SlideShare a Scribd company logo

Security

Download as PPTX, PDF
Scott Studham
Scott Studham

This document summarizes a presentation on computer security and cybersecurity. It discusses what hackers want, including personal information, credentials, financial information, and computing resources. It covers social engineering techniques like phishing emails and spear phishing. It emphasizes the importance of online reputation management and provides tips for protecting yourself such as using strong passwords, not clicking links in emails, using protection software, and keeping software updated. The overall message is the importance of cybersecurity awareness and practicing good cyber hygiene.

Technology
1 of 66
R. Scott Studham Chief Information Officer Computer Security
Agenda Ethics CyberSecurity What do hackers want? Social Engineering Privacy: Reputation Management How can you protect yourself?
“A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.” — Mitch Ratliff CyberSecurity
Before …
After
Who wants this Information? Updated12/2/09 http://securitylabs.websense.com/content/CrimewarePhishing.aspx
FBI: Infragard
Targets
Targets
Resources
Three Major Goals: Information Username and password. Bank Information Resources Computing Networking Money!
Stolen Credit Card Numbers
Credit Card Applications Name Address Social Security Number
Four components of security
November 2009 Phishing Sent: Thursday, November 12, 2009 10:34 AM Subject: Utk.edu Post Update Dear subscriber, Your e-mail account needs to be upgraded with our new F-Secure R HTK4S anti-virus/anti-spam 2009 version. Fill the columns below and click reply and send back or your account will be Suspended from our services. E-mail address: Password: * Please note that your password will be encrypted with 1024-bit RSA keys for increased security. Thank you for your cooperation Management 1 2 3 4 5 6 7
Hacked Site
Real Site
Spearphishing To: John Doe <jdoe@utk.edu> From:Scott Studham <studham@utk.edu> Subject:CyberSecurityPresentation Slides Attachment:CyberSecurity.pptx(7.5mb) Hello John, Your instructor asked me to send everyone a copy of the slides from my presentation. See attached. Best regards, Scott
Bob Hacker 1234 Pwned Lane Silly Rabbit, HA
Phishing Don’t reveal personal or financial information Contact the sender before you respond or open any attached files. Never click links in an e-mail message. Report phishing campaigns to your company or ISP. Use tools with “Phishing Filters” (Philters?)
Spear Phishing Personalized phishing attack Social attack Appears genuine Someone you’ve had contact with Someone from HR, IT, etc. Users of a particular website Goal: compromise an organization
“It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.” -- Mark Twain Reputation Management
Social Networks
Facebook 42 coworkers Including: Direct reports Former boss School program?
Google Hacking
Drunken Pirate (May 2006) ,[object Object]
Denied Degree and Teaching Certificate by Millersville University
University Officialsreported that the photowas “unprofessional.”
She lost court battle(Dec 2008),[object Object]
Sick Day, Part 1 From: Kevin Colvin [mailto: REDACTED] Sent: Wednesday, October 31, 2007 3:55PM To: Jill Thompson (North America) CC: Paul Davis (North America) Subject: Paul/Jill – I just wanted to let you know that I will not be able to come into work tomorrow. Something came up at home and I had to go to New York this morning for the next couple of days. I apologize for the delayed notice. Kind regards, Kevin
Sick Day, Part 1 From: Paul Davis (North America) Sent: Thursday, November 01, 2007 4:54 PM To: Kevin Colvin; Jill Thompson (North America); Kevin Colvin (North America) Subject: RE: Kevin, Thanks for letting us know— hope everything is ok in New York. (cool wand) Cheers, PCD
Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:35 a.m. To: Kyle Doyle Subject: Absence on Thursday 21st 2008 Hi Kyle, Please provide a medical certificate stating a valid reason for your sick leave on Thursday 21st 2008. Thank You NIRESH REGMI Real Time Manager, Workforce Operations
Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:38 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Niresh, 1 day leave absences do not require a medical certificate as stated in my contract, provided I have stated that I am on leave for medical reasons. Thanks Regards, Kyle Doyle Resolutions Expert - Technical
Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:39 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, Usually that is the case, as per your contract. However please note that leave during these occasions is only granted for genuine medical reasons. You line manager has determined that your leave was not due to medical reasons and as such we cannot grant leave on this occasion. NIRESH REGMI
Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:43 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Hi Niresh, My leave was due to medical reasons, so you cannot deny leave based on a line manager's discretion, with no proof, please process leave as requested. Thanks Regards, Kyle Doyle
Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:50 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, I believe the proof that you are after is below
Sick Day, Part 2 (Epilogue) From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:55 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 HAHAHA LMAO epic fail No worries man Regards, Kyle Doyle http://www.theregister.co.uk/2008/10/23/sickie_woo/
James Karl Buck sent a single word: “Arrested”
Witness Protection “I talked to Jen today, she is having fun at the beach in West Palm, I hate her :)”
Can Happen to Anyone
1st Possible Response
2nd Possible Response
Contact Poster/Content Owner
Social Networks
Hosting Service or ISP
Online Reputation ?
Raise Your Stock
Online Reputation Management
Prevention Beware what you post Control access
Google Alerts Create query of choice Be specific site:utk.edu“Studham” site:utk.edufiletype:xlsssn site:tennessee.edufiletype:ppt OR filetype:pdf
“By trying we can easily endure adversity. Another man's, I mean.” -- Mark Twain Protecting Yourself
Five Good Practices Don’t click email links. Use strong passwords. Use protection software. Manage your online reputation Keep your software updated.
Don’t Click Email Links Copy & paste Type it manually
BAD Passwords Dictionary words & combos (BadIdea) Family members or pets Sports teams (GoVols!) Nicknames (princess) Word or username reversals (terces) Sequential (aaaaaaaa or hijklmnop) Letter replacement (P@$$w0rd) Any password mentioned in this presentation! Hackers guess easy passwords!
Strong Passwords Think passphrases Upper and lowercase letters Punctuation & numbers At least eight characters Should appear random Easy for you to remember Phrase acronyms: Y(t@Bbic!
Use protection software Anti-Spyware Anti-Virus Microsoft SecurityEssentials (FREE!) Firewall (built in!) Keep this software updated!
Be Careful what Info you Provide Join top Social Networks Minimal placeholder Setup privacy controls Monitor mentions Early warnings Watch out for mentions of yourself Don’t overreact: squeaky wheel, etc. Internet can be a good or bad advertisement … especially if its funny
Keep software updated! Software updates Microsoft Update OS & Applications Office (Outlook!), etc. Other software packages Acrobat and Flash Virus & Spyware definitions
If you do nothing else … Don’t click email links Use strong passwords Use protection software Be careful what you post. Keep software updated! … but remember that’s not all.

Recommended

2011-02-24 Living in a Wired World
2011-02-24 Living in a Wired World2011-02-24 Living in a Wired World
2011-02-24 Living in a Wired WorldFrederick Lane
 
Some ideas for the evaluation of cross media interaction
Some ideas for the evaluation of cross media interactionSome ideas for the evaluation of cross media interaction
Some ideas for the evaluation of cross media interactionValentina Rao
 
Smores Che
Smores CheSmores Che
Smores Chejoelle1114
 
Blank
BlankBlank
Blankjeff.narabrook
 
Pet Overpopulation, Politics And Mandatory Sterilization Spay Usa
Pet Overpopulation, Politics And Mandatory Sterilization Spay UsaPet Overpopulation, Politics And Mandatory Sterilization Spay Usa
Pet Overpopulation, Politics And Mandatory Sterilization Spay Usajlandsman
 
Intro Nuevos Medios
Intro Nuevos MediosIntro Nuevos Medios
Intro Nuevos MediosFrancisco Kemeny
 
Project presentation at iOS DevCamp 2012
Project presentation at iOS DevCamp 2012Project presentation at iOS DevCamp 2012
Project presentation at iOS DevCamp 2012Valentina Rao
 
Makers: brief intro
Makers: brief introMakers: brief intro
Makers: brief introMirco Piccin
 

Recommended

2011-02-24 Living in a Wired World
2011-02-24 Living in a Wired World2011-02-24 Living in a Wired World
2011-02-24 Living in a Wired WorldFrederick Lane
 
Some ideas for the evaluation of cross media interaction
Some ideas for the evaluation of cross media interactionSome ideas for the evaluation of cross media interaction
Some ideas for the evaluation of cross media interactionValentina Rao
 
Smores Che
Smores CheSmores Che
Smores Chejoelle1114
 
Blank
BlankBlank
Blankjeff.narabrook
 
Pet Overpopulation, Politics And Mandatory Sterilization Spay Usa
Pet Overpopulation, Politics And Mandatory Sterilization Spay UsaPet Overpopulation, Politics And Mandatory Sterilization Spay Usa
Pet Overpopulation, Politics And Mandatory Sterilization Spay Usajlandsman
 
Intro Nuevos Medios
Intro Nuevos MediosIntro Nuevos Medios
Intro Nuevos MediosFrancisco Kemeny
 
Project presentation at iOS DevCamp 2012
Project presentation at iOS DevCamp 2012Project presentation at iOS DevCamp 2012
Project presentation at iOS DevCamp 2012Valentina Rao
 
Makers: brief intro
Makers: brief introMakers: brief intro
Makers: brief introMirco Piccin
 
Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009Steve McMahon
 
Studham Christmas Card 2009
Studham Christmas Card 2009Studham Christmas Card 2009
Studham Christmas Card 2009Scott Studham
 
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...Bruno Teboul
 
Innovative Merchandizing solutions
Innovative Merchandizing solutionsInnovative Merchandizing solutions
Innovative Merchandizing solutionsxionmedialabs
 
Cell and structure of cell
Cell and structure of cellCell and structure of cell
Cell and structure of cellPhattarawan Wai
 
Vlammen voor de Vrijheid
Vlammen voor de Vrijheid Vlammen voor de Vrijheid
Vlammen voor de Vrijheid Ilya van Marle
 
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La VenditaEvoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La VenditaCristiano Masiero
 
How well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnelHow well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnelEMDRHAP Yusupova
 
04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentation04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentationguest7c236
 
The Mashup Library
The Mashup LibraryThe Mashup Library
The Mashup Librarybridgingworlds2008
 
Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)Valentina Rao
 
“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...bridgingworlds2008
 
Spay.Neuter Road Map Conf
Spay.Neuter Road Map ConfSpay.Neuter Road Map Conf
Spay.Neuter Road Map Confjlandsman
 
“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”bridgingworlds2008
 
Podcasting in Learning
Podcasting in LearningPodcasting in Learning
Podcasting in LearningElaine Giles
 
Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011Mirco Piccin
 
Working with Data in iBooks Author
Working with Data in iBooks AuthorWorking with Data in iBooks Author
Working with Data in iBooks AuthorElaine Giles
 
Plone 3 2: What's New
Plone 3 2: What's NewPlone 3 2: What's New
Plone 3 2: What's NewSteve McMahon
 
FremføRing HøSt 08 3
FremføRing HøSt 08 3FremføRing HøSt 08 3
FremføRing HøSt 08 3Anniken
 
The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1Bruno Teboul
 
Bear Writing Paper
Bear Writing PaperBear Writing Paper
Bear Writing PaperJennifer Campbell
 
This Week@Ankin Law 3/21/22
This Week@Ankin Law 3/21/22This Week@Ankin Law 3/21/22
This Week@Ankin Law 3/21/22Ankin Law Office, LLC
 

More Related Content

Viewers also liked

Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009Steve McMahon
 
Studham Christmas Card 2009
Studham Christmas Card 2009Studham Christmas Card 2009
Studham Christmas Card 2009Scott Studham
 
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...Bruno Teboul
 
Innovative Merchandizing solutions
Innovative Merchandizing solutionsInnovative Merchandizing solutions
Innovative Merchandizing solutionsxionmedialabs
 
Cell and structure of cell
Cell and structure of cellCell and structure of cell
Cell and structure of cellPhattarawan Wai
 
Vlammen voor de Vrijheid
Vlammen voor de Vrijheid Vlammen voor de Vrijheid
Vlammen voor de Vrijheid Ilya van Marle
 
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La VenditaEvoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La VenditaCristiano Masiero
 
How well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnelHow well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnelEMDRHAP Yusupova
 
04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentation04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentationguest7c236
 
Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)Valentina Rao
 
“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...bridgingworlds2008
 
Spay.Neuter Road Map Conf
Spay.Neuter Road Map ConfSpay.Neuter Road Map Conf
Spay.Neuter Road Map Confjlandsman
 
“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”bridgingworlds2008
 
Podcasting in Learning
Podcasting in LearningPodcasting in Learning
Podcasting in LearningElaine Giles
 
Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011Mirco Piccin
 
Working with Data in iBooks Author
Working with Data in iBooks AuthorWorking with Data in iBooks Author
Working with Data in iBooks AuthorElaine Giles
 
Plone 3 2: What's New
Plone 3 2: What's NewPlone 3 2: What's New
Plone 3 2: What's NewSteve McMahon
 
FremføRing HøSt 08 3
FremføRing HøSt 08 3FremføRing HøSt 08 3
FremføRing HøSt 08 3Anniken
 
The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1Bruno Teboul
 

Viewers also liked (20)

Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009Plone Foundation Annual Meeting, Budapest 2009
Plone Foundation Annual Meeting, Budapest 2009
 
Studham Christmas Card 2009
Studham Christmas Card 2009Studham Christmas Card 2009
Studham Christmas Card 2009
 
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
The 2nd and 3rd marketing revolutions darwinian revolution and neuroscientist...
 
Innovative Merchandizing solutions
Innovative Merchandizing solutionsInnovative Merchandizing solutions
Innovative Merchandizing solutions
 
Cell and structure of cell
Cell and structure of cellCell and structure of cell
Cell and structure of cell
 
Vlammen voor de Vrijheid
Vlammen voor de Vrijheid Vlammen voor de Vrijheid
Vlammen voor de Vrijheid
 
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La VenditaEvoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
Evoluzione Degli Obiettivi Di Mktg Per Rendere Efficace La Vendita
 
How well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnelHow well is the US government addressing the needs of military personnel
How well is the US government addressing the needs of military personnel
 
04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentation04 01 Hcm Psft Presentation
04 01 Hcm Psft Presentation
 
The Mashup Library
The Mashup LibraryThe Mashup Library
The Mashup Library
 
Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)Marketing cross media: towards a narrative interpretation of experience(s)
Marketing cross media: towards a narrative interpretation of experience(s)
 
“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...“How do you provide for everyone: success with diverse populations in the UK ...
“How do you provide for everyone: success with diverse populations in the UK ...
 
Spay.Neuter Road Map Conf
Spay.Neuter Road Map ConfSpay.Neuter Road Map Conf
Spay.Neuter Road Map Conf
 
“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”“Developing a Metrics-based Online Strategy”
“Developing a Metrics-based Online Strategy”
 
Podcasting in Learning
Podcasting in LearningPodcasting in Learning
Podcasting in Learning
 
Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011Arduino & Zoneminder - ArduinoCamp 2011
Arduino & Zoneminder - ArduinoCamp 2011
 
Working with Data in iBooks Author
Working with Data in iBooks AuthorWorking with Data in iBooks Author
Working with Data in iBooks Author
 
Plone 3 2: What's New
Plone 3 2: What's NewPlone 3 2: What's New
Plone 3 2: What's New
 
FremføRing HøSt 08 3
FremføRing HøSt 08 3FremføRing HøSt 08 3
FremføRing HøSt 08 3
 
The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1The end of traditional marketing bt.20120606 slide_share1
The end of traditional marketing bt.20120606 slide_share1
 

Similar to Security

Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
E mail etiquette
E mail etiquetteE mail etiquette
E mail etiquettejmbenak
 
Business correspondence
Business correspondenceBusiness correspondence
Business correspondenceCiklum Ukraine
 
Social Media and Online Investigation Of Claims
Social Media and Online Investigation Of ClaimsSocial Media and Online Investigation Of Claims
Social Media and Online Investigation Of ClaimsDano0403
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
 
Protecting Your Organizational Data.pdf
Protecting Your Organizational Data.pdfProtecting Your Organizational Data.pdf
Protecting Your Organizational Data.pdfBloomerang
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is DangerousGihan Dias
 
Spam as social engineering presentation.
Spam as social engineering presentation.Spam as social engineering presentation.
Spam as social engineering presentation.fificoco
 
Essay Format College - Essay Writing Top
Essay Format College - Essay Writing TopEssay Format College - Essay Writing Top
Essay Format College - Essay Writing TopLakeisha Jones
 
Macbeth Argumentative Essay Topics
Macbeth Argumentative Essay TopicsMacbeth Argumentative Essay Topics
Macbeth Argumentative Essay TopicsChristina Morgan
 
Complete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxComplete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxskevin488
 
Training apat2009
Training apat2009Training apat2009
Training apat2009wharman
 
E-mail Etiquette.ppt
E-mail Etiquette.pptE-mail Etiquette.ppt
E-mail Etiquette.pptJaved883411
 
7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networksjaymemcree
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founderKhalid Shaikh
 

Similar to Security (20)

Bear Writing Paper
Bear Writing PaperBear Writing Paper
Bear Writing Paper
 
This Week@Ankin Law 3/21/22
This Week@Ankin Law 3/21/22This Week@Ankin Law 3/21/22
This Week@Ankin Law 3/21/22
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Intro to social media
Intro to social mediaIntro to social media
Intro to social media
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
E mail etiquette
E mail etiquetteE mail etiquette
E mail etiquette
 
Business correspondence
Business correspondenceBusiness correspondence
Business correspondence
 
Social Media and Online Investigation Of Claims
Social Media and Online Investigation Of ClaimsSocial Media and Online Investigation Of Claims
Social Media and Online Investigation Of Claims
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
 
Protecting Your Organizational Data.pdf
Protecting Your Organizational Data.pdfProtecting Your Organizational Data.pdf
Protecting Your Organizational Data.pdf
 
The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
 
Spam as social engineering presentation.
Spam as social engineering presentation.Spam as social engineering presentation.
Spam as social engineering presentation.
 
Essay Format College - Essay Writing Top
Essay Format College - Essay Writing TopEssay Format College - Essay Writing Top
Essay Format College - Essay Writing Top
 
Macbeth Argumentative Essay Topics
Macbeth Argumentative Essay TopicsMacbeth Argumentative Essay Topics
Macbeth Argumentative Essay Topics
 
Complete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxComplete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docx
 
Training apat2009
Training apat2009Training apat2009
Training apat2009
 
E-mail Etiquette.ppt
E-mail Etiquette.pptE-mail Etiquette.ppt
E-mail Etiquette.ppt
 
7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks7 Things People Do To Endanger Their Networks
7 Things People Do To Endanger Their Networks
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
 
HighTail - a history of it's founder
HighTail - a history of it's founderHighTail - a history of it's founder
HighTail - a history of it's founder
 

More from Scott Studham

Oct 2013 IT Townhall
Oct 2013 IT TownhallOct 2013 IT Townhall
Oct 2013 IT TownhallScott Studham
 
A Picture of Enterprise Architecture
A Picture of Enterprise ArchitectureA Picture of Enterprise Architecture
A Picture of Enterprise ArchitectureScott Studham
 
39 Clues Book - 15th Anniversary Gift
39 Clues Book - 15th Anniversary Gift39 Clues Book - 15th Anniversary Gift
39 Clues Book - 15th Anniversary GiftScott Studham
 
Experinces Deploying Shared Services
Experinces Deploying Shared ServicesExperinces Deploying Shared Services
Experinces Deploying Shared ServicesScott Studham
 
Aplu Shared Services Panel Studham
Aplu Shared Services Panel StudhamAplu Shared Services Panel Studham
Aplu Shared Services Panel StudhamScott Studham
 
What every executive needs to know about IT
What every executive needs to know about ITWhat every executive needs to know about IT
What every executive needs to know about ITScott Studham
 

More from Scott Studham (7)

Oct 2013 IT Townhall
Oct 2013 IT TownhallOct 2013 IT Townhall
Oct 2013 IT Townhall
 
A Picture of Enterprise Architecture
A Picture of Enterprise ArchitectureA Picture of Enterprise Architecture
A Picture of Enterprise Architecture
 
39 Clues Book - 15th Anniversary Gift
39 Clues Book - 15th Anniversary Gift39 Clues Book - 15th Anniversary Gift
39 Clues Book - 15th Anniversary Gift
 
Experinces Deploying Shared Services
Experinces Deploying Shared ServicesExperinces Deploying Shared Services
Experinces Deploying Shared Services
 
Aplu Shared Services Panel Studham
Aplu Shared Services Panel StudhamAplu Shared Services Panel Studham
Aplu Shared Services Panel Studham
 
What every executive needs to know about IT
What every executive needs to know about ITWhat every executive needs to know about IT
What every executive needs to know about IT
 
Ornl IT
Ornl ITOrnl IT
Ornl IT
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Security

  • 1. R. Scott Studham Chief Information Officer Computer Security
  • 2. Agenda Ethics CyberSecurity What do hackers want? Social Engineering Privacy: Reputation Management How can you protect yourself?
  • 3. “A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.” — Mitch Ratliff CyberSecurity
  • 6. Who wants this Information? Updated12/2/09 http://securitylabs.websense.com/content/CrimewarePhishing.aspx
  • 11. Three Major Goals: Information Username and password. Bank Information Resources Computing Networking Money!
  • 13. Credit Card Applications Name Address Social Security Number
  • 14. Four components of security
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. November 2009 Phishing Sent: Thursday, November 12, 2009 10:34 AM Subject: Utk.edu Post Update Dear subscriber, Your e-mail account needs to be upgraded with our new F-Secure R HTK4S anti-virus/anti-spam 2009 version. Fill the columns below and click reply and send back or your account will be Suspended from our services. E-mail address: Password: * Please note that your password will be encrypted with 1024-bit RSA keys for increased security. Thank you for your cooperation Management 1 2 3 4 5 6 7
  • 20.
  • 21.
  • 23.
  • 25. Spearphishing To: John Doe <jdoe@utk.edu> From:Scott Studham <studham@utk.edu> Subject:CyberSecurityPresentation Slides Attachment:CyberSecurity.pptx(7.5mb) Hello John, Your instructor asked me to send everyone a copy of the slides from my presentation. See attached. Best regards, Scott
  • 26. Bob Hacker 1234 Pwned Lane Silly Rabbit, HA
  • 27. Phishing Don’t reveal personal or financial information Contact the sender before you respond or open any attached files. Never click links in an e-mail message. Report phishing campaigns to your company or ISP. Use tools with “Phishing Filters” (Philters?)
  • 28. Spear Phishing Personalized phishing attack Social attack Appears genuine Someone you’ve had contact with Someone from HR, IT, etc. Users of a particular website Goal: compromise an organization
  • 29. “It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.” -- Mark Twain Reputation Management
  • 31. Facebook 42 coworkers Including: Direct reports Former boss School program?
  • 33.
  • 34. Denied Degree and Teaching Certificate by Millersville University
  • 35. University Officialsreported that the photowas “unprofessional.”
  • 36.
  • 37. Sick Day, Part 1 From: Kevin Colvin [mailto: REDACTED] Sent: Wednesday, October 31, 2007 3:55PM To: Jill Thompson (North America) CC: Paul Davis (North America) Subject: Paul/Jill – I just wanted to let you know that I will not be able to come into work tomorrow. Something came up at home and I had to go to New York this morning for the next couple of days. I apologize for the delayed notice. Kind regards, Kevin
  • 38. Sick Day, Part 1 From: Paul Davis (North America) Sent: Thursday, November 01, 2007 4:54 PM To: Kevin Colvin; Jill Thompson (North America); Kevin Colvin (North America) Subject: RE: Kevin, Thanks for letting us know— hope everything is ok in New York. (cool wand) Cheers, PCD
  • 39. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:35 a.m. To: Kyle Doyle Subject: Absence on Thursday 21st 2008 Hi Kyle, Please provide a medical certificate stating a valid reason for your sick leave on Thursday 21st 2008. Thank You NIRESH REGMI Real Time Manager, Workforce Operations
  • 40. Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:38 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Niresh, 1 day leave absences do not require a medical certificate as stated in my contract, provided I have stated that I am on leave for medical reasons. Thanks Regards, Kyle Doyle Resolutions Expert - Technical
  • 41. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:39 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, Usually that is the case, as per your contract. However please note that leave during these occasions is only granted for genuine medical reasons. You line manager has determined that your leave was not due to medical reasons and as such we cannot grant leave on this occasion. NIRESH REGMI
  • 42. Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:43 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Hi Niresh, My leave was due to medical reasons, so you cannot deny leave based on a line manager's discretion, with no proof, please process leave as requested. Thanks Regards, Kyle Doyle
  • 43. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:50 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, I believe the proof that you are after is below
  • 44. Sick Day, Part 2 (Epilogue) From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:55 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 HAHAHA LMAO epic fail No worries man Regards, Kyle Doyle http://www.theregister.co.uk/2008/10/23/sickie_woo/
  • 45. James Karl Buck sent a single word: “Arrested”
  • 46. Witness Protection “I talked to Jen today, she is having fun at the beach in West Palm, I hate her :)”
  • 47. Can Happen to Anyone
  • 56. Prevention Beware what you post Control access
  • 57. Google Alerts Create query of choice Be specific site:utk.edu“Studham” site:utk.edufiletype:xlsssn site:tennessee.edufiletype:ppt OR filetype:pdf
  • 58. “By trying we can easily endure adversity. Another man's, I mean.” -- Mark Twain Protecting Yourself
  • 59. Five Good Practices Don’t click email links. Use strong passwords. Use protection software. Manage your online reputation Keep your software updated.
  • 60. Don’t Click Email Links Copy & paste Type it manually
  • 61. BAD Passwords Dictionary words & combos (BadIdea) Family members or pets Sports teams (GoVols!) Nicknames (princess) Word or username reversals (terces) Sequential (aaaaaaaa or hijklmnop) Letter replacement (P@$$w0rd) Any password mentioned in this presentation! Hackers guess easy passwords!
  • 62. Strong Passwords Think passphrases Upper and lowercase letters Punctuation & numbers At least eight characters Should appear random Easy for you to remember Phrase acronyms: Y(t@Bbic!
  • 63. Use protection software Anti-Spyware Anti-Virus Microsoft SecurityEssentials (FREE!) Firewall (built in!) Keep this software updated!
  • 64. Be Careful what Info you Provide Join top Social Networks Minimal placeholder Setup privacy controls Monitor mentions Early warnings Watch out for mentions of yourself Don’t overreact: squeaky wheel, etc. Internet can be a good or bad advertisement … especially if its funny
  • 65. Keep software updated! Software updates Microsoft Update OS & Applications Office (Outlook!), etc. Other software packages Acrobat and Flash Virus & Spyware definitions
  • 66. If you do nothing else … Don’t click email links Use strong passwords Use protection software Be careful what you post. Keep software updated! … but remember that’s not all.
  • 67. Review CyberSecurity What do hackers want? Social Engineering Privacy: Reputation Management How can you protect yourself?
  • 68. Thank you! Most slides were stolen from Office of Information Technology Information Security Office Questions?