Lesson - NCyTE

Lesson NCyTE-Free Presentation Download

  • Date:24 Jun 2020
  • Views:206
  • Downloads:0
  • Size:447.32 KB

Share Presentation : Lesson NCyTE

Download and Preview : Lesson NCyTE

Report CopyRight/DMCA Form For : Lesson NCyTE


Transcription:

InformationSecurity and the CIATriad LessonLesson 1 Gone PhishingThis document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Learning OutcomesUpon completion of this lesson students will understand how phishing leads to.
unauthorized access to computingresources or information identify examples of personally identifiableinformation PII This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Guiding Questions What is trust based upon in theonline world .
How does the CIA Triad affectinformation security This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 .
Warm Up Activity Word CloudWhat are 3 words that come to mindwhen you think about online securityThis document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation under.
Grant No 1548315 Is online security a big During the first quarter of 2019 Facebook removed 2 2 billion fakeaccounts from its platform That is nearly as many active monthly usersas it claims to have in total .
In October 2018 Twitter announced that it had removed 9 million usersthrough a crackdown on bots The total number of phishing sites detected by the Anti PhishingWorking Group APWG in Quarter 1 of 2019 was 180 768 In Q1 2019 58 percent of phishing sites were using SSL certificates .
The FBI s Internet Crime Complaint Center IC3 receives over 800complaints per day In 2017 the FBI s IC3 received 1 783 complaints identified asransomware with adjusted losses of over 2 3 million This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 What is the danger ofdeepfakes A phishing website named klkviral org listed 55 851 Snapchat.
accounts along with their usernames and passwords The attackrelied on a link sent to users through a compromised account that when clicked opened a website designed to mimic the Snapchatlogin screen Newton 2018 In March 2019 an artificial intelligence generated voice deepfake.
was used in a scam The CEO of a UK based energy firm thought hewas on the phone with his boss when he followed the orders toimmediately transfer 220 000 approx 243 000 to the bankaccount of a Hungarian supplier It is the first known use of AIdeepfake for a financial crime Damiani 2019 .
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Phishing DefinedPhishing is an attempt by an individual or group to.
solicit personal information from unsuspecting users byemploying social engineering techniques Phishing emails are crafted to appear as if they have been sent from alegitimate organization or known individual These emails oftenattempt to entice users to click on a link that will take the user to a.
fraudulent website that appears legitimate The user then may beasked to provide personal information such as account usernamesand passwords that can further expose them to future compromises Additionally these fraudulent websites may contain malicious code This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Why is Phishing a popular The World Wide Web is a system of linked pages programs and files .
The very nature of the Internet makes it relatively easy toredirect a user using an embedded link in an email Many users simply don t take the time to carefully examineeach email due to the volume of emails in the inbox Thismakes it relatively easy to insert a malicious link The link.
may redirect to a website asking for username or password or start downloading a file or perhaps deploy ransomwareon a computer system This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation under.
Grant No 1548315 Keeping SecretsTop Secret NAS Report Details Russian Hacking Efforts Days Before2019 Election Cole Matthew et al The Intercept 5 June 2017 .
Discussion Questions 1 What happened How did it happen Why did it2 Who are the stakeholders 3 Where is accountability assigned This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Does abstraction impact Abstraction is the process of reducing complexity by focusingon the main idea By hiding details irrelevant to the question.
at hand and bringing together related and useful details abstraction reduces complexity and allows one to focus on The design of the Internet is an example of abstraction Ithas enabled an untold number of users worldwide tocommunicate and interact online with little to no.
understanding of how it works This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Gone Phishing.
Can you spot when you re being phished Google How is your Phishing IQ SonicWall Phishing Quiz Cisco What did you notice about the phishing emails What are some of the characteristics of a scam.
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Phishing ScenarioIt s August and school will be starting soon You have.
not checked your school email account since June Your friends have told you that there are someimportant emails about senior photos that youshould read Your inbox has over one hundredunread emails You scan the subject lines looking for.
the email about senior photos There are lots ofemails from colleges reminders about summerreading and then you see the subject line Urgent You open the email This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Phishing ScenarioRecipientsSubject URGENT.
The attached document contains importantinformation about your school year Kindly click open file using supportive webbrowser The document is securely sent usingPDF scanner Feel free to contact me if you.
have any questions Note Open Attached PDF and preview withExisting IDImportant pdf 1K xThis document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Phishing ScenarioYou click on the attachment it opens in the browser and youclick on a link that says Sign in to view the document You.
are redirected to a login page requesting your email addressand password You enter your credentials and some files startdownloading to your computer You now wonder whether youshould have provided your email address and password Youfeel a sense of panic as your computer is restarting .
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Fake social mediaWhile checking your social media account on your phone you.
see several new follower requests You tap to confirm therequests as some of them look familiar but others do not Youwant to raise your follower count to boost your onlinepresence so more is better Or is it What harm can comefrom accepting fake follower requests .
Real or Fake This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 What are fake accounts .
Fake accounts may be created by individualswith an intent to deceive A sockpuppet is an online identity used forpurposes of deception Socialbots control social media accounts and.
perform automated tasks with the intent ofconvincing other users that the socialbot is areal person This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation under.
Grant No 1548315 Activity Think Pair ShareWhat do phishing emails and fakesocial media accounts tell us abouttrust in the online world .
Trust but Verify This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Record Student Responses.
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Warm Up Activity What information is valuable to a hacker .
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Warm Up Activity cont 1 In 2015 the Office of Personnel Management OPM .
discovered a data breach OPM serves as the storehouse ofpersonnel records for federal employees The stolen dataincluded names addresses places of birth social securitynumbers financial information fingerprints and backgroundchecks on millions of people .
Over the course of at least two months in 2017 143 millionAmericans were impacted by the Equifax data breach Equifax failed to apply a security patch The hackers acquirednames Social Security numbers birth dates addresses andeven some driver s license information .
This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Activity Personally IdentifiableInformation.
What is Personally Identifiable Information This document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Examples of Personally.
Identifiable Information Social security number Phone number s Medical information Financial information.
Biometric dataThis document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 Writing prompt.
What defines personally identifiableinformation PII What are some possibleeffects of a data breach involving thisinformation This document is licensed with a Creative Commons Attribution 4 0 International License 2017.
www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 on of ConfidentialiInformat tySecurity CIA.
AvailabilitIntegrity yThis document is licensed with a Creative Commons Attribution 4 0 International License 2017www C5colleges org This material is based upon work supported by the National Science Foundation underGrant No 1548315 .
Activity Alice Bob Eve Students work in groups of 3 Each student has a definedrole as either sender Bob receiver Alice or eavesdropper The challenge is for the sender to transmit a messagethrough the eavesdropper to the receiver The message is a.
number between 1 and 100 The eavesdropper challenge is to figure out the number Read: “Top-Secret NAS Report Details Russian Hacking Efforts Days Before 2019 Election ” (Cole, Matthew, et al. The Intercept, 5 June 2017.) Discussion Questions: What happened? How did it happen? Why did it happen? Who are the stakeholders? Where is accountability assigned? This is a good time to lead a discussion on Cyber Ethics.

Related Presentations