Debunking Some Common Myths

Scrub · #1 04-30-06, 05:35 PM

Quote:

There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself.

Quote:

How are these myths established?
There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true.

Why is it important to know the truth?

While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits. If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack.
What are some common myths, and what is the truth behind them?

* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to protecting your information (see Understanding Anti-Virus Software and Understanding Firewalls for more information). However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.

* Myth: Once software is installed on your computer, you do not have to worry about it anymore.
Truth: Vendors may release patches or updated versions of software to address problems or fix vulnerabilities (see Understanding Patches for more information). You should install the patches as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.

* Myth:There is nothing important on your machine, so you do not need to protect it.
Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people (see Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information).

* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage (see Preventing and Responding to Identity Theft for more information).

* Myth: When computers slow down, it means that they are old and should be replaced.
Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, cd or dvd drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, you may be experiencing a denial-of-service attack or have spyware on your machine (Understanding Denial-of-Service Attacks and Recognizing and Avoiding Spyware for more information).

Author: Mindi McDowell

United States Computer Emergency Readiness Team (US-CERT)

ScamBuster · #2 04-30-06, 07:52 PM

Quote:

Scrub, these scammers target everyone. RICH or POOR. They see no boundaries and like the innocent or SOMEONE WITH LIMITED EDUCATION. Those are their PRIME TARGETS.

ScamBuster · #3 06-23-06, 04:46 AM

US-CERT frequently participates in and hosts conferences, symposiums, seminars and other security events.

National Webcast Initiative
The Department of Homeland Security, through US-CERT, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have launched a joint partnership to develop a series of national webcasts that will examine critical and timely cyber security issues. The purpose of the initiative is to strengthen our nation's cyber readiness and resilience.

Remote Access
Wednesday June 28, 2006
3 pm - 4 pm EDT

The presentation will raise awareness on remote access. Presentation topics will include the following:

* What different types of remote access solutions exist?
* What kinds of issues do I have to consider when implementing a remote access solution?
* What components of a remote access solution do I need to secure?
* How do I assess the security of remote access solution?
* How do I migrate to a newer or different version of a remote access solution?

Archive

Source:US CERT

ScamBuster · #4 06-23-06, 05:01 AM

Quote:

Public Awareness - Home Users and Small Businesss

EMBARGOED FOR RELEASE ON MARCH 18,2004 AT 2:00 PM
Awareness and Outreach Task Force Report to the National Cyber Security Partnership

March 18, 2004

Executive Summary

About the Task Force
The Awareness and Outreach Task Force, an industry-led coalition of interested security experts from the public and private sectors, was created as part of the National Cyber Security Summit process. Task force members include representatives from trade associations, nonprofit organizations, publicly traded and privately held companies, and state, local, and federal government. Task force members participated voluntarily, donated their time, and were not paid. The task force is not an advisory group to the Department of Homeland Security (DHS) or any other state, local, or federal government department or agency. Instead, it operates under the guidance and coordination of the National Cyber Security Partnership, a coalition of trade associations, including the U.S. Chamber of Commerce, the Information Technology Association of America, TechNet, and the Business Software Alliance, that sponsored and organized the National Cyber Security Summit held in Santa Clara, California, on December 2—3, 2003.

TASK FORCE MISSION
Originally, this task force was charged with developing an awareness campaign to inform small businesses and home users about the importance of cyber security. However, during the December 2--3, 2003, National Cyber Security Summit, the task force expanded its scope beyond small businesses and home users to more accurately reflect the priorities of the National Strategy to Secure Cyberspace. The current mission and description of the taskforce follows:

Mission:
To promote a comprehensive national awareness program to empower all Americans—businesses, the general workforce, and the general population—to secure their own parts of cyberspace.

Description:
The Awareness and Outreach Task Force has developed implementation strategies and tactical plans that target home users, small businesses, large enterprises, schools and institutions of higher education, and state and local governments. Recognizing that we all have a role to play, each constituency has provided practical steps to increase awareness, accountability, and understanding to take action to manage the risks we face in today’s constantly changing environment.

Task Force Co-Chairs:
• Dan Caprio, Chief of Staff to Commissioner Orson Swindle, Federal Trade
Commission
• Ty Sagalow, Worldwide Corporate Product Development, Deputy Chief
Underwriting Officer and DBG-Vice President, American International Group and
COO, AIG eBusiness Risk solutions.
• Howard Schmidt, Vice President and Chief Information Security Officer, E-Bay,
Inc.
The U.S. Chamber of Commerce serves as the Task Force Secretariat. The Task Force Co-Chairs thank Andrew Howell, Vice President for Homeland Security, and Scott Algeier, Manager for Homeland Security, both at the U.S. Chamber of Commerce, for
their significant contributions to this report.

PROBLEMS and CHALLENGES
• Although the Internet has increased communication and productivity has provided businesses with access to new markets, it has also given hackers, thieves, disgruntled employees, fraudsters, and other criminals new opportunities
to cause economic and social damage on a broader scale and has created new potential weapons of terrorism, more quickly than ever before.
• Generally, many private enterprises, public entities, and home users lack the resources to adequately manage cyber security risk.
• A large number of entrepreneurs and home users are not aware of how their individual cyber security preparedness affects security overall.
• Internet users must be made aware of the importance of sound cyber security practices and given more user-friendly tools to implement them.

RECOMMENDATIONS and NEXT STEPS
Small Businesses
• Develop and distribute a cyber security guidebook for small businesses and encourage the development of market-based incentives such as insurance and risk profile analysis that reward small businesses that enhance their cyber security preparedness.

Home Users
• Support, promote, and launch a national public service campaign on cyber security.
• Develop a cyber security tool kit for home users.
• Work with the Internet Service Provider (ISP) communities to identify ways to use their access to their customers to promote cyber security.
Large Enterprises
• Create and implement, in September, 2004, in partnership with DHS, a series of regional homeland security forums for CEOs of large enterprises. A portion of the program should highlight the roles of CEOs in cyber security.
• Begin, in July 2004, a direct mail campaign to C-Suite executives of the 10,000
largest companies in America to provide senior corporate executives with key
messages and activities that are necessary for enterprisewide cyber security.
• Designate September 2004 as Cyber Security Month, and market to CEOs of large enterprises the importance of focusing on cyber security and participating in the DHS CEO regional homeland security forums.
• Distribute and raise awareness of the cyber risk management tools being developed by the Cyber Security Summit’s Corporate Governance Task Force.
K-12 Schools and Higher Education
• Inventory, catalogue, and share best practices on raising cyber security awareness to home users, large enterprises, small businesses, K—12 schools and institutions of higher education, and state and local governments.
• Partner with education groups, school boards, superintendents, teachers, and colleges and universities to develop and distribute materials to school children and institutions of higher education that raise awareness of appropriate cyber security behavior.
• Provide cyber security and ethics curricula and explore opportunities for introducing awareness content as part of courses.
• Consider replicating the DHS Homeland Security CEO Forums for university presidents. A portion of the program should highlight the roles of university presidents in cyber security.

State and Local Government
• Develop, in conjunction with DHS, a Cyber Security Excellence Award to recognize teams, rather than individuals, at the state and local government levels.
• Create a Web-based training tool for state and local governments, as well as for businesses and home users, featuring a series of webcasts hosted by a variety of vendors, which are offering their services pro bono.
• Consider replicating the DHS Homeland Security CEO Forums for governors. A portion of the program should highlight the roles of governors and mayors in cyber security.

CONCLUSIONS
A major role for the Awareness Task Force has been, and will continue to be, to leverage existing awareness and outreach efforts and to initiate and enhance publicprivate partnerships. Promoting a secure cyberspace is the responsibility of every citizen, all levels of government (state, local, and federal), academia, and industries, regardless of size or sector. The list of key stakeholders involved in the solution is limitless, and therefore, the solution will only come as a result of coordinated, publicprivate partnerships.

The progress of the task force demonstrates the effectiveness of the publicprivate partnership model. Task force members believe that more can be accomplished by working together, rather than by working separately. The task force has catalogued existing best practices, developed strategies to market those practices to specific audiences, created incentive plans to ensure acceptance of those practices, contributed to the development of a national advertising campaign, and developed a strategy to communicate to public and private CEOs across the country about the importance of cyber security and their role in enhancing it. Recognizing the role of our students, teachers, and schools and universities, a strategy has been created to bring cyber security directly to them.

In addition, the task force has a team of dedicated state and local public servants who have taken shared responsibility in enhancing cyber security awareness in state and local government agencies throughout each state. While these accomplishments are extensive, the task force recognizes that there is much more to do. The task force also acknowledges that there are other groups who are making positive contributions to cyber security awareness and encourages interested parties to comment on this report and join in the task force’s efforts.

Source: Cyperpartnership.org

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: