PhishingBox

Information Security Awareness - Basic Training

Estimated read time: 1:20

    Summary

    This video provides an introduction to information security, highlighting its dynamic nature and the importance of maintaining confidentiality, integrity, and availability of information. It covers various threats including human, technical, and environmental factors, and emphasizes the role of employees in maintaining security. The video also discusses different types of security controls and the importance of following policies to ensure robust information security practices.

      Highlights

      • The dynamic nature of information security requires regular attention and updates. 🔄
      • Three main threats: human (like disgruntled employees), technical (like viruses), and environmental (like natural disasters). 🌩ī¸
      • Controls can be physical (locks), technical (antivirus), or administrative (policies), aiming to either prevent or detect issues. đŸĸđŸ–Ĩī¸
      • Importance of strong passwords and multi-factor authentication to protect accounts. 🔑🔐
      • Avoid unknown internet connections to prevent man-in-the-middle attacks. 🌐
      • Be cautious of social engineering, always verify requests, and don't click unknown links. 📧🔗
      • Know your company's incident response policy and report incidents promptly. đŸ“Ŗ

      Key Takeaways

      • Information security is dynamic, needing constant vigilance and updates. 🔒
      • Various threats include human, technical, and environmental factors. đŸŒĒī¸
      • Employees are crucial in supporting and maintaining information security protocols. 🙋‍♂ī¸
      • Different controls exist: physical, technical, and administrative, which can be preventive or detective. đŸšĒđŸ–Ĩī¸đŸ“œ
      • Safe computing practices include strong, unique passwords and avoiding unknown networks. 🛡ī¸
      • Social engineering is a major threat and requires skepticism and diligence. 👀
      • Incident response is vital; report any suspicious activity immediately. 🚨

      Overview

      Information security is a multifaceted discipline focused on ensuring that information remains confidential, accurate, and available to those who are authorized to access it. It's an ever-evolving field that responds to a variety of threats including human mistakes, technical failures, and environmental disasters. The video emphasizes the critical role employees play in preventing breaches by adhering to established security protocols.

        Various controls are in place to manage these threats, classified as physical (like secure locks), technical (such as firewalls and antivirus systems), and administrative (policies and agreements). These controls work to either prevent unauthorized access or detect it when it occurs. Employees are specifically called out as important players in maintaining security - their vigilance and adherence to protocols contribute significantly to an organization's security posture.

          The training underscores the importance of safe digital habits like using strong passwords and being wary of social engineering tactics. Additionally, employees are encouraged to understand and follow their organization's incident response plans, which outline the steps to take when a security breach is suspected. By staying informed and prepared, employees can significantly enhance their organization's security defenses.

            Chapters

            • 00:00 - 00:30: Introduction to Information Security Information Security is the process of maintaining confidentiality, ensuring integrity, and assuring the availability of information. It's a constantly evolving process in which employees can play a key role.
            • 00:30 - 01:00: Common Threats to Information Security This chapter discusses the various threats to information security, which are categorized into human, technical, and environmental threats. Human threats can come from sources like disgruntled employees, customers, criminals, terrorists, and hackers. Technical threats include issues such as configuration errors, outdated equipment or software, and malicious codes like viruses. Environmental threats cover natural and unforeseen events such as floods, power outages, and fires.
            • 01:00 - 02:00: Motivations and Controls for Threats This chapter discusses various motivations for human-related threats, which can include financial gain, revenge, or political agendas. It also covers how organizations implement controls to minimize the potential negative impact of such threats, categorizing these controls as physical measures.
            • 02:00 - 02:30: Importance of Employee Role in Information Security The chapter, titled 'Importance of Employee Role in Information Security,' explores the different types of controls relevant to maintaining information security. It identifies three main types of controls: physical (or technical or administrative) controls like doors, locks, and fire suppression systems; technical controls such as antivirus software and firewalls; and administrative controls that involve formal and informal policies and procedures, including codes of conduct, acceptable use policies, and non-disclosure agreements. The chapter underscores the essential role employees play in supporting these controls to ensure the security of information.
            • 03:30 - 04:00: Physical Security Best Practices The chapter 'Physical Security Best Practices' discusses different types of security controls. Preventative controls, like locks on doors, aim to minimize the likelihood of unauthorized actions. Detective controls, such as alarms or sirens, help identify unauthorized activities. Additionally, the chapter emphasizes the vital role employees play in information security, highlighting the importance of their understanding of and engagement with information security practices.
            • 04:00 - 05:30: Computer and Authentication Security This chapter discusses the significance of information security in protecting a company from unauthorized disclosures or disruptions, which can lead to financial losses and damage to the company's reputation. It highlights the role of controls in enhancing information security and mentions regulatory requirements that must be understood and adhered to.
            • 05:30 - 06:30: Risks of Connecting to Unknown Networks Connecting to unknown networks can pose significant security risks. Employees play a critical role in maintaining or jeopardizing security depending on their actions. They should avoid trying to bypass or circumvent company security systems such as policies, procedures, and software. In case any process-related issues arise, they should report them to a supervisor instead of attempting unauthorized solutions, as existing controls might serve essential purposes. Employees should also proactively communicate potential areas for security improvement to their supervisors. Key controls and actions that employees should adhere to include paying attention to physical security measures.
            • 06:30 - 08:00: Understanding Secure Connections and SSL/TLS The chapter emphasizes the importance of security from an employee's perspective, instructing employees not to bypass physical security controls like propping open locked doors. It stresses that individuals should use their own access codes to enter facilities and not piggyback with others. Additionally, it highlights the need for securing non-public data by locking items when not in use and properly disposing of them when they are no longer needed.
            • 08:00 - 09:30: Keystroke Logging and Remote Access Security This chapter explores the security measures necessary to protect against keystroke logging and unauthorized remote access. It emphasizes the importance of properly destroying sensitive information either by shredding or securing items pending destruction. Users must lock or shut down their computers or devices when not in active use, ensuring the system requires a password or code for access. Given the substantial amount of information stored on computers, a critical aspect of security is robust authentication, which can be achieved by using a username and password among other methods.
            • 09:30 - 10:00: Introduction to Social Engineering The chapter "Introduction to Social Engineering" focuses on the importance of maintaining security in user accounts. It emphasizes the need for additional security layers like text codes or multi-factor authentication. It warns against sharing accounts as unauthorized activities could be traced back to the original user. The chapter advises against disclosing passwords or storing them in unencrypted files to prevent compromise, especially if a computer is attacked.
            • 10:00 - 11:30: Types of Social Engineering Attacks The chapter discusses various types of social engineering attacks and the importance of securing systems against such threats. It emphasizes the risks associated with portable systems, such as the potential loss or theft of computers, which could lead to unauthorized access to sensitive data. To minimize these risks, it recommends regular password changes and the use of strong, complex passwords that are not easily guessed. Additionally, it highlights the need for using secure practices when creating accounts.
            • 11:30 - 12:30: Suspicion and Verification of Requests The chapter discusses the principle of privileged access, emphasizing the importance of granting only the minimum level necessary for job duties. This approach limits potential damage if an account is compromised. It stresses the benefits of multi-factor authentication, such as one-time codes via text, to further reduce risks. These methods make it improbable for an attacker to fully exploit a compromised account, as they would need additional verification codes.
            • 12:30 - 14:00: Administrative Controls in Information Security The chapter discusses administrative controls in information security, emphasizing the importance of secure authentication methods. It suggests using single sign-on (SSO) to reduce the risk of logging into incorrect systems, particularly when traveling or working remotely. Additionally, it highlights the dangers of connecting to unknown Wi-Fi or internet connections due to potential security risks.
            • 14:00 - 15:00: Handling Security Incidents This chapter discusses the concept of man-in-the-middle attacks, a type of cyber attack where an attacker intercepts communication between two parties. The attacker can provide an internet connection to reroute traffic through their own system before forwarding it to the intended destination. This poses significant security risks, including the potential compromise of authentication credentials. While there are several ways to conduct man-in-the-middle attacks, enticing users to connect to a rogue Wi-Fi network is among the simpler methods. More complex methods involve pre-compromising the system.
            • 15:00 - 16:00: Conclusion and Key Principles for Employees This chapter discusses the importance of securing internet connections, drawing an analogy between internet traffic and postcards to explain how unencrypted data can be viewed by anyone who intercepts it. The key principle highlighted is the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) to ensure secure communication between a user's device and a website, thereby preventing unauthorized monitoring or interception of data.

            Information Security Awareness - Basic Training Transcription

            • 00:00 - 00:30 [Music] what is information security information security is the process of maintaining confidentiality ensuring integrity and assuring availability of the information information security is a constantly evolving process employees can play a key role in this process there are some
            • 00:30 - 01:00 common threats to information security these threats include but are not limited to human technical and environmental threats examples of human threats include disgruntled employees customers criminals terrorists hackers examples of technical threats include configuration errors obsolete equipment or software or malicious codes such as a virus examples of environmental threats include floods power outages fire severe
            • 01:00 - 01:30 weather or a pandemic for human related threats there are many different motivations these motivations may include but are not limited to financial gain revenge or political agendas an organization implements controls in an attempt to minimize the possibility of a negative impact from the threat controls can be categorized as physical
            • 01:30 - 02:00 technical or administrative physical controls are items related to the physical environment such as doors locks fire suppression etc technical controls are items such as antivirus software firewalls etc administrative controls are items such as formal and informal policies and procedures including codes of conduct acceptable use policies and non-disclosure agreements controls can
            • 02:00 - 02:30 be further categorized as preventative or detective a preventive control attempts to minimize the likelihood of an action such as the lock on a door a detective control attempts to identify if there is an unauthorized action or activity such as an alarm or siren employees play a key role in information security knowing the importance of information security and the reason for
            • 02:30 - 03:00 controls can strengthen the company's overall information security in today's environment information security is important as an unauthorized disclosure or disruption can be financially devastating and negatively affect the company's reputation in many cases there are regulatory requirements as well do understand the importance of information security and your role in
            • 03:00 - 03:30 security the actions of employees can improve or weaken security do not attempt to bypass or circumvent your company's security systems including policies procedures software etc if there is an issue with the process bring it up to your supervisor there may be a major reason for the control if you see an area where security could be improved let your supervisor know the following items are key controls or actions that employees should follow physical
            • 03:30 - 04:00 security is important from an employee standpoint you should not attempt to bypass physical controls do not prop open doors that are supposed to be locked do not allow others to access facilities with you they should enter with their own codes this may include access via doorways or vehicle gates items that contain non-public data should be locked when not in use when the information is no longer needed the information should be
            • 04:00 - 04:30 properly destroyed such as by shredding items pending destruction should be appropriately secured as well users should also lock or shutdown computers or devices when they are not actively being used the system should require a password or code to obtain access as a lot of information is maintained on computers a key control is authentication authentication may be provided by a username and password but
            • 04:30 - 05:00 may include additional layers of security such as text codes or multi-factor authentication often times user activity is tied to an account you should not share your account with others if you do any activity that occurs with that account may be attributed to you you don't want unauthorized activity leading back to your account do not disclose your passwords or store them in unencrypted files for example if your computer was compromised the attacker may find this
            • 05:00 - 05:30 file and then be able to access other possibly more important systems or what if the computer was lost or stolen this is a bigger risk with portable systems you should change your password periodically changing and password periodically minimizes the risk of a compromised password file from being unencrypted you should use strong or complex passwords passwords should not be easily guessed by others whenever using an account or establishing an account for others use a least
            • 05:30 - 06:00 privileged principle use only the minimum level of access needed for the job duties that way if an account is compromised it may have minimal access when given the option for multi-factor such as one time codes via text these options should be strongly considered these options minimize any potential damage should an account be compromised it is highly unlikely that the attacker is able to receive the code as well
            • 06:00 - 06:30 some additional options for authentication include single sign-on if such options are available these should be used rather than direct logins one benefit is that an end user is not likely to login to the wrong system such as a mistyped website when traveling or out of the office avoid connecting two unknown Wi-Fi or other internet connections connecting to an unknown internet connection can be risky an
            • 06:30 - 07:00 attacker could provide the internet connection to perform man-in-the-middle attacks in simple terms your traffic would be routed through their connection and forwarded on to the real destination the risk is at the traffic including authentication credentials could be compromised although man-in-the-middle attacks could be conducted in other ways getting users to connect to a Wi-Fi network is one of the easier methods other methods require a system to be compromised first when
            • 07:00 - 07:30 connecting to a website over the Internet you cannot control the path that traffic takes to its destination as a result you don't know who may be reviewing or monitoring the traffic internet traffic is much like a postcard in the mail if you can access the postcard you can see what is written on the card to provide a secure connection between the user and the destination website many sites provide an SSL TLS Secure Sockets Layer transports layer security connection this type of
            • 07:30 - 08:00 connection can usually be identified by a padlock in the internet browser bar although some browsers show this differently although the connection is encrypted it does not necessarily mean that you are connecting to a legitimate site an attacker may have set up a site that is using SSL to try and trick you as such you need to be cautious if the site is unknown if the site is malicious it will often be reported to the SSL provider and the SSL certificate revoked if you get a warning or error indication
            • 08:00 - 08:30 from the browser do not use the site the site may have been compromised or was created with malicious intent keystroke logging is the process of using software or hardware to capture all of the users input if a user's keystrokes were captured authentication credentials are likely compromised without multi-factor authentication this damage can be significant as an attacker could perform actions as the user
            • 08:30 - 09:00 keystroke logging can be installed via software such as by a virus or via hardware such as a device physically connected to a system the risk of keystroke logging along with other risks is a reason the unknown system such as a hotel library etc should not be used for accessing any non-public systems if you access systems remotely you should only use approved methods or devices although you don't need to understand the
            • 09:00 - 09:30 technical aspects the remote access should use an encrypted tunnel with appropriate authentication the primary reason to use only your equipment is that you can minimize the likelihood of keystroke logging or other systems that can monitor traffic also do not allow others to use your systems when connected remotely social engineering is the process of getting an individual to perform an action this process is sometimes called attacking the human the
            • 09:30 - 10:00 human is often the weakest link in the security chain why try to guess or crack a password when you can just trick someone into disclosing a password this threat vector is very common and difficult to defend there are three major categories of social engineering there are electronic telephonic and in-person electronic social engineering tactics
            • 10:00 - 10:30 include fishing and smishing these attacks may use email or other electronic communication to trick the user into disclosing information or performing an action such as clicking a link installing software conducting a wire transfer etc telephonic or pretext calling is the process of using the telephone to get the user to disclose information or perform an action the method is often referred to as phishing in-person social engineering requires an attacker to be physically present in such cases someone could pose as an
            • 10:30 - 11:00 official technician supplier new employee etc although possible this type of attack is less common as there is a high risk of being caught social engineering is a common threat vector today with any type of social engineering methods there are some common items that should draw suspicion urgency severe ramifications name-dropping as an employee validate any suspicious
            • 11:00 - 11:30 request or action if the request is questionable verify the request via other means such as a phone call to the appropriate party using a known good number do not trust anything provided by the requester if the request is via email do not click links download files or open attachments unless the email is verified if directed to a link go directly to the known good site not via
            • 11:30 - 12:00 the link in the email administrative controls usually augment or correspond to technical and physical controls administrative controls will oftentimes spell out the requirements or actions of an employee some of the common administrative controls include the following non-disclosure agreements are used to limit discussions or disclosure of nonpublic information to authorized parties before you disclose information to someone ensure they are authorized and having need-to-know
            • 12:00 - 12:30 acceptable use policies will outline what actions an employee may take with information systems these may include email internet use telephone etc policies and procedures may be formal or informal ideally these policies will be written ensure that you understand your company's formal policies and procedures with regards to information security and your actions if things go wrong you will likely be held accountable to these policies a security
            • 12:30 - 13:00 incident is an event that threatens the security of information systems this includes the transmission storage and retrieval of information incidents include but are not limited to the following attempts to gain unauthorized access to computer systems software applications or data this may be by someone from outside the organization such as a hacker or an internal employee trying to steal another user's ID and password any event that results in damage corruption misuse or unauthorized
            • 13:00 - 13:30 exposure of confidential data whether the event was deliberate or not attempts to interfere with the normal functioning of information systems this interference may include malicious software denial of service attacks or unauthorized computer applications theft or destruction of information systems to include equipment and printouts of data other violations of information security related policies your company likely has a formal
            • 13:30 - 14:00 incident response policy that guides the actions of the company employees in the event of an incident although you don't need to know all the requirements of responding to an incident you should understand key steps that can assist the incident response team and handling an incident if you suspect an incident with your computer or device attempt to isolate that system remove it from the network such as disconnecting the network cable if connected wirelessly turn off the Wi-Fi or wireless connectivity report
            • 14:00 - 14:30 this issue to the appropriate channel if you are not sure where to report report to your immediate supervisor when reporting an incident include the basic information of who what when additional information may be beneficial as well with regards to social engineering the context of the request can be key information security can be complex but
            • 14:30 - 15:00 employees maintaining a few key principles can greatly improve overall security as an employee do not try to bypass or circumvent security controls physically secure confidential material practice safe internet and email use be aware of social engineering such as phishing and report suspicious activity [Music]