Note: This course was recorded and produced by Mentor Source, Inc. We're pleased to host this training in our library.
Skill Level Beginner
- [Instructor] Hello, and welcome to our Cybersecurity Awareness course on Safer Digital Communications. My name is Tom Tobiassen, and I will be your instructor for this course. I am a cybersecurity consultant with over 40 years of IT experience and almost 20 years in cybersecurity. I have certifications as a cybersecurity professional, a cybersecurity engineer, and a cybersecurity auditor from international associations. Today's course, Safer Digital Communications, is about hardening your computers, networks, educating you and your employees, in a way that protects you and your vital data.
Computer systems and operating systems coming new straight out of the box have default settings that form a security perspective that are generally weak at best. New computer network hardware is set up for ease of use, which also makes it easy for a bad guy to get into your network. In my world as a cybersecurity consultant, I look at every aspect of a client's computer, network, physical doors and locks, guards, employee training, policies and procedures.
I evaluate hundreds of security checkpoints and verify that there are no obvious holes for the bad guys to break into or for the data to leak out of. Every security checkpoint is documented and evaluated for risks, tested, evaluated, and certified as safe. If the total computer system environment is considered safe enough to operate, the system is allowed to go into operations.
But cybersecurity does not end there. After the computer is put into operations, we start a process of continuously monitoring the security elements of the entire system. We audit employee behavior to make sure that they are using strong passwords. We audit computer security settings to ensure that things like screen locks are used and that timers are set so that the screens will timeout when left unattended. We check audit logs to see if there have been any break-in attempts.
We look at guard logs to make sure that they're doing doing the rounds and that no unusual people are trying to break in. We take cybersecurity and the security of critical computer systems very seriously. With the recent insider attacks and leaks of very sensitive national security information by Snowden and others, an even more heightened sense of security and urgency has been instilled in all government security professionals.
The leaks of company proprietary data at Sony or the leaked emails of some political parties, we have been painfully made aware of the holes in our data processing systems and how vulnerable our personal data is to falling into the wrong hands. So some of the things that we really focus on are things like passwords. Passwords are critical, and we're going to talk about that password hygiene. The password is sort of the key to getting into the computer. It's the lock, it's the padlock, and if someone has the key, they get in, and if they're sloppy with that key and let that key fall into someone else's hands, somebody else gets in, and that's not a good thing.
That's important for protecting the confidentiality and integrity of that system. We look at screen locks to make sure that a screen lock is in place in the event that you walk away, that somebody can't walk up to your terminal and just start entering data, or look through your emails, or look through the data that's on there, or damage the data that's on there. We look at screen lock timeout to make sure that if you do get up and don't lock the screen like you should, that the system will automatically lock the screen. The timeouts are important, and we're going to test those.
We make sure that the data that's at rest, in the old days we used to put data on tape and store it in a safe. Today, we have USB hard drives, we've got all kinds of ways of storing data. The data storage devices are very portable. They store large amounts of data. We want to make sure that that data that's at rest, that's not on the system right now, is locked up and secured and can't walk out the door inadvertently. We also want to look at data in transition, and the data in transition may be data that's flowing across the network.
Is that network safe? Is the data encrypted as it travels across the network? We want to make sure data in transition that's in use is safe from the source point to the destination point and everything along the way, so we're going to be looking really hard at the networks. We look at break-in attempts. Has anybody or can anybody break into the room that the computer is in or break into the computer, let's say, by brute force attack? We look at auditing.
We're going to be looking at logs, and not only the computer logs, but, say, the security guard logs to see if any unusual things are happening around the physical security and around that computer to make sure that it's physically safe. And then we're going to look at the people. We're going to look at people to make sure that they're good people, that we can trust them, so we get them a security clearance, we get background investigations, we do polygraphs, we do all the kinds of things to make sure that the people can be trusted that are using our computers and our data.
So security, from my perspective, is pretty broad, and we have hundreds of checkpoints that we look at to determine if the system is safe, the data's secure, and it's going to be available to you when you need it, as the intended user. So security's a really big deal, but that's probably a lot more than you need to know in this course. So we're going to get back to the basics and just talk about what's important for you to do in your day-to-day work, in your day-to-day life at home, your day-to-day use of the computer, whether it be at home or whether you're traveling, to make sure that you're maintaining that computer and your data safely, and always thinking about security and the security of your family, and the security of your company's data.