酒店信息安全培训.ppt

,单击此处编辑母版标题样式,*,单击此处编辑母版文本样式,第二级,第三级,第四级,第五级,Version 2.0,March 2011,2011 InterContinental Hotels Group,Start,信息安全入门,Introduction to Information Security,如何来保护我们的客人及我们品牌的名誉,How to play your part in protecting ourguests and our brand reputation,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护你的屏幕,Credit card security,信用卡安全,Laptop security,笔记本安全,Unexpected calls,意外来访,Home computing security,家用电脑安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,This training module will introduce you to information security and will give you practical advice on the things that you can do to help protect our guest and employee information.It should take around 1 hour to complete.,本次培训将为您介绍信息安全及给你一些实用性的建议,以便您能够帮助保护我们客人和员工的信息。,培训大约需要,1,小时,Your hotel has many technical measures and procedures in place to protect the information it stores,but the way you behave is also critical to our information security.,您所在的酒店有很多技术措施和软件来保护酒店的数据信息,而您的行为方式对信息安全保护也尤为关键。,Any hotel employee that uses any type of technology should complete this training module.,酒店中任何涉及到信息应用的员工都应该参加并完成本次培训。,Next,Back,Introduction,介绍,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护您的屏幕,Credit card security,信用卡安全,Laptop security,笔记本安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,IHG information is classified as either:,IHG,信息分类是：,Public,公共的,Confidential,机密的,Restricted,保密的,Lets look at each of these in turn.,让我们看看每一个级别的定义,Next,Back,Data classification,数据分类,Version 2.0,March 2011,2011 InterContinental Hotels Group,Public Information,公共的信息,This is any information made freely available to the general public or where disclosure causes no harm to IHG.,这是一种免费提供给公众的信息,同时对,IHG,不会造成不良影响。,Examples include marketing materials or annual reports.,比如，包括营销材料或年度报告。,No special controls are required to protect this information.,不需要特别控制来保护这些信息。,Next,Back,Data classification,数据分类,Version 2.0,March 2011,2011 InterContinental Hotels Group,Confidential Information,机密信息,This is the default classification for IHG information.,这是,IHG,默认的信息级别,It includes all business correspondence,emails,records,etc created in the normal course of business.,它包括在酒店正常营运过程中产生的所有商业信函、电子邮件、记录等。,Documents must be marked“Confidential”before being released outside of IHG and only then with a non disclosure agreement in place.,在洲际集团对外公开之前，在有适当的保密协议之前，必须将文档标记为“机密”,。,Printed copies must be destroyed when finished with,usually by shredding.,当工作结束后，必须使用碎纸机来销毁打印件的副本。,Next,Back,Data classification,数据分类,Version 2.0,March 2011,2011 InterContinental Hotels Group,Restricted Information,保密信息,This is any information subject to laws,regulations or contract,or where disclosure causes significant harm to IHG.,任何与法律，法规或合同有关的，或者,会对,洲际酒店集团造成重大损害的信息。,Examples include personal information,names,addresses,social security numbers,and credit card details.,比如：包含了个人资料、姓名、地址、身份证号码、信用卡详细资料等。,Access to this information must be restricted so that only personnel with a business“need to know”can access it.,这些信息的访问是受限制的，只有相关人员在工作中“需要知道”才可以访问它。,Restricted information should be stored only on central servers,not laptops or workstations or removable media such as USB thumb drives or memory sticks.,受限制的信息应仅在中央服务器存储,而不是笔记本电脑、工作站、移动媒体如,USB,移动盘或记忆棒。,Printed copies must be destroyed when finished with and electronic copies securely disposed of.,当安全完成电子文档后，打印副本必须被销毁。,Next,Back,Data classification,数据分类,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护您的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,A password is like a toothbrush:,一个密码就像一把牙刷：,Do not share it with anyone else,不要与任何人一起分享它,Change it regularly,频繁地更换,Next,Back,Password security,密码安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Password security,密码安全,越复杂的密码越安全吗？,Version 2.0,March 2011,2011 InterContinental Hotels Group,To make a strong password:,生成一个牢固的密码：,Do not just use a single word found in a dictionary;,a memorable phrase is better,请勿使用字典中的单词；难忘的词组会更好,A longer password is usually better than a short one,较长的密码通常比短密码更好,Use a mix of UPPER CASE and lower case letters,使用大写字母与小写字母混合密码,Add in some numbers,密码中增加一些数字,And a special character or two such,增加一些特殊的字符，如：,as!”$%,Avoid using patterns on the keyboard,尽量避免在键盘上操作,Next,Back,Password security,密码安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Here are some examples of weak passwords,以下是一些容易被识破的密码案例,password,any word in a dictionary makes a weak password on its own,用字典中的单词来生成密码会很不安全,Password,a little better with an UPPER CASE letter but still very weak and easily broken,比上面这个单词要安全一些，使用了大写字母，但也很容易被识破,Pa55w0rd,replacing s with 5 and o with 0 is a well known trick so criminals try these combinations first,用,5,来代替,s,，用,0,来代替,o,是众所周知的方法，因此犯罪分子会首先考虑这种方式破解密码,qwertyuiop,this is a pattern on a UK keyboard as it is the top line of letters,这是根据键盘字母的排列生成的密码，事实上是最容易破解的密码,Next,Back,Password security,密码安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Next,Back,Password security,密码安全,And here are some examples of strong passwords,(but dont use any of these,make up your own),下面的案例是比较安全可靠的密码,（但是请勿使用此密码）,：,PointtheSky,a simple phrase with one or two minor tweaks but still easy to remember,用一个简单短语做,1-2,处较小的调整，但还是容易记住,Rememb84You,replacing some letters with numbers but not using the usual combination of 3 instead of e,用数字来替换部分字母，,但不要使用一些老套的组合，比如用,3,代替,e,ThingFunfirsT,three short words is better than one long dictionary word.Add in some special characters to make it more secure,三个短单词比一个长单词更好，如果加入一些特别的字符会更安全。,Version 2.0,March 2011,2011 InterContinental Hotels Group,Password security,密码安全,Master Key,Version 2.0,March 2011,2011 InterContinental Hotels Group,Password security,密码安全,优秀的密码设置策略,用统一规则记住多个不同密码”是个不错的选择。毕竟记住一个规则比记住一串杂乱无序的字符要容易多了，也可以实现“一把钥匙开一扇门”的策略。,密码,=2*,（,用户名标识符（小写,/,大写）,+,用户名长度,+.+,网站标识符（大写,/,小写）,）,例：,guokr123,，密码为：,gk8.GM GK8.gm,songshuhui,密码为：,ssh10.HTSSH10.ht,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护您的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,Malware(malicious software)is a term used to describe Viruses,Spyware,Worms and Trojan Horses.,恶意软件,(,流氓软件,),是一个术语,通常用来描述病毒,间谍软件、蠕虫病毒和特洛伊木马软件之类。,New malware is being released every day.,每天都会产生新的恶意软件。,There is technology in place to protect systems:,一些技术可以来保护我们的系统：,Anti virus software is used throughout the hotel and is updated daily,在酒店中使用的杀毒软件，每天都在更新病毒库。,Firewalls are used to block unnecessary and unexpected network traffic entering the hotel network,防火墙是用于阻止不必要的和意想不到的网络流量进入酒店网络,Security patches are installed on systems when they are released by vendors,当供应商发布安全补丁时，应及时安装在系统上。,Next,Back,Malware,恶意软件,Version 2.0,March 2011,2011 InterContinental Hotels Group,But you play a vital role in keeping our systems secure.Here are some best practices for you to follow:,在保障我们系统安全时，你将起到关键的作用。这里有一些最好的惯例供你参考,:,Do not attempt to bypass any security controls.,请不要尝试绕过任何安全控制,Do not install or use unauthorised software(such as games)on any hotel workstation or laptop.,请不要在酒店任何工作站或电脑中安装和使用非法软件（如游戏）,Practice safe email and web browsing(more on these topics shortly).,培养安全邮件和上网浏览的习惯。,Report anything suspicious to your line manager and the IT Helpdesk.,报告任何可疑的问题给你的经理或,IT,部门。,Next,Back,Malware,恶意软件,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护您的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,Email is a critical business tool but it can also be used to spread Malware.,电子邮件是一个关键业务工具,但它也可以被用来传播恶意软件。,Two simple precautions can help you to protect your hotel:,两个简单的预防措施可以帮助你保护你的酒店,:,1)Never open an attachment in an email unless you are expecting it,不要打开附件，除非是你在等待的电子邮件。,2)Never click on a link in an email unless you are expecting it,不要打开邮件中的链接，除非是你在等待的电子邮件。,Next,Back,Email security,邮件安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Remember-think before you click,记住,-,在你点击前请思考一下,Next,Back,Email security,邮件安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Next,Back,Email security,邮件安全,There are other precautions you can take to protect yourself when using email,在使用邮件中，还有一些别的预防措施来保护你自己,Never respond to spam,请勿回复垃圾邮件,Be suspicious of emails that start“Dear Customer”.Your bank knows your name and will normally use it,一些可疑的邮件，称呼你为“亲爱的顾客”。而你的银行往往知道你的姓名并正常使用。,Be suspicious of emails that contain spelling or grammatical errors,although criminals are getting smarter at this,一些可疑的邮件中往往包含了拼字与语法的错误，虽然犯罪份子越来越聪明。,Do not forward chain emails.These are used to collect email addresses to send more spam to,请不要转发一些链接邮件。这些都是在收集电子邮件地址派遣更多的垃圾邮件给你,Do not forward virus warnings.They are almost always hoaxes,but if in doubt contact the IT Helpdesk,请不要转发病毒报警。这些几乎是一些恶作剧，但如果有疑问请与,IT,联系,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护你的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,The Internet is a great source of information and a great tool for communication,but criminals also use the Internet and not every website is safe.,互联网有着充足的信息资源，是一个很好的沟通工具。但犯罪份子也在使用互联网，因此并不是所有的网页都安全。,Browsing to certain types of website is prohibited by company policy:,浏览某些类型的网站是酒店规章制度不允许的：,Gambling,赌博,Pornography,色情,On your company PC only browse to trusted websites.,在你酒店中的电脑只能浏览可信任的网站。,Be especially careful with search results;criminals target popular searches and so a number of websites listed even on the first page may not be safe.,请注意网站搜索的结果，,罪犯份子的目标是一些热门搜索，因此很多列出的网站即使在第一页也不一定安全。,Next,Back,Safe Internet browsing,安全上网浏览,Version 2.0,March 2011,2011 InterContinental Hotels Group,Remember-think before you click,记住,-,在你点击前请思考一下,Next,Back,Safe Internet browsing,安全上网浏览,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护你的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,Do not mix Internet banking and general Internet browsing on the same PC.,请不要在同一台电脑上使用网上银行和普通网页浏览器。,“Zeus”is malware written to capture banking credentials.,“宙斯”病毒是可以获取你网上银行证书文件。,Once it gets onto a PC it waits until the user visits a banking website.It then steals the user-id and password credentials and sends them to a remote server.,一旦它登录到,PC,机后,它可以等待直到用户访问一个银行的网站。然后偷走了用户名和密码,并将它们发送到远程服务器。,Zeus may also try to trick the user into providing additional information such as a PIN number.,宙斯也可以试着用小伎俩让用户提供额外的信息,如一个密码。,Next,Back,Internet banking,网上银行,Version 2.0,March 2011,2011 InterContinental Hotels Group,The next thing you know criminals have used the stolen credentials and your account has unauthorised transfers.,随后犯罪份子将使用偷取的银行信用证书和你的账号来进行非法转账。,If you use a PC for Internet banking(either at work or at home)be very careful how else you use it.,因此当你使用网上银行,(,无论是在工作中或在家里,),，必须要非常小心。,Next,Back,Internet banking,网上银行,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护你的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,Front desk PCs must be positioned so that guests cannot see the information on the screen.,前台的电脑必须摆放在客人看不见显示器的位置。,Take precautions when viewing confidential or restricted information so that someone cannot look over your shoulder(this is called shoulder surfing).,在查看机密或限制的信息时，要采取预防措施。这样，即使身边有人也看不到,(,这被称为肩窥,),。,Be on the lookout for anyone watching as you type in your password.,在您打入密码时，应留心观察有没有人在偷窥。,Next,Back,Protecting your screen,保护您的屏幕,Version 2.0,March 2011,2011 InterContinental Hotels Group,Lock your screen when you leave your workstation.,当你离开时，请将电脑的屏幕锁住。,A quick way to lock the screen is to hold down the windows key then press L.,有一种锁屏的快捷方式，同时按下“,windows”,键和“,L”,键。,Front desk staff who only access the PMS may log out of the PMS rather than lock the workstation.,对于前台操作,PMS,的员工，只能是注销,PMS,账号，而不是锁住电脑。,Next,Back,Protecting your screen,保护您的屏幕,Version 2.0,March 2011,2011 InterContinental Hotels Group,Introduction,介绍,Data classification,数据分类,Password security,密码安全,Malware,恶意软件,Email security,邮件安全,Safe Internet browsing,安全上网浏览,Internet banking,网上银行,Protecting your screen,保护你的屏幕,Credit card security,信用卡安全,Laptop security,笔记本电脑安全,Unexpected calls,意外来访,Home computing security,家用电脑的安全,Next,Back,Agenda,议程,Version 2.0,March 2011,2011 InterContinental Hotels Group,Do not write down or store a credit card security number(the three digit number on the back of most cards,or the four digit number on the front of American Express cards).,请不要写下或存放信用卡的安全号码（,多数信用卡的背面有,3,位数,美国运通信用卡是在前面有,4,位数）,For the same reason do not photocopy credit cards or ask for this from guests.,出于同样的原因，不要复印信用卡或询问客人,If a guest send you this information then delete it.,如果客人提供给你这些信息，请删除。,Never send full credit card information through email or instant messenger.,决不通过电子邮件或即时,消息,来发送信用卡的完整信息。,The best way to communicate credit card information is to use the phone or traditional paper based FAX.,最佳的传送信用卡信息还是通过电话或传统纸质的传真。,Next,Back,Credit card security,信用卡安全,Version 2.0,March 2011,2011 InterContinental Hotels Group,Any paper copies of credit card information must be stored securely and shredded when finished with.,一些纸质的信用卡信息的复印件必须存放在安全处，使用完毕后需撕毁。,Never enter