hiroshima university information security & compliance 2017
Post on 23-Jan-2018
2.125 Views
Preview:
TRANSCRIPT
Information Security& Compliance2017
Introduction
Aims of the Information Security & Compliance Course:• Revise your knowledge of information security• Enhance your knowledge with the latest
in information securityThis lecture is divided into three sections:
1. Recent threats to information security2. Important routine measures3. Additional good behaviors
2
Improving your knowledge of information security
3
1.Recent threats to information security
• Phishing scams• Virus infections• Unauthorized access
Risks of phishing scams
The damage caused by phishing scams that make unauthorized use of Internet banking and credit card information is increasing.
4
1. Deceptive emails
2. Entering ID, password, credit card, and account details
Phishing site
3. Collecting information
4. Malicious use of obtained information
Genuine site
Check your transaction statements for signs of improper use.
How to identify suspicious emails: Point (1)
5
Email address is suspicious.Strange domain ending in “ru”
Attached file name is suspicious.
This is a real email which we have received.
If an email seems suspicious, it can be helpful to do a web search.
How to identify suspicious emails: Point (2)
6
Email address is suspiciously long
URL is suspicious.“http” instead of “https”
This is a real email which we have received.
Check URL before inadvertently clicking.
Example of clever phishing site
Many recent phishing sites look exactly like genuine sites.Never open links in suspicious emails.
7
It’s difficult to tell if a site is fake!
Countermeasures and Behaviors against phishing scams
8
Check that your devices are not used without your knowledge.
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Countermeasures Behaviors
Keep informed of the latest threats and attack methods.
Don’t click inadvertently on file attachments or URLs.
Risks of virus infections
The damage caused by ransomware has grown markedly since 2015.What is “ransomware”?
9
An infected PC or files on the PC are encrypted to make them unusable.
à You are asked to pay a “ransom” to regain access to your PC or files.
Files are encrypted, so they cannot be used!
Examples of ransomware
10
Infection screen of“CryptoLocker”
Infection screen of“AndroidOS_Locker”
Online banking information was also stolen!
Nonexistent organization, “National Security Department”
If you are infected by ransomware
• Never pay a ransom.• Disconnect from the network.• Reinitialize the PC, then restore from a
backup.
11
restore
Make regular backups in case this ever happens!
Virus infection routes
12
Phishing emails
Browsing web sites and Clicking on banner ads
USB flash drives
Downloaded programs
Countermeasures and Behaviors against virus infections
13
Don’t click inadvertently on file attachments or URLs.
Do not install suspicious applications.
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Make regular backups.
Countermeasures Behaviors
Keep informed of the latest threats and attack methods.
Damage due to unauthorized access
14
Sending spam emails
Hijacking of social media accounts
Data leaksModifying web sites
Unauthorized access is access to computers and systems from a network by someone not intended to have access privileges
Viewing,modifying, and deleting files
Viewing, modifying, and deleting emails
Things that increase the risk of unauthorized access
15
Continuing to use old versions of OS and applications
Using easy-to-guess passwords
Repeatedly using the same passwordConnecting to
suspicious free public Wi-Fi networks
Entering personal information on sites with URLs not beginning with “https”
Leaving old accounts active
Letting someone else use your smartphone
Not checking the usage status of your services
Countermeasures and Behaviors against unauthorized access
16
Don’t click inadvertently on file attachments or URLs.
Use only secure communications channels.
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Keep informed of the latest threats and attack methods.
Countermeasures Behaviors
Take care not to lose your PC or smartphone, or have it stolen.
17
2. Important routine measures
• Antivirus software• Updating software• Strong passwords• Regular backups• Knowing the latest threats and attack methods
Antivirus software
New computer viruses are discovered every day.Set your antivirus software to update automatically!
18
It is not possible to protect against unknown viruses…
The virus definition list of your antivirus software needs to be updated.
Updating software
• Set the “automatic updates” option!• Update your OS as well as your applications!
19
Always use the latest version!
Strong passwords
The common password for your Hiroshima University ID and accounts should– Be at least 8 characters long– Include numerals, symbols, and both
upper and lowercase letters– Not be an easy-to-guess character
string
20
It is dangerous to repeatedly use the
same password!
Regular backups
21
Make sure to back up regularly in case your PC malfunctions or gets infected by a virus.※ You can use OneDrive for Business (1TB) free of charge for your data and OS backups.
You can access OneDrive from the list of Office 365 applications.
Knowing the latest threats and attack methods
Make the effort to keep informed about the latest security threats.
22
http://www.ipa.go.jp/security/kokokara/study/international.html
23
3. Additional good behaviors
• Do not attach files to emails• Use multi-factor authentication• Share information with people
you know• Report problems immediately• Other precautions
Do not attach files to emails
24
Virus infections caused by opening a file attachment are increasingly common.When exchanging files, avoid email file attachments as far as possible. Instead, place the file in the cloud and send a link to the file in the email.
To: Taro Hirodai,From: Momiji Saijo
I uploaded the created file to ownCloud. Please check it.Folder name: Work FolderFile name: 20170401ver1.docx
Use the cloud to exchange files
25
<For people without a university account>Check “Share with URL.”Share by sending the URL to the recipient.
<For people with a university account>Share by specifying an account
ownCloud can be used free of charge at Hiroshima University.http://www.media.hiroshima-u.ac.jp/services/fileshare
Files are automatically deleted after one month, so the service is suited only for temporary file exchanges.
Use multi-factor authentication
To enhance security, multi-factor authentication can be used with Office 365 at Hiroshima University.
26
When using a smartphone mobile app,Log in with account@hiroshima-u.ac.jp + password + smartphone* Authentication is also possible with an SMS or telephone call.
I got hold of an ID and password! Let me try and log in now!
What’s this…?It’s asking me for authentication to log in…I wonder why. I’ll refuse. What the hell?
I can’t log in…
Something doesn’t seem right. I better change my password.
Share information with people you know
27
Actively exchange information with family and friends.
Helping the people around you understand security will help protect you all from harm.
PC starts sending spam emails.
unauthorized access
Data leaks
virus infections
Symptoms that indicate a security incident
28
PC starts suddenly malfunctioning.
Nothing happens when clicking on an email file attachment.
Virus detection window appears.
It suddenly becomes impossible to open folder or file.
Promptly reporting security incidents
29
This handy card lists emergency contacts and precautions.The cards are distributed free of charge by the Media Center. Carry one with you, together with your student/staff ID!
E-mail: sec-kikou@ml.hiroshima-u.ac.jp TEL: 082-424-6082,080-1906-2982
When you find an incident,
http://www.hiroshima-u.ac.jp/en
Contact your affiliated faculty / graduate school or CSIRT, immediately!
Information Security Quick Guide
・ My web site seems to be tampered.・ My laptop was stolen.・ Suddenly my file has become inaccessible.・ I lost my USB memory containing personal information.・ I received a complaint saying “I received a junk e-mail from your address”.
Computer Security Incident Response Team (CSIRT)
Knowing emergency contacts at all times is a useful security measure .
Other precautions (1)
30
Use of file sharing software is prohibited at Hiroshima University!
Always encrypt sensitive information when you carry it around.Be careful not to lose or misplace your devices!
Never leave your bag unattended!
Let's encrypt
Other precautions (2)
31
When using social media, take care not to post inappropriate content or leak sensitive information!
Using public Wi-Fi networks puts you at risk of unauthorized access!Avoid using them as far as possible!
Free Wi-Fi
Countermeasures and behaviors
32
Many things have been explained, but fundamentally, you can protect yourself against security breaches by practicing “5 countermeasures” and “5 behaviors”.
5 countermeasures
5 behaviors
5 countermeasures
33
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Make regular backups.
Keep informed of the latest threats and attack methods.
5 behaviors
34
Don’t click inadvertently on file attachments or URLs.
Do not install suspicious applications.
Check that your devices are not used without your knowledge.
Use only secure communications channels.
Take care not to lose your PC or smartphone, or have it stolen.
Conclusion
We are at the end of this online workshop.After this, you must take an evaluation test.16 correct answers out of 20 questions is a pass.
If you pass the evaluation test make sure to• 1st year: Check that your account is working.• 2nd and later years: Update your account for the
current year
35
Reference documents and materials
• “Top 10 Threats to Information Security 2017,” IPAhttps://www.ipa.go.jp/security/vuln/10threats2017.htm
• Trendmicrohttp://www.trendmicro.co.jp/jp/security-intelligence/threat-solution/ransomware/http://blog.trendmicro.co.jp/archives/13041
Materials• Human Pictogram2.0
http://pictogram2.com/• FLAT ICON DESIGN
http://flat-icon-design.com/• ICOOON MONO
http://icooon-mono.com/36
37
Issued in April, 2017Information Media Center, Hiroshima University
Attribution 4.0 International
top related