Gregory Evans is listed as a plenary speaker at the upcoming Sixth International Conference on Information Assurance and Security (IAS). Evans' talk is titled "Secure IT: Information Technology and Network Security" and provides a one paragraph abstract along with eight points for protecting companies and employees.
Both sections of write-up submitted to IAS 2010 are apparently heavily plagiarized from two other sources. Below is a comparison of the relevant texts. Portions used by Evans verbatim have been highlighted for emphasis.
An organization's employees, information, operations and systems are critical assets. Protecting the safety, confidentiality, integrity and availability of these assets is essential to maintaining effectiveness, public image and a competitive edge against other companies. Companies face threats to their information, employees and networks every day. These threats include, but are not limited to, computer viruses, network hacks and fraud. CEO's and IT Managers implement procedures to protect against threats and to comply with laws and regulations. Unfortunately, even the best tools and services can be defeated by a user who is unaware how to use them, or how important security is. In order for a company's security program to operate effectively, all employees must help the organization to secure its assets. Security awareness has the greatest positive impact on a company's security.
An organization's people, information, operations, and systems are critical assets. Protecting the safety, confidentiality, integrity, and availability of these assets is essential to maintaining profitability, compliance, public image, and a competitive edge.
Companies face threats to their employees, systems, operations, and information every day. These threats include computer viruses, network attacks, fraud, industrial espionage, and even natural disasters.
Companies implement tools and procedures to protect against these threats and to comply with laws and regulations. Unfortunately, even the best tools and procedures can be defeated by a user who is unaware how to use them, or how important security is.
In order for the organization's security program to operate effectively, all employees must help the organization to secure its assets. Security Awareness provides the greatest return on investment, and has the greatest positive impact on a company's security. The cost of a Security Awareness Program is quickly realized when tools and procedures are followed, and employees understand how to be more secure.
1. Never leave your computer logged on unattended. Remember, you are responsible for any activity performed using your user id.
2. Always log off when you are done or are leaving your work area for an extended period of time.
3. Create a password that no one will be able to guess, like your name.
4. Do not give your password to anyone for any reason. Employees should never log on with their user id/password and let someone else use their access.
5. Never send confidential or personal information (password, credit card or account information, social security number, driver's license number, etc.)
6. Dispose of personal or confidential information in a secure manner (shred, etc.).
7. Make sure your data and applications are properly backed up.
8. Maintain the confidentiality of all data.
1. Never leave your computer logged on unattended, even for a minute. Remember, you are responsible for any activity performed using your user id.
2. Always log off when you are done or are leaving your work area for an extended period of time.
3. Create an "uncrackable/unguessable" password. A non-word with one or more numbers inserted in the middle (not on the ends) is the best choice. To make a memorable and secure password use the letters from a phrase/song, add digits, and use upper and lower case letter (I Love Paris In The Spring - ILp1TS4 - inserted number one for the I).
4. Do not give your password to anyone for any reason or type your password when someone is watching. Don't write down your password, include it in automated scripts, store it on your hard drive/PDA, and don't ask the system to remember your id and password. Employees should never log on with their user id/password and let someone else use their access.
5. Never send confidential or personal information (e.g., password, credit card or account information, social security number, driver's license number, etc.) through the network. E-mail, chat, instant messaging, Internet Relay Chat (IRC - Internet version of CB radio that lets people all over the world have real time conversations) and talk are all equally unsafe.
6. To protect your computer against viruses and other security exploits install and routinely run anti-virus software. Update your anti-virus software regularly to ensure new virus signatures will be detected.
7. Update your operating system on a regular basis with the latest security patches, updates and drivers. This will ensure that your computer is up-to-date and will help prevent against viruses and other security breaches.
8. Never make or use illegal duplicates/copies of software, manuals, images, music, video, etc.
9. Dispose of personal or confidential information in a secure manner (e.g., shred, wipe, incinerate).
10. Make sure your data and applications are properly backed up. Store backups in a location away form the original source of the data (e.g., hard drive).
11. Make sure you protect your computer with surge protectors, by not eating or drinking near it, and by keeping your work area clean.
12. Maintain the confidentiality of all data, keeping in mind the privacy of all individuals.