federal information systems security education association
play

Federal Information Systems Security Education Association Spear - PowerPoint PPT Presentation

Oct 22, 2023 •340 likes •434 views

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

  1. Federal Information Systems Security Education Association Spear Phishing

  2. Agenda  Definition of spear phishing  Why is spear phishing so valuable to attackers  Spear phishing defenses / countermeasures  Training concepts and delivery Secure Solutions from Security Professionals 2 For Official Use Only

  3. Spear Phishing, What is it?  A type of phishing attack  Uses email messages to trick users to clicking a link, downloading a file, entering data, etc.  Malware may be downloaded / executed to hijack the user’s computer  May appear to come from a trusted source (e.g., colleague, supervisor, employer, vendor, etc.)  More targeted than phishing, not random  Attacker is targeting you and your organization’s data Secure Solutions from Security Professionals 3 For Official Use Only

  4. Spear Phishing, Why?  Bypasses many network perimeter security controls – targets the human  Provides access to the user’s computer and thereby the organization’s internal network and data  Often made easier with information about users often available online facilitating attack  E.g., Social Media Secure Solutions from Security Professionals 4 For Official Use Only

  5. Spear Phishing, Defenses  System / network IT security controls  Spam filters  Antivirus  Content filtering  Digital signatures  User / personnel training Secure Solutions from Security Professionals 5 For Official Use Only

  6. Spear Phishing, Training  Training concepts  Social media  Knowing which emails to trust / validate source  Don’t click URL’s, download files from emails  Pay attention to grammar, greeting, look and feel of the email – identify suspicious emails  Confirm via telephone call, reporting  Training delivery methods  Part of user awareness/onboarding and annual security awareness training (e.g., web based)  Exercises online  Commercial services to perform testing. Provides user training (e.g., this was a test), and provide metrics Secure Solutions from Security Professionals 6 For Official Use Only

  7. Conclusion  Spear Phishing is real and has led to numerous compromises  Commonly used vector, bypasses perimeter defenses, access to internal networks and data  Training the user is essential ! Secure Solutions from Security Professionals 7 For Official Use Only

  8. Questions Secure Solutions from Security Professionals 8 For Official Use Only

Recommend

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E.

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E.

Use of Slogans, Images, and Characters in Federal Information Systems Security Education Neil E. Grunberg, Ph.D. Professor of Medical & Clinical Psychology and Neuroscience Uniformed Services University of the Health Sciences Bethesda, MD March

305 views • 19 slides
Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th

Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th

Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th Annual Conference | March 18, 2014 Evolving Technology Personnel expect greater mobility, connectivity, and networking capabilities As a

502 views • 23 slides
NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal

NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal

NIST Special Publication 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations FISSEA 27 th Annual Conference Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and

353 views • 31 slides
information security and cybercrime; To grant awards, scholarships or sponsorships to people

information security and cybercrime; To grant awards, scholarships or sponsorships to people

RAISA Romanian Association for Information Security Assurance is a profes - sional, non-governmental, non-partisan political, nonprofit and public benefit association. PURPOSE The aim of Romanian Association for Information Security Assurance

84 views • 6 slides
Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators

Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators

Build ing a Cy b er Security Ta lent Pip eline Federal Information System Security Educators Association March 16, 2011 The Partnership for Public Service The Partnership for Public Service is a nonprofit, nonpartisan organization that

457 views • 18 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

460 views • 8 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

357 views • 12 slides
National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington,

National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington,

National Association of Federal Education Program Administrators (NAFEPA) March 2016 Washington, DC Title I Equitable Services Overview Isadora Binder, Office of Non-Public Education Michael Anderson, Office of General Counsel Todd

447 views • 40 slides
National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A) T HE CYBER THREAT

315 views • 13 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne

Information Security Collaboration Tom Dugas, Director of Information Security @ Duquesne University Maureen Bertocci, Director of Information Security @ Robert Morris University What is C-CUE C-CUE is a Western-PA regional association of

433 views • 11 slides
INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5)

INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5)

INFORMATION MANAGEMENT AND SECURITY FOR FEDERAL CONTRACTORS ( CYBER SECURITY SERIES PART 1 OF 5) ACQUISITION HOUR WEBINAR September 24, 2019 9/24/2019 WEBINAR ETIQUETTE PLEASE Log into the GoToMeeting session with the name that you

862 views • 71 slides
Michigan Association on Higher Education and Disability presents Accessing Disability

Michigan Association on Higher Education and Disability presents Accessing Disability

Michigan Association on Higher Education and Disability presents Accessing Disability Support Services at the Post Secondary Level Federal Mandates Individuals with Disabilities Education Act (IDEA), Re-authorized 2005

1.1k views • 36 slides
American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee 2013 Fall ISC Meeting and Presentation (with special participation by the Homeland Security Committee, the Cloud Computing Committee & the Public

57 views • 3 slides
Information Technology Services & Health Systems IT Cyber Security Case Studies

Information Technology Services & Health Systems IT Cyber Security Case Studies

Information Technology Services & Health Systems IT Cyber Security Case Studies Ransomware Hospitals and Health Care Agencies Higher Education Research, Financial, Personal Phishing W2 breaches Financial

560 views • 22 slides
Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security

Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security

Security Fundamentals for Educational Leaders Steve Palmer K-12 Information Systems Security Analyst EduTech User Awareness Preparing our Digital Citizens for the Future The Numbers State of North Dakota has over 530 schools All connecting

432 views • 22 slides
Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs

Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs

Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs Paul Hinkle Founder, SVP Security Education Safelight Security Advisors http://www.securityadvisors.com Introductions Paul Hinkle: a little

689 views • 10 slides
Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project

Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project

Whats App Security Guidelines Information Security Education and Awareness (ISEA) Project Phase-II Introduction WhatsApp Messenger is a FREE messaging app Available in Android, IOS and many other smartphones. WhatsApp uses your

380 views • 26 slides
National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler,

National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler,

National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler, International Relations Advisor, Federal Offjce for Information Security (BSI) Mission Statement of the German Federal Offjce for Information Security (BSI)

464 views • 14 slides
Security Awareness on a Budget FISSEA 2011 Security Awareness on a Budget (or even with NO

Security Awareness on a Budget FISSEA 2011 Security Awareness on a Budget (or even with NO

Security Awareness on a Budget FISSEA 2011 Security Awareness on a Budget (or even with NO budget!) FISSEA 2011 Introduction FISSEA =The Federal Information System Security Educators Association We are EDUCATORS, first and foremost

747 views • 38 slides

More recommend