Sunday, 10 July 2011 13:36

Federal Information Systems Security Awareness

Written by  Administrator
Rate this item
(1 Vote)

Use these 2008 Federal Information Systems Security Awareness security tips.

Some Tips from 2008 Federal Information Systems Security Awareness


To protect your information system, you should:


  • Avoid offers of free screen savers or anything else that pop-up ads offer.
  • Avoid responding to pop-up boxes that tell you that you've won something.
  • Do not download anything to your computer unless your local IT office has authorized the download.
  • Do not respond to e-mails from unknown or questionable sources.
  • Avoid Web surfing to unknown or questionable sites.


Use caution when opening e-mail attachments. They may contain malicious code that can corrupt files, erase your hard drive, or even allow a hacker to gain access to your computer. Be especially wary of attachments that end in .exe, .com, .vbs, .bat, .shs, .pif, or .scr. This list of suspect file extensions can increase at any time. -mail spoofing is a technique used to disguise the source of a message. It fools an information system and the user into thinking that a message is coming from a trusted source or from someone you know.


Most updated routers and firewalls have been designed to protect against spoofing. Nevertheless, if you receive an e-mail from someone in your organization or from a financial institution requesting personal information, call a trusted person in that organization using a phone number that you know is legitimate before providing any information.


This type of spoofing can result in identity theft if you provide personal information without first checking the authenticity of the e-mail.


Internet hoaxes are e-mail messages written with one purpose — to be sent to everyone you know. Different types of hoaxes include:


  • Warning about a new virus.
  • Warning about a commonly used consumer product.
  • Asking the user to forward the message to all of his or her friends in the name of a fictitious cause.
  • Forwarding a chain letter.
  • Promoting a moneymaking scheme


These hoaxes only serve to slow down Internet and e-mail service for computer users by clogging networks.


For hoax information, visit the U.S. Department of Energy’s Computer Incident Advisory Committee site. Click the link to access the site.


Social engineering is considered an intentional threat. Hackers use this term to describe cracking techniques that rely on weakness in human nature rather than software. The goal is to trick people into revealing passwords and other information that hackers can use to compromise system security.


Acting as a field service technician or fellow employee with an urgent access problem, the caller attempts to have employees reveal passwords or other sensitive information, such as operating systems, logon IDs, server names, or application names.


Don’t give out information about other employees, including names and positions.


  • Never type anything into the computer when someone tells you to, unless he or she is an authorized DOI administrator and you have been informed of the expected results of the commands.
  • Don’t give people the dial-in phone numbers to any computer system, unless they are valid users.
  • Never respond to telephone surveys. Tell the caller employees do not participate in telephone surveys from vendors.


Cookies are one security risk you do have some control over. Be mindful of which sites you access on the Internet, and set up your browser properties to protect yourself.


A cookie is a text file that a Web server stores on your hard drive and later retrieves whenever you visit that site. When you return to that site, the cookie "recognizes" you, saving you the trouble of registering again. Cookies are problematic because the site can potentially track your activities on the Web.


Your browser can be set to block cookies and prompt you on how to handle them as needed.


Here are some key points to keep in mind when creating passwords:


  • Memorize your password.
  • Don’t write down or share passwords.
  • Choose a password that is easy to remember, hard to guess, and uses a mixture of letters, numbers, and special characters.
  • Do not use words found in the dictionary.
  • Use at least eight characters.
  • Use both letters and numbers.
  • Use special characters.
  • Use upper- and lowercase letters.
  • Combine misspelled words.


Back up all important computer files on a regular basis. This will minimize the loss of data if your hard drive crashes or is infected by a virus.


Don't leave files or media containing sensitive information where an unauthorized person can see or obtain them. Store them safely or dispose of them properly.

Leave a comment

Basic HTML code is allowed.


“Flagstaff IT aided our company’s needs by implementing sound data and software management practices...our IT system is better than it ever has been and it has become a larger and more complex system than previously used in our company’s history.”


Cameron Iacona, HR Manager & Administrative Assistant
Kinney Construction Services