O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Maleeff university of toronto 11 july 2019

  1. 1. University of Toronto iSchool Symposium Cybersecurity: Libraries ARE a Target! July 11, 2019 | 10:00 am – 10:30 am Top 10 Tips for Security Awareness Training Tracy Z. Maleeff aka @InfoSecSherpa on Twitter Former librarian, current Cybersecurity Professional © 2019 Tracy Z. Maleeff | InfoSecSherpa 1
  2. 2. Agenda Brief Introduction InfoSecSherpa’s 5 Ps of Information Security Brief Q & A 5 More Security Awareness Training Things to Think About Brief Q & A End (and your break!) © 2019 Tracy Z. Maleeff | InfoSecSherpa 2 Disclaimer: Thoughts and opinions expressed are my own and not that of my employer or of any other groups to which I am affiliated.
  3. 3. Street Cred Master of Library and Information Science from the University of Pittsburgh 15 years as a librarian GIAC SANS-GSEC certification Cyber Analyst in a Security Operations Center (SOC) for a global company © 2019 Tracy Z. Maleeff | InfoSecSherpa 3
  4. 4. InfoSecSherpa’s 5 Ps of Information Security © 2019 Tracy Z. Maleeff | InfoSecSherpa Passwords Patching Precaution Preservation Privilege 4
  5. 5. Passwords Long = strong. Passphrase versus a password. Multi-Factor Authentication SMS use caution due to SIM switching crimes Google Authenticator Yubikey, Google Titan Password Manager No duplication / reuse Change them periodically* (e.g. seasonally, semiannually) © 2019 Tracy Z. Maleeff | InfoSecSherpa 5
  6. 6. Patching  Patch Tuesday / Update Tuesday from Microsoft  2nd Tuesday of every month.  See their Security Advisories and Bulletins.  Schedule times to check devices, laptops, and software for updates. Best bet – automatic updates!  Set up push alerts with vendor or product to be informed of critical updates.  US-CERT (Computer Emergency Readiness Team) Alerts  Canadian Centre for Cyber Security Alerts & Advisories  OpenCERT Canada https://opencert.ca/ © 2019 Tracy Z. Maleeff | InfoSecSherpa 6
  7. 7. Precaution  Examine emails  Hover over links to check their destination. Look for red flags.  Think before you post a photo or information online  Is there information in the background of a photo? Is there PII (Personally Identifiable Information) in this post?  Be empowered to say no  Don’t get bullied to give out information. Think about what the person is asking of you and if it could compromise security. © 2019 Tracy Z. Maleeff | InfoSecSherpa 7
  8. 8. Preservation  Backup your digital files  Schedule regular backups. Practice restoring from backups periodically.  Document your network and digital assets  Remember: Treat information security like a special collection of your library.  Keep a list of whom to contact in a security emergency  If your library was the victim of ransomware tomorrow, would you know who to contact and where to begin with incident response? © 2019 Tracy Z. Maleeff | InfoSecSherpa 8
  9. 9. Privilege  Give workers only the level of access they need to perform their jobs.  “Principle of least privilege” aka “not everybody gets admin access” and “not everybody gets the social media passwords”  Separate and secure your WiFi networks.  Have one for staff only, have one for patrons. Be aware of how far your WiFi signal is transmitting. © 2019 Tracy Z. Maleeff | InfoSecSherpa 9
  10. 10. Brief Q & A © 2019 Tracy Z. Maleeff | InfoSecSherpa 10
  11. 11. 5 More Security Awareness Training Things to Think About Communication Current Events Gamification Policies Technical Training © 2019 Tracy Z. Maleeff | InfoSecSherpa 11
  12. 12. Brief Q & A © 2019 Tracy Z. Maleeff | InfoSecSherpa 12
  13. 13. Thank you, University of Toronto iSchool! © 2019 Tracy Z. Maleeff | InfoSecSherpa 13 @InfoSecSherpa on Twitter nuzzel.com/infosecsherpa medium.com/@infosecsherpa

    Seja o primeiro a comentar

    Entre para ver os comentários

Cybersecurity Symposium

Vistos

Vistos totais

55

No Slideshare

0

De incorporações

0

Número de incorporações

0

Ações

Baixados

0

Compartilhados

0

Comentários

0

Curtir

0

×