ACCTTS:
Anti-CyberCrime Team Training Services

  
       
     
     


Providing Information Protection
Education -Training Programs
& Support Services
       

Dimensions:
Information Protection Team Training (IPTTS) Series - Overview . . . .


1. Information Protection Overview for Executives!

A11A: Quick Intro to
CyberCrime Fighting
for All Stakeholders

A11S: Information Protection Overview
(for Executives)

A12A: Introduction to
Cyber Ethics for
All Stakeholders

A12S: Introduction to
Cyber Ethics for
Sr. Management

2. Understanding
Risk Factors





© 2001-2002 ACCTTS, LLC
For information contact:
Mike Ellsworth
Mailto:Mike@acctts.com
  
 

. . . Act -1

    
 

Main
More

Overview

Contact

USAA Earthlink FOCUS ON...WEB SECURITY
Click Logo for
Supplements

Act-1<-
Act-2
Act-3

Act-4
Act-5
Act-6

    
       
   

The KEY to Stakeholder TRUST

      
       
   

Prior Resource Links
Use Right Mouse Key to OPEN
Links in NEW Window !

      
       
   

Capella University
Cyber Threats Syllabus

      
       
   

Century College Information Security
for Information & Telecom Technology

     
       
   

Metro State University
Grad. Management Program

      
       
   

UMN Carlson School of Management
- MISRC Calendar

      
       
   

Who to Contact
Safeguards - 101
Menu-D1

      
       
    Phone:

URL:		   1-952-525-1584

CTOMentor P2P 		     
       
    Email:   mellsworth@stratvantage.com      
 

Revised: 13-Jan-2002 @ 13:35 CST

    
     
   

Anti-Cyber Crime Team Training Services (ACCTTS)

Integrates information protection expertise
with education and team training programs.
These programs include lively presentations
and interactive workshops.

Dimension 1: Information Protection
& Cyber Ethics Overviews
Safeguards - 101
Menu-D1

Description

A11A: Quick Intro to CyberCrime Fighting
for All Stakeholders

Simple Computing Safeguards
for Small Business and Home Computer Users

Visit www.nipc.gov to learn about password protection practices!

  • Make regular backups of critical data.
    Create backups at least once DAILY.

    Larger organizations create WEEKLY full backups
    with DAILY incremental backups every day.

    At least MONTHLY, verify off-site backup media’s integrity and usability.

  • Use effective software protection from malware.
    A - Have it correctly installed on your workstation,
    B - Check for new virus signature updates DAILY . . .
    C - Scan dynamic file areas either incrementally or periodically –
    File servers, Mail servers & ALL input devices.

malware
 

(MALicious WARE) Software designed to destroy, aggravate
and otherwise make life unhappy or frustrating !

See virus, macro virus, Word macro virus, Worms and Trojan horse

  • Do NOT open email attachments from strangers,
    regardless of how enticing its Subject Line or attachment seems !

    Be suspicious of any unexpected email attachment
    from someone you DO know         . . . It may have been sent
    WITHOUT that person’s knowledge from an infected machine.

  • Do NOT keep computers online when inactive!
    Log-off from workstations, but keep available for anti-virus signature file updates.

    For Small Offices or Home Office (SOHO), either shut them off
    -OR- physically disconnect them from Internet connections.

  • Use a firewall as a gateway between your computing resources
    and any Internet connections.
    Firewalls may be deployed as hardware or software safeguards for defense-in-depth solutions.

    Such safeguards are essential when computers are always online using popular DSL and cable modems.
    However they are equally valuable safeguards for people using dial-up Internet connections.

  •  

    Gateway
     

    (-1-) A computer performing protocol conversion between different types of networks or applications.
    For example, a gateway converts a TCP/IP packet to a NetWare IPX packet and vice versa
    or from AppleTalk to DECnet, from SNA to AppleTalk and so on.

    Gateways function at layer 4 and above in the OSI model. They perform complete conversions
    from one protocol to another rather than only supporting one protocol
    from within another, such as IP tunneling. Routers can sometimes implement
    gateway functions.

    An electronic mail, or messaging, gateway converts messages
    between two different messaging protocols.

    See LAN and IP gateway


    (-2-) A computer acting as a go-between for two or more networks using the same protocols.
    In this case, the gateway functions as an entry/exit point to the network.
    Transport protocol conversion may not be required, but some form
    of processing is typically performed.

    See     proxy server . It is an application that breaks the connection between sender and receiver.
    All input is forwarded out a different port, closing a straight path between two networks
    and preventing a cracker from obtaining internal addresses and details of a private network.

    E-Poll on Corporate Firewalls: Getting Personal

    . . .     DSL and Computer Security Issues [Don’t Stop Looking @ Vulnerabilities ! ]

  • Regularly verify and quickly install security patches
    from qualified     software vendors . . .

For HELP with first & last safeguard listed
. . . visit www.securemicrosoft.com


While Code Red has infected over 350,000 computers during the last several days,
neither it nor viruses like Sircam will be end of civilization as we know it.
Nevertheless, the threat from worms, viruses, and other 'bad guys' (malware) is real.

But, like a freeway traffic jam, it's only 'really' real when you're among those stuck in it.
While it is effectively impossible to completely eliminate the risk of loss from these
nefarious agents of doom, here are seven (7) things you can do to mitigate the risk.
_______________________________________________________________

Click here for NDU KnowledgeNet Glossary . . .

Also scan NCMS Trusted Access
& www.humanfirewall.com

To learn more about . . . Tips, Tricks and Traps to AVOID

A11S: Information Protection Overview
(for Executives)

Overview

  • Our orientation session is designed for non-technical executives
    and professionals who need to understand key business issues
    about effective information protection and network security.


    This introductory course uses real world examples to show how competitors
    or Cyber-criminals may compromise data integrity
    or disrupt your network’s availability and reliability.


    It anchors our team training series with a focus
    on     people, policy and process.
    •

    Focus

    • Participant workshops reinforce both risk assessment and mitigation methods
      in a straight-forward common sense format with a take-home executive
      risk assessment checklist and policy template.
    • Delivers overview and guidelines for preparing, responding to
      and following-up after digital disruptions.

    Learning Objectives

    What you will learn:

    • Are we at risk?
    • Who and what are the threats?
    • How do we prepare for the inevitable?
    • How do we determine if we have been attacked?
  • How do we stop an attack in progress?
  • What do we do?
  • Who do we notify?
  • How do we recover from an attack?

    • Outline

    Section

    Topic

    1

    		 Course Objectives & Overview / CBS "Cyber Thief" Video (15 Min)

    2

    		 Cyber Crime: A Most Unnatural Disaster

    3

    		 An Ounce of Prevention - AVOID Being Victimized!

    4

    		 Breakout-1: Assessing Risks
    & Security Incident Response Team (SIRT) Preparation

    5

    		 Prudent Protection Practices & Safeguards

    6

    		 A Pound of Cure - Detection and Correcton

    7

    		 Breakout-2: Responding to "Cyber Attack" - Digital Disruption Simulations

    8

    		 Forensics & Dr. Quincy, ME - Analyzing Root Causes

    9

    		 Q&A Review with Overall Evaluation

    Length1/2 Day Materials Workbook, Workshop Guide
    & Information Protection Policy Templates

     

    NDU Information Assurance FAQs
    Click here for     NDU KnowledgeNet Glossary . . .

    NCMS InfraGard Manufacturing Industry Association (IMIA)
    Preview     NCMS Trusted Access
    &     www.humanfirewall.com


    To learn more about . . .
    Tips, Tricks and Traps to AVOID

    Internet Service Provider Reviews

    Internet Security & Microsoft's PSA+

    Strategic Technology Protection Program (STPP)

    By:mark.j @ 10:28:AM - - SendNews [HERE] / BT eSecurity [HERE]

    Following the recent problems with Internet worms
    such as     Code Red . . . Microsoft have offered up
    a 'Personal Security Advisor' (MPSA) system:

    Microsoft Personal Security Advisor (MPSA-Demo)
    is an easy to use web-based application that helps you
    protect your     Windows NT™ 4.0 or Windows 2000™
    workstation privacy and productivity.

    MPSA will scan your system and build a customized report on items such as – missing security patches, weak passwords, Internet Explorer and Outlook Express security settings, and Office macro protection settings.

    * * For each weakness identified on your computer, MPSA provides easy to understand information on the security issue at hand, how to fix it, and links to additional information about the issue.

    Once you correct a reported deficiency, you can run the scan again and see the results of the change. Running MPSA on a regular basis helps ensure your system's configuration stays current and secure.

    Shavlik's online self-audit coach can be found     HERE and is very relevant tool for those of you on broadband connections.

    If you don't run a fully functional firewall
    then this should be a requirement for always-on connections.

    We'd also like to point out the following system for those on any other operating system:

    https://grc.com/x/ne.dll?bh0bkyd2
    [Shields Up! @ Gibson Research Corporation]

    It's somewhat less complex and should be ideal
    for Windows 9x/ME and Linux etc. users trying to find security holes / gaps in their systems that need to be plugged.

    Every reader to this site
    would be well informed to try either or both.

    Source: www.ispreview.co.uk/archives.shtml [29 Aug 2001]

    Syntegra - the brains behind the scenes
    SyntegraUSA - Information Protecton Portfolio

    With the growth of digital business and communications, security has become a key issue. It's important that information can be shared safely between colleagues, customers and suppliers. Security is also vital for encouraging customers to purchase online.

    And if your business can't demonstrate a commitment to security, you run the risk of losing your place as a supplier.

    BT eSecurity Key Facts

    Key facts:

    On average, 60 per cent of organisations have suffered a security breach in the last two years1
    During 2001, the number of emails containing viruses detected by a leading scanning service
    rose above the one in 400 mark2

    Unchecked viruses could cost businesses
    £907 billion world-wide by the end of 2002    3
    One survey found that 90 per cent of sampled businesses had experienced computer breaches
    in a 12-month period - up from 62 per cent
    in the previous year4

    Security breaches are often caused by poorly implemented internal processes, lack of staff awareness and lax controls on contractors

    40 per cent of breaches in security
    are due to operator error5

    Not just adding to your costs:

    Getting your internet security right has significant benefits. In fact it could add value to your business
    by removing some of the barriers
    to doing business online.

    Operational continuity safeguard investments
    can help sustain your business's integrity, improve reliability of your service and give greater confidence to your customers.

    1. DTI Information Security Breaches Survey 2000.
    2. Message Labs, reported in the Guardian newspaper, August 2001.
    3. Price Waterhouse Coopers (PwC).
    4. Internet Security Investor Handbook
      - Lehman Brothers, March 2001.
    5. DTI Information
      Security Breaches Survey 2000.

    © 2001 ACCTTS, LLC
    File-ID: ACCTTS-CiberPAC3.htm


    EIPO-IPO4Execs-Syllabus.htm
    Safeguards - 101
    Menu-D1