Upload
preston-palmer
View
226
Download
0
Tags:
Embed Size (px)
Citation preview
Security Security TrainingTraining
USAID
2000
Information Security
W H Y ?? Two Reasons:
– It’s a responsibility
– It’s the law
(Computer Security Act
1987)
Training Objectives
What is Computer Security
The Threats
What is your role as a user?
Computer Security Definition
Measures required to protect against:– unauthorized access (accidental or intentional)– malicious modification of data– destruction of data, networks and computer
resources– or denial of service to process data.
Data Classifications
CLASSIFIED
(CONFIDENTIAL, SECRET, TOP SECRET)
SENSITIVE BUT UNCLASSIFIED
(TECHNICAL, PROPRIETARY, PROGRAM SPECIFIC)
UNCLASSIFIED
Computer Security
Confidentiality
Integrity
Availability
Workstation Protection (1)
Comply with the physical security requirements.
Never leave your computer unattended while you are logged in
– log off at the end of the day
Protect sensitive information
– store it in a private area
Workstation Protection (2)
Password Requirements
– Passwords must be at least six characters
(alphanumeric)
• e.g., I8NY2x Dog&Man3
– Passwords must be changed periodically
• USAID - Cairo requires every 12 weeks
• Treat Your Password Like A Toothbrush… Don’t
Share It, and Change It Often!
Password Protection NEVER disclose your password! Personal passwords must remain private
– Don’t let anyone else use it
– Don’t write it down
– Don’t type a password while others watch
– Don’t record password on-line or e-mail it
– Don’t use easily guessed words, like children’s names, spouse, pet, birthday and phone number
Virus Protection Run antivirus programs on a regular basis. Do not use any outside floppies/ disks on your
system without running a virus scan first. Many viruses are introduced because virus scanning was not performed.
No illegal duplication of S/W rule - this reduces the spread of virus and avoids legal headaches
Do not boot from diskette if possible
Data and File Backups
Backup your important data
Verify your backups
Internet Security
Do not download and install programs from the Internet without consulting DMS– for example, screen savers, chatting programs
Do not remove the Security wallpaper. This is an Agency requirement
Do not pass on Chain Letters, rumors and jokes
What is the Mission doing to minimize Risk?
Server Protection
Workstation Protection
Firewalls
Backups
Training