SlideShare a Scribd company logo

Pci compliance training agents

Download as PPTX, PDF
O
ocinc
1 of 52
SET INFORMATION SYSTEMS AND DATA SECURITY AWARENESS PROGRAM FUSION BPO SERVICES, Inc.
SET 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’
SET What is Information Systems and Data security Policy? Can be defined as rules that regulate how an organization manages and protects its internal information, external customer or clients information and computing resources. Why do we need Security Policy? The policy tells the users, staff, managers, what they can do, what they cannot do and what they must do to comply with the Security Policy and Practice. Purpose: To ensure business continuity by reducing/minimizing damage to the business by safeguarding the confidentiality, integrity and availability of information.
Why do I need to learn about computer SET security?  Isn’t this just an IT Problem?  Everyone who uses a computer needs to understand how to keep his or her computer and data secure. 13
SET Why I Need Information Security Training  Security Awareness is a critical part of an organization's information security program; it is the human knowledge and behaviors that the organization uses to protect itself against information security risks. Humans, just like computers, store, process and transfer information. As a result many attackers today target the human, bypassing most security controls and using techniques such as social engineering to get the information they want. Awareness, not just technology, is now a key factor in an organization's goal to:  Reduce risk,  Protect its reputation,  Improve governance, and  Be compliant. 5
SET Why I Need Information Security Training  Security Awareness Training is designed to educate users on the appropriate use, protection and security of information, individual user responsibilities and ongoing maintenance necessary to protect the confidentiality, integrity, and availability of information assets, resources, and systems from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. The long term benefits to your organization of a successful security awareness program include enhanced awareness, increased security and improved online productivity for employees and the company as a whole. 6
SET What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do
SET What Is Information Security  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together  Monitored 24x7  Having People, Processes, Technology, policies, procedures,  Security is for PPT and not only for appliances or devices
SET INFORMATION SECURITY 1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities
SET Security breaches leads to… • Reputation loss • Financial loss • Intellectual property loss • Legislative Breaches leading to legal actions (Cyber Law) • Loss of customer confidence • Business interruption costs LOSS OF GOODWILL
SET What is Risk?  Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset.  Threat: Something that can potentially cause damage to the organization, IT Systems or network.  Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.
SET Good security practices follow the “90/10” rule  10% of security safeguards are technical  90% of security safeguards rely on us – the user - to adhere to good computing practices 12
SET What are the consequences of security violations?  Disciplinary action (up to expulsion or termination)  Embarrassment to yourself and/or the Company  Having to recreate lost data  Identity theft  Data corruption or destruction  Loss of patient, employee, and public trust  Costly reporting requirements and penalties  Unavailability of vital data 13
SET Good Computer Security Practices 14
SET Passwords  Your password is your key to OC Inc Fusion BPO Services data and resources.  Remember: Carelessness is Dangerous!  If you receive a phone call from someone claiming that they are a contractor working with IT Security, would you give them your password? NO!  How many of you have written your password down? What did you do with the paper? Is it tucked safely and securely away? If it is in the first place you would look (like under the keyboard) – someone else would look there too! 15
SET Password construction and Management  When selecting a password, you may naturally want to choose something easy to remember. But, if it is easy for you, it may be easy for some one else to crack!  A password should not be:  Your name or any family members name, to include pets!  Your street name, car type, favorite singer, etc.  Any easily guessed or recognized name or word  Your previous password with a sequentially increased number at the end. 16
SET Password construction and Management  A password should be:  A mixture of letters (both upper and lower case) and numbers and/or special characters  At least eight characters long, preferably longer  – for example iH8TDieTs is a very good password. It has capitals, lower case, and numbers. AND…. It isn’t too tough to remember. Just say: I hate diets.  A password should never be:  …Taped to a monitor or keyboard or desk or desk accessory or any where visible  …Shared with ANY ONE – NOT EVEN A SUPERVISOR! 17
SET Examples of Passwords Weak Strong  12345 • tCj0Tm  Password • iL2e0c  STCC • 1cRmPW!  Pecan • CyMm@M0?  Gateway1  abc123 18
SET Email Usage  Some experts feel email is the biggest security threat of all. This is the fastest, most-effective method of spreading malicious code to the largest number of users. It is also a large source of wasted technology resources.  Examples of Waste:  Electronic Greeting Cards  Chain Letters  Jokes and graphics  Spam and junk email 19
SET Pitfalls to email 1. Email is NOT secure – It is essential to understand that email does not go directly to the intended recipient. It is routed through various systems first. Remember, it is not impervious to prying eyes! 2. Email is open to abuse – Scams, mass mailings, junk mail, and deceptive advertising can be delivered to your computer mail box as easily as your home mail box. 3. Email is potentially harmful – this is the easiest, most effective conveyance of malicious code. 20
SET Should You Open the E-mail Attachment?  If it's suspicious, don't open it!  What is suspicious?  Not work-related  Attachments not expected  Attachments with a suspicious file extension (*.exe, *.vbs, *.bin, *.com, *.scr, or *.pif)  Web link  Unusual topic lines; “Your car?”; “Oh!” ; “Nice Pic!”; “Family Update!”; “Very Funny!” 21
SET E-Mail Security – Risk Areas 1. Spamming. Unsolicited bulk e-mail, including commercial solicitations, advertisements, chain letters, pyramid schemes, and fraudulent offers.  Do not reply to spam messages. Do not spread spam. Remember, sending chain letters is against policy.  Do not forward chain letters. It’s the same as spamming!  Do not open or reply to suspicious e-mails. 2. Phishing Scams. E-Mail pretending to be from trusted names, such as Citibank or PayPal or Amazon, but directing recipients to rogue sites. A reputable company will never ask you to send your password through e-mail. 3. Spyware. Spyware is adware which can slow computer processing down; hijack web browsers; spy on key strokes and cripple computers 22
SET E-mail Usage Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails  If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired  Do not use official ID for any personal subscription purpose  Do not send unsolicited mails of any type like chain letters or E-mail Hoax  Do not send mails to client unless you are authorized to do so  Do not post non-business related information to large number of users  Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender 23
SET Internet Usage  Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for viewing, storing or transmitting obscene or pornographic material  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action. 24
SET Physical Security Would you leave your credit card exposed or unattended in a public place? Do you lock your car? Secure your wallet or purse? Take those same precautions with your PC! Log off or lock your PC when unattended. Shutdown your PC when you leave for the day…EVERYDAY! Lock doors in accordance with Fusion BPO Services Policy. Secure your Password!!!! 25
SET Access Control - Physical  Follow Security Procedures  Wear Identity Cards and Badges at all times  Ask unauthorized visitor his credentials  All visitors must be escorted while onsite • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice ―Piggybacking‖ • Bring and use pen drives, zip drives, iPods, other storage devices unless and otherwise authorized to do so 26
SET Unique User Log-In / User Access Controls  Access Controls:  Users are assigned a unique “User ID” for log-in purposes  Each individual user’s access to OC Inc./Fusion BPO Services system(s) is appropriate and authorized  Access is “role-based”, e.g., access is limited to the minimum information needed to do your job  Unauthorized access to OC Inc./Fusion BPO Services by former employees is prevented by terminating access  User access to information systems is logged and audited for inappropriate access or use. 27
SET Workstation Security Workstations  Physical Security measures include:  Disaster Controls  Physical Access Controls  Device & Media Controls  Log-off before leaving a workstation unattended.  This will prevent other individuals from accessing secured data under your User-ID and limit access by unauthorized users.  Lock-up! – Offices, windows, workstations, sensitive papers and PDAs, laptops, mobile devices / media.  Lock your workstation (Cntrl+Alt+Del and Lock) – Windows XP, Windows 2000 28
SET Antivirus and Firewall Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches. Don’t install unknown or unsolicited programs on your computer 29
SET Report Security Incidents  You are responsible to:  Report and respond to security incidents and security breaches.  Know what to do in the event of a security breach or incident related to Data Security and/or Personal Information.  Report security incidents & breaches to: IT Security Team 30
SET Your Responsibility to Adhere to OCI Security- Information Security Policies  Users of electronic information resources are responsible for familiarizing themselves with and complying with all company policies, procedures and standards relating to information security.  Users are responsible for appropriate handling of electronic information resources. 31
SET Why can’t I play games online?  On- Line Gaming on a company computer is against company policy.  Playing games on a company computer is forbidden.  Gaming sites, like MP3 download sites, are good places to pick up a virus. Script kiddies and hackers swarm around these sites like vultures. They use all the tricks of their trade to glean password and network information from gamers.  This is easy to avoid. Don’t do it! 32
SET Types of sites to avoid and WHY Corporate sites that have a vested interest in protecting and maintaining public trust are more vigorous in protecting visitor’s email addresses and information. For example, sites such as CNN and Headline News want visitors to feel confident and comfortable on their web sites – so they will take measures to secure their sites. However, many other sites do NOT take measures to protect visitor’s data. In fact, they are notorious for harvesting and selling such data. Please do not use your OC Inc. Fusion BPO Services computer or email address for joke sites, dating sites, horoscopes, chat rooms, free grocery coupons and other related sites. Sites promising free goods and vacations and fun – good ones to put on the NO GO list. These are all easy to avoid and you will likely reduce your junk mail as well.. 33
SET Common Terminology  What is a cookie? Cookies are small text files that some Web sites create when you visit. The file is used to store information on your computer.  What does encrypted mean? The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.  What is a virus? A virus is a piece of code that is written specifically to execute itself without the users knowledge or permission. It will usually attach itself to a file in order to replicate and spread itself. Some viruses are harmless while others can cause serious damage. 34
SET Common Terminology cont.  What is a Phishing? The act of sending an e-mail falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The Web site, however, is bogus and set up only to steal the user’s information.  What is spam? Electronic junk mail. Spam is generally e-mail advertising for some product sent to a mailing list or newsgroup. In addition to wasting people's time with unwanted e-mail, spam also eats up a lot of network bandwidth. Some ISP’s, such AOL, have instituted policies to prevent spammers from spamming their subscribers.  What is an audit trail ? A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. 35
SET Common Terminology cont.  What is Unauthorized Access?- Any time a user gains access to a computer network without the consent of the computer's administrator.  What is Access Control-The prevention of unauthorized use of information assets. It is the policy rules and deployment mechanisms, which control access to information systems, and physical access to premises.  Compliance- Adherence to those policies, procedures, guidelines, laws, regulations and contractual arrangements to which the business process is subject.  Malicious Software: Software, for example, a virus, designed to damage or disrupt a system. 36
SET Common Terminology cont.  Password: Confidential authentication information composed of a string of character  Server: A server is a computer system, or a set of processes on a computer system providing services to clients across a network.  User: A person or entity with authorized access.  Protected Information: Any participant or client information that the Department may have in its records or files that must be safeguarded pursuant to Department policy. This includes but is not limited to "individually identifying information". 37
SET Common Terminology cont.  Integrity: The property that data or information have not been altered or destroyed in an unauthorized manner.  FTP (File Transfer Protocol): A protocol that allows for the transfer of files between an FTP client and FTP server.  Disclose: The release, transfer, relay, provision of access to, or conveying of client information to any individual or entity outside the Department.  Confidential Information: Any client information (defined above) that OC Inc may have in its records or files on any OC Inc client that must be safeguarded pursuant to OC Inc policy. This includes, but is not limited to, “individually identifying information” 38
SET Typical Symptoms of computer infection  File deletion  File corruption  Visual effects  Pop-Ups  Erratic (and unwanted) behavior  Computer crashes 39
SET Problems Hackers Cause  A hacker intrusion could create a legal liability and public embarrassment for you and your organization  Vandalism—Destruction or digital defacement of a computer or its data for destruction’s sake  Theft—Gaining access to intellectual or proprietary technology or information, sometimes for resale Hijacking—Many of the financially motivated hackers are interested in remotely controlling PCs  Identity theft—Electronic theft of personal info that can be used to steal financial resources  Terrorism—Some experts believe that terrorists will eventually launch an attack using hacking techniques 40
SET Malware  Malware – (aka Crime ware and Computer Contaminant) is any program which can corrupt files and/or secretly report your information from your computer or network  Viruses, Worms, Trojans, and Spyware are the most common types of malware  Many of these destructive programs attempt to reinstall and replicate themselves and are designed to be very difficult to remove from the host computer 41
SET Malware  Virus ‐ Software that gets installed on your computer, usually without your knowledge  – You can get “infected” by accessing something that is already infected with a virus  – Sources include floppy disk,USB drives, website, and email  Worm – Software that actively tries to spread itself to infect other computers  – Software worms can actively scan networks to infect others  – Worms can also be spread by e‐mail applications that use the computer address book  Trojan ‐ Damaging software that hides its identity by posing as something else such as a screen saver or a greeting card. The Trojan, once installed, gives the attacker a back door into your system that can be used by the hacker as needed. 42
SET IT ACT PROVISIONS  Email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.  Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.  Digital signatures have been given legal validity and sanction in the Act.  The Act now allows Government to issue notification on the web thus heralding e-governance  Statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data 43
SET Risks and Threats Virus Attacks Theft, Sabotage, High User Misuse Knowledge of IT Systems Natural Lack Of Lapse in Calamities & Documentation Physical Fire Systems & Security Network Failure 44
SET User Responsibilities  Ensure your system is locked when you are away  Always store laptops/media in a lockable place  Ensure sensitive business information is under lock and key when unattended  Ensure back-up of sensitive and critical information assets  Understand Compliance Issues such as  Cyber Law  IPR, Copyrights, NDA  Contractual Obligations with customer  Verify credentials, if the message is received from unknown sender  Always switch off your computer before leaving for the day  Keep your self updated on information security aspects 45
SET Do’s And Don'ts Email and messaging  read your organization’s email policy  report any spam or phishing emails to your IT team that are not blocked or filtered  report phishing emails to the organisation they are supposedly from  use your organization’s contacts or address book. This helps to stop email being sent to the wrong address.  Phishing is an attempt to obtain your personal information (for example, account details) by sending you an email that appears to be from a trusted source (for example, your bank) 46
SET Do’s And Don'ts Email and messaging  click on links in unsolicited emails. Be especially wary of emails requesting or asking you to confirm any personal information, such as passwords, bank details and so on.  turn off any email security measures that your IT team has put in place or recommended  email sensitive information unless you know it is encrypted. Talk to your IT team for advice.  try to bypass your organisation’s security measures to access your email off-site (for example, forwarding email to a personal account)  reply to chain emails. 47
SET Do’s And Don'ts  Passwords  Follow OC Inc’ s password policy  use a strong password (strong passwords are usually eight characters or more and contain upper and lower case letters, as well as numbers)  make your password easy to remember, but hard to guess  choose a password that is quick to type  use a mnemonic (such as a rhyme, acronym or phrase) to help you remember your password. Change your password(s) if you think someone may have found out what they are. 48
SET Do’s And Don'ts  Passwords Don’ts  share your passwords with anyone else  write your passwords down  use your work passwords for your own personal online accounts  save passwords in web browsers if offered to do so  use your username as a password  use names as passwords  email your password or share it in an instant message. 49
SET Do’s And Don'ts  Working on-site  lock sensitive information away when left unattended  Remember working at home is a privilege  Don’t let strangers or unauthorised people into staff areas  position screens where they can be read from outside the room. 50
SET Final Note 51
SET Fusion BPO Services, Inc THANK YOU IT SECURITY DEPARTMENT 52

Recommended

How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Companydanielblander
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majorsPaul Melson
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingBryan Len
 

Recommended

How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Companydanielblander
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majorsPaul Melson
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingBryan Len
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
Managing IT Security
Managing IT SecurityManaging IT Security
Managing IT SecurityAjay Jassi
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersMike Murray
 
Basic security concepts
Basic security conceptsBasic security concepts
Basic security conceptsUpender Dravidum
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacythinkict
 
IT Security and Management - Security Policies
IT Security and Management - Security PoliciesIT Security and Management - Security Policies
IT Security and Management - Security PoliciesMark John Lado, MIT
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna securityMt Mostafa
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013Jennie Hwang
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityDean Bonehill ♠Technology for Business♠
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 

More Related Content

What's hot

Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy Dguest34b014
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
Managing IT Security
Managing IT SecurityManaging IT Security
Managing IT SecurityAjay Jassi
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersMike Murray
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacythinkict
 
IT Security and Management - Security Policies
IT Security and Management - Security PoliciesIT Security and Management - Security Policies
IT Security and Management - Security PoliciesMark John Lado, MIT
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna securityMt Mostafa
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013Jennie Hwang
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1Irsandi Hasan
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 

What's hot (18)

Information security
Information securityInformation security
Information security
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Managing IT Security
Managing IT SecurityManaging IT Security
Managing IT Security
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Issa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your UsersIssa Charlotte 2009 Patching Your Users
Issa Charlotte 2009 Patching Your Users
 
Basic security concepts
Basic security conceptsBasic security concepts
Basic security concepts
 
Computer security and_privacy
Computer security and_privacyComputer security and_privacy
Computer security and_privacy
 
IT Security and Management - Security Policies
IT Security and Management - Security PoliciesIT Security and Management - Security Policies
IT Security and Management - Security Policies
 
Cisco ccna security
Cisco ccna securityCisco ccna security
Cisco ccna security
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
CCNA Security - Chapter 1
CCNA Security - Chapter 1CCNA Security - Chapter 1
CCNA Security - Chapter 1
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 

Similar to Pci compliance training agents

Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Anwar CHFI, SSCP, ITIL
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Billtrust
 
ISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptxISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptxMayada18
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
 

Similar to Pci compliance training agents (20)

Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"Cyber Security - Moving Past "Best Practices"
Cyber Security - Moving Past "Best Practices"
 
Data security
Data security Data security
Data security
 
Team black
Team blackTeam black
Team black
 
ISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptxISMS Awareness (to upload).pptx
ISMS Awareness (to upload).pptx
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
 

Pci compliance training agents

  • 1. SET INFORMATION SYSTEMS AND DATA SECURITY AWARENESS PROGRAM FUSION BPO SERVICES, Inc.
  • 2. SET 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’
  • 3. SET What is Information Systems and Data security Policy? Can be defined as rules that regulate how an organization manages and protects its internal information, external customer or clients information and computing resources. Why do we need Security Policy? The policy tells the users, staff, managers, what they can do, what they cannot do and what they must do to comply with the Security Policy and Practice. Purpose: To ensure business continuity by reducing/minimizing damage to the business by safeguarding the confidentiality, integrity and availability of information.
  • 4. Why do I need to learn about computer SET security?  Isn’t this just an IT Problem?  Everyone who uses a computer needs to understand how to keep his or her computer and data secure. 13
  • 5. SET Why I Need Information Security Training  Security Awareness is a critical part of an organization's information security program; it is the human knowledge and behaviors that the organization uses to protect itself against information security risks. Humans, just like computers, store, process and transfer information. As a result many attackers today target the human, bypassing most security controls and using techniques such as social engineering to get the information they want. Awareness, not just technology, is now a key factor in an organization's goal to:  Reduce risk,  Protect its reputation,  Improve governance, and  Be compliant. 5
  • 6. SET Why I Need Information Security Training  Security Awareness Training is designed to educate users on the appropriate use, protection and security of information, individual user responsibilities and ongoing maintenance necessary to protect the confidentiality, integrity, and availability of information assets, resources, and systems from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. The long term benefits to your organization of a successful security awareness program include enhanced awareness, increased security and improved online productivity for employees and the company as a whole. 6
  • 7. SET What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do
  • 8. SET What Is Information Security  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together  Monitored 24x7  Having People, Processes, Technology, policies, procedures,  Security is for PPT and not only for appliances or devices
  • 9. SET INFORMATION SECURITY 1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities
  • 10. SET Security breaches leads to… • Reputation loss • Financial loss • Intellectual property loss • Legislative Breaches leading to legal actions (Cyber Law) • Loss of customer confidence • Business interruption costs LOSS OF GOODWILL
  • 11. SET What is Risk?  Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset.  Threat: Something that can potentially cause damage to the organization, IT Systems or network.  Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.
  • 12. SET Good security practices follow the “90/10” rule  10% of security safeguards are technical  90% of security safeguards rely on us – the user - to adhere to good computing practices 12
  • 13. SET What are the consequences of security violations?  Disciplinary action (up to expulsion or termination)  Embarrassment to yourself and/or the Company  Having to recreate lost data  Identity theft  Data corruption or destruction  Loss of patient, employee, and public trust  Costly reporting requirements and penalties  Unavailability of vital data 13
  • 14. SET Good Computer Security Practices 14
  • 15. SET Passwords  Your password is your key to OC Inc Fusion BPO Services data and resources.  Remember: Carelessness is Dangerous!  If you receive a phone call from someone claiming that they are a contractor working with IT Security, would you give them your password? NO!  How many of you have written your password down? What did you do with the paper? Is it tucked safely and securely away? If it is in the first place you would look (like under the keyboard) – someone else would look there too! 15
  • 16. SET Password construction and Management  When selecting a password, you may naturally want to choose something easy to remember. But, if it is easy for you, it may be easy for some one else to crack!  A password should not be:  Your name or any family members name, to include pets!  Your street name, car type, favorite singer, etc.  Any easily guessed or recognized name or word  Your previous password with a sequentially increased number at the end. 16
  • 17. SET Password construction and Management  A password should be:  A mixture of letters (both upper and lower case) and numbers and/or special characters  At least eight characters long, preferably longer  – for example iH8TDieTs is a very good password. It has capitals, lower case, and numbers. AND…. It isn’t too tough to remember. Just say: I hate diets.  A password should never be:  …Taped to a monitor or keyboard or desk or desk accessory or any where visible  …Shared with ANY ONE – NOT EVEN A SUPERVISOR! 17
  • 18. SET Examples of Passwords Weak Strong  12345 • tCj0Tm  Password • iL2e0c  STCC • 1cRmPW!  Pecan • CyMm@M0?  Gateway1  abc123 18
  • 19. SET Email Usage  Some experts feel email is the biggest security threat of all. This is the fastest, most-effective method of spreading malicious code to the largest number of users. It is also a large source of wasted technology resources.  Examples of Waste:  Electronic Greeting Cards  Chain Letters  Jokes and graphics  Spam and junk email 19
  • 20. SET Pitfalls to email 1. Email is NOT secure – It is essential to understand that email does not go directly to the intended recipient. It is routed through various systems first. Remember, it is not impervious to prying eyes! 2. Email is open to abuse – Scams, mass mailings, junk mail, and deceptive advertising can be delivered to your computer mail box as easily as your home mail box. 3. Email is potentially harmful – this is the easiest, most effective conveyance of malicious code. 20
  • 21. SET Should You Open the E-mail Attachment?  If it's suspicious, don't open it!  What is suspicious?  Not work-related  Attachments not expected  Attachments with a suspicious file extension (*.exe, *.vbs, *.bin, *.com, *.scr, or *.pif)  Web link  Unusual topic lines; “Your car?”; “Oh!” ; “Nice Pic!”; “Family Update!”; “Very Funny!” 21
  • 22. SET E-Mail Security – Risk Areas 1. Spamming. Unsolicited bulk e-mail, including commercial solicitations, advertisements, chain letters, pyramid schemes, and fraudulent offers.  Do not reply to spam messages. Do not spread spam. Remember, sending chain letters is against policy.  Do not forward chain letters. It’s the same as spamming!  Do not open or reply to suspicious e-mails. 2. Phishing Scams. E-Mail pretending to be from trusted names, such as Citibank or PayPal or Amazon, but directing recipients to rogue sites. A reputable company will never ask you to send your password through e-mail. 3. Spyware. Spyware is adware which can slow computer processing down; hijack web browsers; spy on key strokes and cripple computers 22
  • 23. SET E-mail Usage Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails  If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired  Do not use official ID for any personal subscription purpose  Do not send unsolicited mails of any type like chain letters or E-mail Hoax  Do not send mails to client unless you are authorized to do so  Do not post non-business related information to large number of users  Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender 23
  • 24. SET Internet Usage  Use internet services for business purposes only  Do not access internet through dial-up connectivity  Do not use internet for viewing, storing or transmitting obscene or pornographic material  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action. 24
  • 25. SET Physical Security Would you leave your credit card exposed or unattended in a public place? Do you lock your car? Secure your wallet or purse? Take those same precautions with your PC! Log off or lock your PC when unattended. Shutdown your PC when you leave for the day…EVERYDAY! Lock doors in accordance with Fusion BPO Services Policy. Secure your Password!!!! 25
  • 26. SET Access Control - Physical  Follow Security Procedures  Wear Identity Cards and Badges at all times  Ask unauthorized visitor his credentials  All visitors must be escorted while onsite • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice ―Piggybacking‖ • Bring and use pen drives, zip drives, iPods, other storage devices unless and otherwise authorized to do so 26
  • 27. SET Unique User Log-In / User Access Controls  Access Controls:  Users are assigned a unique “User ID” for log-in purposes  Each individual user’s access to OC Inc./Fusion BPO Services system(s) is appropriate and authorized  Access is “role-based”, e.g., access is limited to the minimum information needed to do your job  Unauthorized access to OC Inc./Fusion BPO Services by former employees is prevented by terminating access  User access to information systems is logged and audited for inappropriate access or use. 27
  • 28. SET Workstation Security Workstations  Physical Security measures include:  Disaster Controls  Physical Access Controls  Device & Media Controls  Log-off before leaving a workstation unattended.  This will prevent other individuals from accessing secured data under your User-ID and limit access by unauthorized users.  Lock-up! – Offices, windows, workstations, sensitive papers and PDAs, laptops, mobile devices / media.  Lock your workstation (Cntrl+Alt+Del and Lock) – Windows XP, Windows 2000 28
  • 29. SET Antivirus and Firewall Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches. Don’t install unknown or unsolicited programs on your computer 29
  • 30. SET Report Security Incidents  You are responsible to:  Report and respond to security incidents and security breaches.  Know what to do in the event of a security breach or incident related to Data Security and/or Personal Information.  Report security incidents & breaches to: IT Security Team 30
  • 31. SET Your Responsibility to Adhere to OCI Security- Information Security Policies  Users of electronic information resources are responsible for familiarizing themselves with and complying with all company policies, procedures and standards relating to information security.  Users are responsible for appropriate handling of electronic information resources. 31
  • 32. SET Why can’t I play games online?  On- Line Gaming on a company computer is against company policy.  Playing games on a company computer is forbidden.  Gaming sites, like MP3 download sites, are good places to pick up a virus. Script kiddies and hackers swarm around these sites like vultures. They use all the tricks of their trade to glean password and network information from gamers.  This is easy to avoid. Don’t do it! 32
  • 33. SET Types of sites to avoid and WHY Corporate sites that have a vested interest in protecting and maintaining public trust are more vigorous in protecting visitor’s email addresses and information. For example, sites such as CNN and Headline News want visitors to feel confident and comfortable on their web sites – so they will take measures to secure their sites. However, many other sites do NOT take measures to protect visitor’s data. In fact, they are notorious for harvesting and selling such data. Please do not use your OC Inc. Fusion BPO Services computer or email address for joke sites, dating sites, horoscopes, chat rooms, free grocery coupons and other related sites. Sites promising free goods and vacations and fun – good ones to put on the NO GO list. These are all easy to avoid and you will likely reduce your junk mail as well.. 33
  • 34. SET Common Terminology  What is a cookie? Cookies are small text files that some Web sites create when you visit. The file is used to store information on your computer.  What does encrypted mean? The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.  What is a virus? A virus is a piece of code that is written specifically to execute itself without the users knowledge or permission. It will usually attach itself to a file in order to replicate and spread itself. Some viruses are harmless while others can cause serious damage. 34
  • 35. SET Common Terminology cont.  What is a Phishing? The act of sending an e-mail falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The Web site, however, is bogus and set up only to steal the user’s information.  What is spam? Electronic junk mail. Spam is generally e-mail advertising for some product sent to a mailing list or newsgroup. In addition to wasting people's time with unwanted e-mail, spam also eats up a lot of network bandwidth. Some ISP’s, such AOL, have instituted policies to prevent spammers from spamming their subscribers.  What is an audit trail ? A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. 35
  • 36. SET Common Terminology cont.  What is Unauthorized Access?- Any time a user gains access to a computer network without the consent of the computer's administrator.  What is Access Control-The prevention of unauthorized use of information assets. It is the policy rules and deployment mechanisms, which control access to information systems, and physical access to premises.  Compliance- Adherence to those policies, procedures, guidelines, laws, regulations and contractual arrangements to which the business process is subject.  Malicious Software: Software, for example, a virus, designed to damage or disrupt a system. 36
  • 37. SET Common Terminology cont.  Password: Confidential authentication information composed of a string of character  Server: A server is a computer system, or a set of processes on a computer system providing services to clients across a network.  User: A person or entity with authorized access.  Protected Information: Any participant or client information that the Department may have in its records or files that must be safeguarded pursuant to Department policy. This includes but is not limited to "individually identifying information". 37
  • 38. SET Common Terminology cont.  Integrity: The property that data or information have not been altered or destroyed in an unauthorized manner.  FTP (File Transfer Protocol): A protocol that allows for the transfer of files between an FTP client and FTP server.  Disclose: The release, transfer, relay, provision of access to, or conveying of client information to any individual or entity outside the Department.  Confidential Information: Any client information (defined above) that OC Inc may have in its records or files on any OC Inc client that must be safeguarded pursuant to OC Inc policy. This includes, but is not limited to, “individually identifying information” 38
  • 39. SET Typical Symptoms of computer infection  File deletion  File corruption  Visual effects  Pop-Ups  Erratic (and unwanted) behavior  Computer crashes 39
  • 40. SET Problems Hackers Cause  A hacker intrusion could create a legal liability and public embarrassment for you and your organization  Vandalism—Destruction or digital defacement of a computer or its data for destruction’s sake  Theft—Gaining access to intellectual or proprietary technology or information, sometimes for resale Hijacking—Many of the financially motivated hackers are interested in remotely controlling PCs  Identity theft—Electronic theft of personal info that can be used to steal financial resources  Terrorism—Some experts believe that terrorists will eventually launch an attack using hacking techniques 40
  • 41. SET Malware  Malware – (aka Crime ware and Computer Contaminant) is any program which can corrupt files and/or secretly report your information from your computer or network  Viruses, Worms, Trojans, and Spyware are the most common types of malware  Many of these destructive programs attempt to reinstall and replicate themselves and are designed to be very difficult to remove from the host computer 41
  • 42. SET Malware  Virus ‐ Software that gets installed on your computer, usually without your knowledge  – You can get “infected” by accessing something that is already infected with a virus  – Sources include floppy disk,USB drives, website, and email  Worm – Software that actively tries to spread itself to infect other computers  – Software worms can actively scan networks to infect others  – Worms can also be spread by e‐mail applications that use the computer address book  Trojan ‐ Damaging software that hides its identity by posing as something else such as a screen saver or a greeting card. The Trojan, once installed, gives the attacker a back door into your system that can be used by the hacker as needed. 42
  • 43. SET IT ACT PROVISIONS  Email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.  Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.  Digital signatures have been given legal validity and sanction in the Act.  The Act now allows Government to issue notification on the web thus heralding e-governance  Statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data 43
  • 44. SET Risks and Threats Virus Attacks Theft, Sabotage, High User Misuse Knowledge of IT Systems Natural Lack Of Lapse in Calamities & Documentation Physical Fire Systems & Security Network Failure 44
  • 45. SET User Responsibilities  Ensure your system is locked when you are away  Always store laptops/media in a lockable place  Ensure sensitive business information is under lock and key when unattended  Ensure back-up of sensitive and critical information assets  Understand Compliance Issues such as  Cyber Law  IPR, Copyrights, NDA  Contractual Obligations with customer  Verify credentials, if the message is received from unknown sender  Always switch off your computer before leaving for the day  Keep your self updated on information security aspects 45
  • 46. SET Do’s And Don'ts Email and messaging  read your organization’s email policy  report any spam or phishing emails to your IT team that are not blocked or filtered  report phishing emails to the organisation they are supposedly from  use your organization’s contacts or address book. This helps to stop email being sent to the wrong address.  Phishing is an attempt to obtain your personal information (for example, account details) by sending you an email that appears to be from a trusted source (for example, your bank) 46
  • 47. SET Do’s And Don'ts Email and messaging  click on links in unsolicited emails. Be especially wary of emails requesting or asking you to confirm any personal information, such as passwords, bank details and so on.  turn off any email security measures that your IT team has put in place or recommended  email sensitive information unless you know it is encrypted. Talk to your IT team for advice.  try to bypass your organisation’s security measures to access your email off-site (for example, forwarding email to a personal account)  reply to chain emails. 47
  • 48. SET Do’s And Don'ts  Passwords  Follow OC Inc’ s password policy  use a strong password (strong passwords are usually eight characters or more and contain upper and lower case letters, as well as numbers)  make your password easy to remember, but hard to guess  choose a password that is quick to type  use a mnemonic (such as a rhyme, acronym or phrase) to help you remember your password. Change your password(s) if you think someone may have found out what they are. 48
  • 49. SET Do’s And Don'ts  Passwords Don’ts  share your passwords with anyone else  write your passwords down  use your work passwords for your own personal online accounts  save passwords in web browsers if offered to do so  use your username as a password  use names as passwords  email your password or share it in an instant message. 49
  • 50. SET Do’s And Don'ts  Working on-site  lock sensitive information away when left unattended  Remember working at home is a privilege  Don’t let strangers or unauthorised people into staff areas  position screens where they can be read from outside the room. 50
  • 51. SET Final Note 51
  • 52. SET Fusion BPO Services, Inc THANK YOU IT SECURITY DEPARTMENT 52