More Related Content
Similar to How to Secure Your Organisation Data
Similar to How to Secure Your Organisation Data (20)
More from Phannarith Ou, G-CISO
More from Phannarith Ou, G-CISO (20)
How to Secure Your Organisation Data
- 4. ConIidentiality"–"of"the"information"
Confiden'ality- Information"on"the"company"or"organization"
should"never"be"accessible"to"users"without"
permission"
"
Integrity"–"of"application"and"information"
Accuracy"and"completeness"of"information"
are"preserved"
"
Availability- Integrity- Availability"–"of"the"system"
Information"is"accessible"by"authorized"users"
when"required"
. - : @ . ! 4"
- 5. Why"Information"Security"is"important?""
Protecting"computer"system"or"its"user"from"threats"that"
may"occur""
Threats"and"Damage"will"differ"depending"on"computer"
system’s"characteristic""
Protecting"the"system"and"its"users"from"threat"and"
minimize"damage"
. - : @ . ! 5"
- 7. Information$
Threats$ Assets$
Something"that"can"potentially" Information"stored"in"any"
cause"damage"to"information"" Countermeasure$ manner"which"recognized"as"
assets" ‘valuable’"to"the"organization""
Vulnerability$
A"Weakness"in"the"
organization,"computer"
system"or"network"that"can"
be"exploited"by"threat"
. - : @ . ! 7"
- 8. Information$
Threats$ Assets$
Something"that"can"potentially" Information"stored"in"any"
cause"damage"to"information"" Countermeasure$ manner"which"recognized"as"
assets" ‘valuable’"to"the"organization""
Vulnerability$
If"vulnerability"exist,"threats"
can"attack"your"information"
assets"
. - : @ . ! 8"
- 9. Information$
Threats$ Assets$
Something"that"can"potentially" Information"stored"in"any"
cause"damage"to"information"" Countermeasure$ manner"which"recognized"as"
assets" ‘valuable’"to"the"organization""
Vulnerability$is$Hixed$
Information"assets"can"be"
kept"secure,"even"if"threats"
exist."
. - : @ . ! 9"
- 12. Physical&&
The"most"
difIicult"
part"to"
handle" Secure& Hardware&
Human&& Your& &&
So6ware&
Data&
Policy&&&
Standard&
. - : @ . ! 12"
- 15. • Infect"object"on"the"disk""
• Travel"autonomously"from"PC"to"PC"
• Trigger"by"individual"action"such"as"Open"
email"attachment"
• Spread"automatically"
• Install"itself"into"the"PC"and"looking"other"
PCs"to"infect"
• Email"worm"need"individual"action"to"spread"
• Network"worm"spread"without"the"need"for"
human"interaction"
. - : @ . ! 15"
- 16. • Install"silently"in"the"PC"by"Email"
attachment,"visit"infected"website,"…etc."
• PC"work"normally"without"any"consent"
from"the"users"
• They"don’t"selfareplicate,"but"relies"on"
connectivity"provided"by"the"Internet"
• There"are"many"kinds"of"Trojans:"
• Backdoor"Trojans"
• Keyalogger"Trojans"
• Banking"Trojans"
. - : @ . ! 16"
- 17. Can-done-anything:-Sending-Spam,-
Before"
Collec'ng-confiden'al-data,-stealing-
password,-etc.-and-espcially-connect-PC-
with-PC-to-create-an-infected-network-
(BOTNET).--
Virus" Worm" Trojans"
Now"–"Hybrid"Malware"
Virus& Worm&
Trojans&
. - : @ . ! 17"
- 19. • How"often"do"you"change"your"password?"
• Do"you"use"your"name,"telephone,"date"of"birth,"
as"your"password?"
• Do"you"use"the"same"password"for"every"
services?"
• Do"you"share"your"password"with"anybody?"
. - : @ . ! 19"
- 20. Easily"Guessed"Password"
• No"Password"is"set"
• Password"same"as"the"account"name"
Dictionary"Attack"
• Prepared"words"that"the"user"is"likely"to"use"as"
passwords"in"a"dictionary"Iile"and"attempt"to"Iind"
matching"password"
Brute"Force"Attack"
• This"is"simple"method"to"try"all"possible"combinations"as"
passwords"
• It"take"huge"amount"of"time,"although,"theoretically,"it"
can"break"any"password"without"fail"
. - : @ . ! 20"
- 21. Which"password"below"is"your"password?"
Top$25$Popular$Password$in$2011$
1."password" "2."123456 "3."12345678 "4."qwerty"
5."abc123 "6."monkey "7."1234567 "8."letmein"
9."trustno1 "10."dragon "11."baseball "12."111111"
13."Iloveyou "14."master "15."sunshine "16."ashley"
17."bailey "18."passw0rd"19."shadow "20."123123"
21."654321 "22."superman"23."qazwsx "24."michael"
25."football"
. - : @ . ! 21"