Anti-Cyber Crime Team Training Services
Integrates information protection expertise with team training programs.
These programs include lively presentations and interactive breakouts.
Information Protection Overview for Execs (EIPO)
Overview
Our orientation session is designed for non-technical executives and professionals who need
to understand key business issues about effective information protection and network security.
This introductory course uses real world examples to show how competitors or Cyber-criminals
may compromise data integrity or disrupt your network’s availability and reliability.
It anchors our team training series with a focus on people, policy and process.
Focus
Participant workshops reinforce both risk assessment and mitigation methods in a straight-forward common sense format with a take-home executive risk assessment checklist and policy template.
Delivers overview and guidelines for preparing, responding to & follow-up after digital disruptions!
Learning Objectives
What you will learn:
- Are we at risk?
- Who and what are the threats?
- How do we prepare for the inevitable?
- How do we determine if we have been attacked?
|
How do we stop an attack in progress?
What do we do?
Who do we notify?
How do we recover from an attack?
|
Outline
|
Section |
Topic |
|
1 |
Course Objectives & Overview / CBS "Cyber Thief" Video (15 Min) |
|
2 |
Cyber Crime: A Most Unnatural Disaster …Why Worry? |
|
3 |
An Ounce of Prevention – AVOID being victimized! |
|
4 |
Breakout-1: Assessing Risks - SIRT Preparation & Orientation |
|
5 |
Prudent Protection Practices & Safeguards |
|
6 |
A Pound of Cure – Detection and Correction |
|
7 |
Breakout-2: Responding to "Cyber Attacks" – Simulated Digital Disruptions |
|
8 |
Forensics & Dr. Quincy, ME – Root Cause Analysis |
|
9 |
Q&A Review with Overall Evaluation |
|
Length - 1/2 Day |
Materials – Workbook, Workshop Guide
& Information Protection Policy Templates |
© 2001 ACCTTS, LLC
Exec_IPO4X-Syllabus RJB.htm
Selected "Netspionage" Risk Factors - YES or NO
___1. Operations in more than one continent?
___2. Distributed & decentralized computer & network infrastructure?
___3. Internet connectivity
generally available to the workforce?
___4. National / international media profile?
___5. National Security Threat List industry? [www.fbi.gov/hq/nsd/ansir/ansir.htm]
___6. Multinational operations contribute substantial (40+%) revenues
___7. High level of competitor collaboration?
___8. Multiple significant foreign joint ventures?
___9. Two or more major domestic joint ventures?
___10. Major acquisition or merger within last 12 months?
___11. Recent or projected downsizing?
___12. Workforce turnover exceeds industry average?
___13. Workforce composed of 40+% contractors, temporaries or consultants?
___14. Operations or presence in High Risk Areas?
___15. "High Tech" product(s) comprise significant portion of annual revenues?
___16. Breakthrough product(s) and/or services?
___17. Benchmark level business processes?
___18. Top 10% industry ranking?
___19. No competitive intelligence program?
___20. Extensive reliance on computers in product design, development or delivery?
___21. Knowledge-based business?
___22. Limited physical security program?
___23. No formal program for safeguarding proprietary information?
___24. Prior attempts within industry to steal secrets?
___25. Past attempts to steal information from corporation?
___26. R&D represents substantial portion of revenues or R&D exceeds industry average?
___27. Partnering is a major aspect of the business?
___28. Overseas business partners?
___29. Manufacturing is totally or significantly outsourced?
___30. No formal information systems security program?
___31. Significant e-business or e-commerce operations?
HIGH Risk if YES Over 15 LOW Risk if YES Under 9
Exec_IPO4XSA-Syllabus RJB.htm
How to Create a Secure Password You Can Remember
Copyright © 2001, Stratvantage Consulting, LLC. All rights reserved.
It’s human nature to resist the demand by security personnel that you create a secure password and change it frequently. People typically use a password only a few times daily and may have established accounts at a variety of intranet and Internet sites that they find hard to keep straight.
Because of this, people have a tendency to choose passwords that are easy for them to remember, perhaps based on the names of friends, family, sports teams, or pets. Unfortunately,
such passwords are also easy for someone else to guess.
Add to this the fact that the security of the password should reflect the sensitivity of the protected resource. You may not care too much if someone hijacks your HotMail account,
but you’d definitely be interested if they stole your bank account.
However, if you always use passwords that are secure and memorable (to you),
then you don’t need to be as worried about suffering identity theft.
Here are some rules to help you keep your accounts secured
by creating secure and memorable passwords.
Good Passwords:
Contain a minimum of one character from at least three of the following four classes:
o Lower case letters
o Upper case letters
o Arabic numerals (i.e. 1, 2, 3, 4, etc)
o Special characters such as !, #, %, $, _, @, *.
Include more than one number and/or one or more special characters (for example, %, $, '.).
Are at least 7 or 8 characters long
Are easy to remember (don't write them down, don’t save them in a disk file)
Can be typed quickly so that someone can not watch you enter the password
Can use acronym that is special to you – examples:
"'65 Mustangs are better than anything from the '80s" becomes "65ma>80+"
"the quick brown dog jumps over the lazy cat" becomes "TqbDj/tlC"
"ain't nobody's business if I do" becomes "a't0biId"
(Please do not use these - create your own!)
Are used for one account only. Do not use the same password for multiple accounts.
If it is ever compromised, the cracker’s got access to your whole online life.
Are rotated at least every 90 days.
And don’t rotate them by just incrementing an included number.
Bad Passwords:
Anyone's name
Any combination of your login name, first and last name.
A password should NOT be based on:
o Modifying any part of your name or name+initials;
o Modifying a dictionary word;
o Popular acronyms;
Anyone's Birthday
Things you like: favorite locations, films, books, colors,
or any other data that could be easily obtained about you
Any word in the English dictionary
Any word in a foreign dictionary
Fantasy Characters
A proper noun
A place
Your phone number
Your Social Security number
Your Address
Your license plate number
Profanity
Passwords all the same letter
Simple patterns of letters on the keyboard ("sss", "aaaaa", "qwerty")
Short word pairs joined together ("theto")
Look out for smileys ... :-)
Bad password Examples:
alec7 – it's based on the user’s name (and it's too short anyway)
gillian – name
naillig – ditto, backwards
theskyisblue – common phrase, no numbers, no punctuation
PORSCHE911 – it's in a dictionary
12345678 – it's in a dictionary and people can watch you type it
abcxyz – ...ditto...
0ooooooo – ...ditto...
Computer – just because it's capitalized doesn't make it safe
wombat6 – ditto for appending some random character
6wombat – ditto for prepending some random character
merde3 – even for french words...
mr.spock – it's in a sci-fi dictionary
zeolite – it's in a geological dictionary
ze0lite – corrupted version of a word in a geological dictionary
Copyright © 2001, Stratvantage Consulting, LLC. All rights reserved.
If you’re not terrified about security, you’re not paying attention!™
You may think these rules are paranoid. But there’s a good reason why: Modern password
cracking programs use dictionaries of a dozen languages, proper names, religious texts (for example,
the Bible and the Koran), myths, phrases, almanacs and whole major texts (for example, Paradise Lost).
Additionally, modern password crackers test for rotations (for example, elaFleckB), reversals (for example, luapts), numerical padding (for example, misty9), letter replacement (for example, ball00n) and dozens of other rules. A secure password should avoid these weaknesses.
So make your password secure, make it memorable, and be careful out there!
Copyright © 2001,
Stratvantage Consulting, LLC. All rights reserved.