SlideShare uma empresa Scribd logo

Make Your Employees More Security Aware

Transferir como PPTX, PDF
PortalGuard dba PistolStar, Inc.
PortalGuard dba PistolStar, Inc.

Top 10 Ways to Make Your Employees More Security Aware

Tecnologia
1 de 15
Top 10 Ways to Make Your Employees More Security Aware 2:00PM EDT, Thursday August 26th, 2010 Presented By: Gregg Browinski CTO, PistolStar Inc. Moderated By: Kimberly Johnson Marketing Associate, PistolStar Inc.
Welcome to the Event • Setting Your Expectations: – Objective is to give you “food for thought” • Housekeeping Points • Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc.
Security Awareness o Many organizations tend to overlook o Forms the first line of defense against attacks o Security Awareness Programs = Headaches o Arm your employees with 10 tips to be more aware
Tip #1: Provide Credentials on HTTPS Protected Sites o Users should get in the habit of looking at a URL before logging in o HTTPS is Hypertext Transfer Protocol layered on an encrypted SSL/TLS o Prevents “eavesdropping” attacks
Tip #2: Creating Strong Passwords – Give Them a Clue o Provide a visual clue for employees when creating passwords o Avoids risks associated with weak passwords o Standards for passwords ever increasing – demands for “super passwords” o Pass “Phrases”
Tip #3: Watch for Your Personal Watermark Going to the beach is the best! o Provides compliance when multi-factor authentication is required o Another visual clue for the user o Usually used by financial institutions o Mutual authentication - proves server’s identity to user
Tip #4: Look at Your Last Login Date and Time o Provides a quick check for fraudulent logins o Can be a log or a simple phrase
Tip #5: Password History Policies o The challenge is to maintain usability while increasing compliance and security o Enforce only when appropriate o Expiration interval and password history limit are inversely proportional
Tip #6: Using Security Question(s) Examples: Bad Question: What was your first pet? Good Question: Who was your first kiss? o Use mandatory or optional sets of questions o It is better to require more answers o Can be used to reset passwords or to augment login security
Tip #7: Avoid Password Lockout – Stop Logging In! o Caused by users’ habit of repeatedly trying to login with the same credentials o Configure Password Lockouts to expire o Use helpful warning messages to educate and reduce Help Desk calls
Tip #8: Watch for Trouble Spots & Malicious Activity o Points throughout a user’s day where security is the weakest o Educate employees about attacks and how to watch for them
Tip #9: Use Virtual Keyboard When Available o Avoid keystroke logging attacks – educate users o Implement a virtual keyboard for password and/or challenge answer fields
Tip #10: Avoid Concurrent Login Sessions o Prevent concurrent login sessions • Inactivity timeouts • Logging in invalidates pre-existing sessions • Logging in not possible until previous sessions are logged out o Tailor to the required level of data protection
Please Answer Based on a Scale from 1 to 5: Short Q&A Session: 1. How much of an overall concern is security Thank You for Your Answers awareness and authentication in your organization currently? In order to help us provide our audience with the Please Choose One Answer for the Following: appropriate information for 2. Out of these four business drivers which one future events, please take resonates the most with you and in your a moment to respond with environment? your answers to the a) Usability following questions via b) Security Instant Message. c) Auditing d) Compliance Your answers are greatly 3. Out of these four feature categories which one appreciated. Thank you. resonates the most with you and in your environment? e) Password Management f) Self-service g) Audit/Logging h) Stronger Authentication
Q&A • Q&A Session • Thank You for Attending • Please email Kjohnson@pistolstar.com with any questions, comments or feedback you may have • For more information on this series and other webinars such as: “Securely Manage Your Corporate Portal Login: Take a Look at How the Financial Industry is Leading the Way” Please Visit: http://portalguard.com/learn-more.html

Recomendados

4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxRomania Testing
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident ResponseAnton Chuvakin
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 dandb-technology
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s cannersRashid Khatmey
 
Be Aware of These Security Recommendations
Be Aware of These Security RecommendationsBe Aware of These Security Recommendations
Be Aware of These Security RecommendationsDue
 
SnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms
 

Recomendados

4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentationRashid Khatmey
 
Daniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxDaniel billing exploring the security testers toolbox
Daniel billing exploring the security testers toolboxRomania Testing
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4skimil
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident ResponseAnton Chuvakin
 
Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 Blackhat 2014 Conference and Defcon 22
Blackhat 2014 Conference and Defcon 22 dandb-technology
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s cannersRashid Khatmey
 
Be Aware of These Security Recommendations
Be Aware of These Security RecommendationsBe Aware of These Security Recommendations
Be Aware of These Security RecommendationsDue
 
SnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdfAliza Oscar
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag501 Commons
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordNicholas Davis
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNINGEMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNINGHuman Capital Media
 
Power Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional SupportPower Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional Supporttodd.lewis
 
Sales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and SalesforceSales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and SalesforceRingLead
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
10 things to teach end users
10 things to teach end users10 things to teach end users
10 things to teach end usersProgressive Integrations
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfinfosec train
 
Argumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And TimeArgumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And TimeAngela Williams
 
Engage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationshipsEngage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationshipseGrabber
 
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 

Mais conteúdo relacionado

Semelhante a Make Your Employees More Security Aware

How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureIIMBNSRCEL
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdfAliza Oscar
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag501 Commons
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordNicholas Davis
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNINGEMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNINGHuman Capital Media
 
Power Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional SupportPower Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional Supporttodd.lewis
 
Sales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and SalesforceSales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and SalesforceRingLead
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfinfosec train
 
Argumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And TimeArgumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And TimeAngela Williams
 
Engage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationshipsEngage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationshipseGrabber
 

Semelhante a Make Your Employees More Security Aware (20)

How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
350-701 Certification Exam Dumps Pdf Your Path to Success.pdf
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a Password
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNINGEMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
EMBRACING DISRUPTION: HOW ONE MULTINATIONAL IS CHANGING ITS APPROACH TO LEARNING
 
Power Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional SupportPower Of 30 Seconds: Best Practices for Exceptional Support
Power Of 30 Seconds: Best Practices for Exceptional Support
 
Sales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and SalesforceSales Email Hacks for Gmail and Salesforce
Sales Email Hacks for Gmail and Salesforce
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
10 things to teach end users
10 things to teach end users10 things to teach end users
10 things to teach end users
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdf
 
Argumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And TimeArgumentative Essay Space Exploration Is A Waste Of Money And Time
Argumentative Essay Space Exploration Is A Waste Of Money And Time
 
Engage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationshipsEngage prospects on LinkedIn and start building business relationships
Engage prospects on LinkedIn and start building business relationships
 

Mais de PortalGuard dba PistolStar, Inc.

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationPortalGuard dba PistolStar, Inc.
 

Mais de PortalGuard dba PistolStar, Inc. (11)

The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor AuthenticationThe Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
The Cost and Loss of Not using Single Sign-On with Two-Factor Authentication
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Password Management
Password ManagementPassword Management
Password Management
 
Password Synchronization
Password SynchronizationPassword Synchronization
Password Synchronization
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Contextual Authentication
Contextual AuthenticationContextual Authentication
Contextual Authentication
 
Password management
Password managementPassword management
Password management
 
Context Based Authentication
Context Based AuthenticationContext Based Authentication
Context Based Authentication
 

Último

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Último (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Make Your Employees More Security Aware

  • 1. Top 10 Ways to Make Your Employees More Security Aware 2:00PM EDT, Thursday August 26th, 2010 Presented By: Gregg Browinski CTO, PistolStar Inc. Moderated By: Kimberly Johnson Marketing Associate, PistolStar Inc.
  • 2. Welcome to the Event • Setting Your Expectations: – Objective is to give you “food for thought” • Housekeeping Points • Introducing the Speaker: Gregg Browinski, CTO PistolStar, Inc.
  • 3. Security Awareness o Many organizations tend to overlook o Forms the first line of defense against attacks o Security Awareness Programs = Headaches o Arm your employees with 10 tips to be more aware
  • 4. Tip #1: Provide Credentials on HTTPS Protected Sites o Users should get in the habit of looking at a URL before logging in o HTTPS is Hypertext Transfer Protocol layered on an encrypted SSL/TLS o Prevents “eavesdropping” attacks
  • 5. Tip #2: Creating Strong Passwords – Give Them a Clue o Provide a visual clue for employees when creating passwords o Avoids risks associated with weak passwords o Standards for passwords ever increasing – demands for “super passwords” o Pass “Phrases”
  • 6. Tip #3: Watch for Your Personal Watermark Going to the beach is the best! o Provides compliance when multi-factor authentication is required o Another visual clue for the user o Usually used by financial institutions o Mutual authentication - proves server’s identity to user
  • 7. Tip #4: Look at Your Last Login Date and Time o Provides a quick check for fraudulent logins o Can be a log or a simple phrase
  • 8. Tip #5: Password History Policies o The challenge is to maintain usability while increasing compliance and security o Enforce only when appropriate o Expiration interval and password history limit are inversely proportional
  • 9. Tip #6: Using Security Question(s) Examples: Bad Question: What was your first pet? Good Question: Who was your first kiss? o Use mandatory or optional sets of questions o It is better to require more answers o Can be used to reset passwords or to augment login security
  • 10. Tip #7: Avoid Password Lockout – Stop Logging In! o Caused by users’ habit of repeatedly trying to login with the same credentials o Configure Password Lockouts to expire o Use helpful warning messages to educate and reduce Help Desk calls
  • 11. Tip #8: Watch for Trouble Spots & Malicious Activity o Points throughout a user’s day where security is the weakest o Educate employees about attacks and how to watch for them
  • 12. Tip #9: Use Virtual Keyboard When Available o Avoid keystroke logging attacks – educate users o Implement a virtual keyboard for password and/or challenge answer fields
  • 13. Tip #10: Avoid Concurrent Login Sessions o Prevent concurrent login sessions • Inactivity timeouts • Logging in invalidates pre-existing sessions • Logging in not possible until previous sessions are logged out o Tailor to the required level of data protection
  • 14. Please Answer Based on a Scale from 1 to 5: Short Q&A Session: 1. How much of an overall concern is security Thank You for Your Answers awareness and authentication in your organization currently? In order to help us provide our audience with the Please Choose One Answer for the Following: appropriate information for 2. Out of these four business drivers which one future events, please take resonates the most with you and in your a moment to respond with environment? your answers to the a) Usability following questions via b) Security Instant Message. c) Auditing d) Compliance Your answers are greatly 3. Out of these four feature categories which one appreciated. Thank you. resonates the most with you and in your environment? e) Password Management f) Self-service g) Audit/Logging h) Stronger Authentication
  • 15. Q&A • Q&A Session • Thank You for Attending • Please email Kjohnson@pistolstar.com with any questions, comments or feedback you may have • For more information on this series and other webinars such as: “Securely Manage Your Corporate Portal Login: Take a Look at How the Financial Industry is Leading the Way” Please Visit: http://portalguard.com/learn-more.html