Your SlideShare is downloading. ×
Information Systems Policy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Information Systems Policy

1,369
views

Published on

Published in: Business, Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,369
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Security Policy Presented by Mr Ali Sadhik Shaik BE (ECE), PGDVLSI, MBA (IS) sadhiqali@gmail.com
  • 2. Agenda • Introduction • Security Policy Framework • Need for IS Policy • E-mail Policy: SandZ Technologies • Implementing security policy • Conclusion Information Security Policy
  • 3. Introduction • Tangible to intangible assets based organizations • Need for protecting information assets • The objective of the policy is to convey the risk concerning information security and what preventive measures a company has adapted. Information Security Policy
  • 4. Security Policy Designing Framework Commitment Risk Assessment Risk Mitigation Final Policy Information Security Policy
  • 5. Commitment • Educate the top management • Align according to corporate vision and business objectives • We also need to analyze the following: • What are the information assets of a company in terms of hardware and software, network as well as the future investment plan in IT/IS? • What is the company's dependence on IT in real measurable terms? • What is the impact of the threat? Information Security Policy
  • 6. Risk Assessment • Business risks, physical risks, environmental risks, technological risks, human risks and so on……. • Tabulate and prioritize the risks involved based on impact and probability of occurrence. Ex: Probability of a website getting hacked is an annual frequency of 0.5 i.e. once in 2 years, and the business loss for each event is Rs 100 lakhs. So the product of probability and consequences gives us an Annual Loss Expectancy of Rs 50 lakhs (0.5 X 100). Information Security Policy
  • 7. Threats Natural and Environmental Threats: Database Security: Disaster recovery Network & Telecommunication Security Backup and recovery WAN recovery Human Threats: Operating Systems Security: Password Security & Controls Firewall Security Internet access and security Data Classification Web server Security Intranet Security Virus-Protection E-commerce Security Data encryption Email security: Administrative Controls: Technical controls Physical Security Logical Access Controls Incidence Response management Program Change Controls Punitive actions Version Controls Application Software Security Information Security Policy
  • 8. Risk Mitigation • Security is not possible with single defense. Have multiple layers of protection. • The measures for risk mitigations could be: Administrative Measures Physical Measures Technical Measures Information Security Policy
  • 9. Risk Mitigation Administrative Physical Technical Measures Measures Measures • Policies, • Perimeter • Logical Access Procedures, Control Control • Network Access Standards and measures • Physical Access Guidelines; Controls • Personnel • Identification Control • Intruder Screening and and Security Detection Authentication awareness • Fire Protection devices training • Data Encryption • Environmental Monitoring. Information Security Policy
  • 10. Risk Mitigation Security Efforts 25 Admisistrative 75 Technical Information Security Policy
  • 11. Final Policy • Security policy is not the last and final word. • It is a master plan, which identifies a company's security concerns and is the first step towards building a secure infrastructure. Information Security Policy
  • 12. Anatomy of Security Policy Specific issues Policy that the policy Best practices Statement is addressing Mandatory Policy Scope Policy details practices Compliance Procedure for Essential Validity requirements implementation Policies Monitoring and Owner Review-details reporting Annexure mechanism Information Security Policy
  • 13. Security Policy Information Security Policy
  • 14. SandZ Technologies • Mainly concentrated into providing online education in the domains of electronic design. • E-mails in and out of company are crucial and are confidential. • E-mail policy to reduce the risk of hampering company image and important information. Information Security Policy
  • 15. Information Security Policy
  • 16. Information Security Policy
  • 17. Implementation of Security Policies • Conduct Security Awareness Seminars, workshops and quizzes. • Have Security Week for the organization. • Prepare Do's & Don'ts of Security Policy, distribute and display them. • Create posters, stickers, t-shirts, mugs and mouse pads all with security messages. • Run slogan competitions. • Perform security audits. Information Security Policy
  • 18. Conclusion An ounce of prevention is better than a pound of detection and correction Information Security Policy
  • 19. References • Avinash Kadam, Writing an Information Security Policy, Network Magazine,Issue of october 2002. Chief Executive - Assurance and Training at Miel e-Security, Pvt. Ltd. • Whitman ME & Mattord HJ (2007) Managing Information security, Thomson Course Technology. Information Security Policy

×