The Best Defense

Security Training Videos:

“The Best Defense”

by M. E. Kabay, PhD, CISSP

Associate Professor, Information Assurance
Dept. of Computer Information Systems
Norwich University, Northfield, VT 05663-1035 USA

This series of short reviews is intended to help security-awareness officers evaluate training videos for their training programs. The author and his employer have no financial interest in or involvement with the companies whose products are reviewed.

* * *

“The Best Defense – A User’s Guide to Computer Security” from Commonwealth Films < http://www.commonwealthfilms.com > jumps into the action at once with a realistic scenario about a business traveler who, exhausted after a long trip, falls asleep in the train home. He gets off the train without his portable computer – and realizes with horror that he doesn’t have his computer! Luckily for him, he gets the portable back the next day when someone turned in his system to the Lost and Found department of the railroad. A month later, the company finds itself losing a series of bids to a competitor by small margins – and it becomes clear that the confidential data about his employer’s proposals that were on the “lost” computer had been copied and were now being used. Because the computer had been turned in anonymously, there was no way of proving malfeasance – but the lack of encryption on that portable cost the company many times the cost of the computer and the price of encryption software.

The video continues with a well-designed, fast-moving lecture on the fundamentals of data protection. The accompanying User’s Guide (printable from a PDF file on the CD-ROM) gives details of each of the six areas covered in the video:

* Restrict access to data with passwords and other controls;

* Protect data integrity;

* Defend against viruses;

* Prepare for system or network disasters;

* Prevent desktop disasters; and

* Prevent illegal duplication of proprietary software.

The case study for data-access controls has a juicy story about a doctor at a hospital who is charged with sexual misconduct; the details show up on in-house e-mail and intranet – and the news appears to come from a clerk’s computer account. The violation of the doctor’s privacy leads to a major lawsuit.

The data-integrity case is shot like a news story, with the “reporter” getting some good quotes on the discovery of ten skids of wing nuts – thousands of times more than inventory could possibly need. The video offers sensible guidelines for checking data entries before pressing the ENTER key.

The warehouse story continues with the worst possible kind of virus: one that changes numbers and moves decimal points. The interviews are believable and engaging. The lecture portion continues with descriptions of some old viruses and states that there are three thousand known viruses; today there are over 52,000, but the teaching points are just as valid now as they were when the film was made.

The disaster preparation segments are entertaining and vivid, with pictures of what look like the genuine aftermath of fire and flood. The actor playing the disaster-recovery specialist speaks very naturally and believably. For the PC-disaster segment, the video shows a spectacularly messy work desk with dozens of breaches of security and the hosts walk the viewer through each one.

Finally, the video treats the serious consequences of software theft in a serious and convincing discussion.

This video was produced with the technical advice of Thomas R. Peltier, author of many excellent publications on information security, and Laura DiDio. My congratulations for their fine work.

Commonwealth Films are in Boston, MA; phone 617-262-5634.

* * *

Information about M. E. Kabay, PhD, CISSP-ISSMP< mailto:mekabay@gmail.com > is available at < http://www.mekabay.com/ >.