF TRAINING • CREATE POSTCARDS/TABLE TENTS/GIVEAWAYS • TARGETED MESSAGES (BLACK FRIDAY, TAX TIME TIPS) • PUBLIC SPEAKING FOR GROUPS / CONFERENCES

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – HOST THE DEPARTMENTAL COFFEE CLUB

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – HOST THE DEPARTMENTAL COFFEE CLUB • KEEP A HOT COFFEE POT ON – GIVE OTHERS A REASON TO VISIT INFOSEC • INFOSEC HAS A TENDANCY TO ISOLATE ITSELF – BE AVAILABLE

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – USE THE EDUCAUSE RESOURCES! •

EPISODE I: USE THE FORCE AWARENESS…THE JEDI MINDTRICK – USE THE EDUCAUSE RESOURCES! • 2014 INFOSEC SECURITY GUIDES • NETWORK WITH OTHER INFOSEC TEAMS IN YOUR AREA • EDUCAUSE SECURITY LISTSERV • JOIN REN-ISAC – USE ALL THE TOOLS AVAILABLE TO YOU

EPISODE I: USE THE FORCE BE A SECURITY JEDI KNIGHT – DEVELOP RELATIONSHIPS WITH

EPISODE I: USE THE FORCE BE A SECURITY JEDI KNIGHT – DEVELOP RELATIONSHIPS WITH • DATA STEWARDS OUTSIDE OF IT • THE REGISTRAR’S OFFICE • HUMAN RESOURCES • INSTITUTIONAL RESEARCH BOARD • RESEARCHERS

EPISODE I: USE THE FORCE BE A SECURITY JEDI KNIGHT – WORK WITH YOUR

EPISODE I: USE THE FORCE BE A SECURITY JEDI KNIGHT – WORK WITH YOUR LEADERSHIP • TO CREATE EFFECT POLICIES • TO CREATE EFFECT PROCEDURES • TO ESTABLISH RULES TO CLASSIFY DATA • TO BUILD AN INFORMATION SECURITY PROGRAM • TO ADVOCATE AWARENESS – WITHOUT CAMPUS INFOSEC AWARENESS • YOUR DATA WILL FALL TO THE DARK SIDE

EPISODE I: USE THE FORCE “FOR MY ALLY IS THE FORCE, AND A POWERFUL

EPISODE I: USE THE FORCE “FOR MY ALLY IS THE FORCE, AND A POWERFUL ALLY IT IS. ” -YODA AWARENESS IS YOUR ALLY, AND A POWERFUL ALLY IT IS. *All copyrighted materials owned by the respective owners where applicable.

FROM A CAMPUS. . . NOT SO FAR AWAY Q&A! THANK YOU! Forrest H.

FROM A CAMPUS. . . NOT SO FAR AWAY Q&A! THANK YOU! Forrest H. Swick Information Security University of Northern Colorado forrest. swick@unco. edu

FORCE AND PRESSURE FORCE Force Force is aFORCE AND PRESSURE FORCE Force Force is a
Oedipus Rex EPISODE 3 Episode 3 Summary ofOedipus Rex EPISODE 3 Episode 3 Summary of
Episode 1 Episode 1 sets up the premiseEpisode 1 Episode 1 sets up the premise
SENSITIVE MINOR EQUIPMENT SENSITIVE MINOR EQUIPMENT Fiscal PolicySENSITIVE MINOR EQUIPMENT SENSITIVE MINOR EQUIPMENT Fiscal Policy
Modul 8 Pepsodent Sensitive Expert Serum PEPSODENT SENSITIVEModul 8 Pepsodent Sensitive Expert Serum PEPSODENT SENSITIVE
Conducting Research on Sensitive Issues Svetlana Stephenson SensitiveConducting Research on Sensitive Issues Svetlana Stephenson Sensitive
Security Sensitive Research Guidance and procedures SECURITY SENSITIVESecurity Sensitive Research Guidance and procedures SECURITY SENSITIVE
Cost Effective Sensitive Data Discovery at Scale SensitiveCost Effective Sensitive Data Discovery at Scale Sensitive
System sensitive leadership Armour and Browning System sensitiveSystem sensitive leadership Armour and Browning System sensitive
C VID SENSITIVE MESSAGES COVID SENSITIVE CARING CHILDRENC VID SENSITIVE MESSAGES COVID SENSITIVE CARING CHILDREN
AIR FORCE ASSOCIATION THE FORCE BEHIND THE FORCEAIR FORCE ASSOCIATION THE FORCE BEHIND THE FORCE
AIR FORCE ASSOCIATION THE FORCE BEHIND THE FORCEAIR FORCE ASSOCIATION THE FORCE BEHIND THE FORCE
Force and Motion Force and Motion A forceForce and Motion Force and Motion A force
CHAPTER 4 PPT FORCE MOTION FORCE Force isCHAPTER 4 PPT FORCE MOTION FORCE Force is
Force An example of Force is weight ForceForce An example of Force is weight Force
Algoritma Brute Force Definisi Brute Force Brute forceAlgoritma Brute Force Definisi Brute Force Brute force
Algoritma Brute Force Definisi Brute Force Brute forceAlgoritma Brute Force Definisi Brute Force Brute force
Normal Force and Friction Force Normal Force isNormal Force and Friction Force Normal Force is
Forces air resistance force contact force noncontact forceForces air resistance force contact force noncontact force
Electrostatic Force Electrostatic Force Electrostatic Force is theElectrostatic Force Electrostatic Force Electrostatic Force is the
FORCE Technology FORCE Technology brief info n FORCEFORCE Technology FORCE Technology brief info n FORCE
Force Notes Force A force is a pushForce Notes Force A force is a push
Forces Force and Net Force Force is aForces Force and Net Force Force is a
Force Magnitude Tension Elastic Force Gravity Normal ForceForce Magnitude Tension Elastic Force Gravity Normal Force