Approach to Information Security                   Rahul Khattar
Approach to Information Security  Setting the Agenda                             • Making           Information           ...
Approach to Information Security     Where does Information Reside?                                    On File-Servers (FT...
Approach to Information Security   Classification                             What is Information Classification?         ...
Approach to Information Security  Protection                 What is Protection?                 Ensure that only legit us...
Approach to Information Security  Audit                          Auditing Information Usage                          Track...
Approach to Information Security End User Training                    What is Training                    Educate employee...
Approach to Information Security Importance of DFA in building better policies                         Data Flow Analysis ...
More Info?     www.seclore.com    +91-22-6130-42009
Upcoming SlideShare
Loading in …5
×

Information awareness program

192 views
144 views

Published on

This is a simple slide to showcase on why companies need to protect data, classify information and how Seclore IRM as a platform help you get to your targets

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
192
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thank you for being present today.The agenda of this presentation is to lay down a very simple and a basic approach for us to understand on what steps need to taken to protect the enterprise from the risk of its information being put to misuse. The assumption being made here is that , We recognize the need to protect information, however, we still need to identify what is that piece of information that is most valuable to the company and finally lay down the way forward.This presentation is an attempt to provide all of us with the ways and means of getting to answers to the following questions..1) Why should I be protecting my information?2) What is information classification and on Why it is a means to getting to where we want to go?3) How do I get an understand on the risk that my business is exposed to and finally around the business controls that are available to Protect my Information?So lets start by answering the 1st questions..… “Why should I be protecting my information?” Read the 1st 2 para of the slide deck…Information is exchanged by people across the enterprise. So for example an escalation about a customer transaction or perhaps a job on the design floor may end up reaching the HEAD of the given department or the CIO. Information in this case traverses across the company and you do not need a policy to hinder this flow of escalation . In fact once the issue is sorted you may need to ensure that the information is not put to misuse. Another example would be quotations that you send to customers or information that business partners receive to complete a given assignment. What would be the risk to your information that is now with an external user? Does your NDA report back to you in case information is accidentally put to misuse. . So in simple words every bit of information , during its lifecycle is exposed to some or the other risk of misuse and this risk can be measured and quantified in terms of financial loss and legal liabilities if you have not protected the confidential information that the other party has handed to youWhat would we cover… we would stich together words such as [read the 3rdpara..]Where do I start from…[next slide]
  • Information classification is an approach, a science, a set of guidelines that an enterprise needs to understand & follow. It would help you understand on what is valuable to you and on how we should protect informationClassification is a means to helping different people or systems understand on how they should behave , react, behave and act when they receive information with a specific classification attached to it.
  • Using a technique know as “Data Flow Analysis” we can get a grip of what information does a specific department hold and for how long. This technique provides us a map of the existing business risk that we are exposed to.Read Para 1,2,3Once we have this information I can now identify the correct policies and classification that needs to fall in place .What is now needed is a technology tool to automate some of this work. Using a plain technology approach to automate discovery and classification does not work
  • Information awareness program

    1. 1. Approach to Information Security Rahul Khattar
    2. 2. Approach to Information Security Setting the Agenda • Making Information available to all users, is essential for the enterprise to conduct its business • Leakage of such information may impact the organization adversely Five step approach to make information available and secureInformation Location  Classification  Protection  Audit  Training
    3. 3. Approach to Information Security Where does Information Reside? On File-Servers (FTP)Shared Within DMSfolders Backup Content Emails Management Backup Tapes Extracts from BI toolsLaptops Removable Mobile Printer hard disk media devices This Information is shared with Employees/ Vendors/ Partners/ Desktops Email Consultants/ Contractors/ Auditors Recognize where information exists Information Location  Classification  Protection  Audit  Training
    4. 4. Approach to Information Security Classification What is Information Classification? It is the science to describe principles that need to be followed to protect information It guides you on how and to whom you can distribute information with a particular classification Why Classify? Classification of information is essential for every business because without classification everyone treats the same piece of information differently, which could have major consequencesClassified data helps to better define and implement protection policiesInformation Location  Classification  Protection  Audit  Training
    5. 5. Approach to Information Security Protection What is Protection? Ensure that only legit users have access to the data Control data with internal/external users Define and apply policies based on Classification Why Protect? Protection enables the enterprises to manage the usage and consumption of its valuable dataInformation Location  Classification  Protection  Audit  Training
    6. 6. Approach to Information Security Audit Auditing Information Usage Track all end user actions on protected information Generate and analyze reports Keep a close eye on all your data that resides within or outside the organizationWhy Audit Information Usage?To understand the Information consumption patternTo showcase the shortcomings of existing policiesTo fine tune “Control-Policies” for your confidential dataInformation Location  Classification  Protection  Audit  Training
    7. 7. Approach to Information Security End User Training What is Training Educate employees on Information Usage Ensure participation, role play for users Using email, standees, flyers, KM portal as a medium of knowledge transferWhy Train Staff?Helps enterprise define better control-policies on dataMinimize accidental misuse of informationEnsure technology platform is well accepted Training ensures User participation and acceptanceInformation Location  Classification  Protection  Audit  Training
    8. 8. Approach to Information Security Importance of DFA in building better policies Data Flow Analysis is an activity to understand what is valuable information and which department holds it It also helps in tracking the information and the consumption pattern & risk DFA maps the information flow for a particular business process DFA clearly points out the security issues attached with a piece of information at different stages of its lifecycle DFA sharpens classification and protection policies on information
    9. 9. More Info? www.seclore.com +91-22-6130-42009

    ×