The PPT introduces to the concept of information Security, a most critical area in today's world.

1. Intro to Information Security

2.  We are living in an Information Age.
 Information is an asset which, like other
important business assets, has value to an
organization and consequently needs to be
suitably protected.

3. Can exist in many forms
 data stored on computers
 transmitted across networks
 printed out
 Exist on web
 Exist as videos, audio, sms
 written on a paper sent by fax
 stored on disks
 held on microfilm
 spoken in conversations over the
telephone
 ..
Whatever form the information takes, or means by which it is shared or
stored, it should always be appropriately protected throughout its life
cycle
Information Life Cycle
Information can be :
Created Stored Destroyed ?
Processed Transmitted
Used – (for proper and improper purposes)
Lost! Corrupted!
Copied

4. Natural calamities
4
Virus
Version Control
Problems
INET
Leased
Dial In
VSAT
Systems / Network
Failure
Theft , Sabotage,
Misuse, Hacking
Unrestricted Access
High User
knowledge of IT
sys.
Lack of
documentation
Fire

5.  protects information from a range of
threats
 Ensures IT uptime
 ensures business continuity
 Protects company’s reputation
 minimizes financial loss
 maximizes return on
investments and business
opportunities
Information Security is about protecting Information
through selection of appropriate Security Controls
I
n
f
o
r
m
a
t
i
o
n
S
y
s
t
e
m
s
L
o
g
i
c
a
l
S
e
c
u
r
i
t
y
P
h
y
s
i
c
a
l
S
e
c
u
r
i
t
y
O
r
g
a
n
i
s
a
t
i
o
n
a
l
a
n
d
P
r
o
c
e
d
u
r
a
l
S
e
c
u
r
i
t
y

6.  Information security is what keeps valuable information ‘free of
danger’ (protected, safe from harm)
 It is not something you buy, it is something you do
 It’s a process not a product
 It is achieved using a combination of suitable strategies and
approaches
 Determining the risks to information and treating them
accordingly (proactive risk management)
 Avoiding, preventing, detecting and recovering from incidents
 Securing people, processes and technology … not just IT!

7. Confidentiality
Making information
accessible only to those
authorized to use it
Integrity
Safeguarding the accuracy
and completeness of
information and processing
methods
Availability
Ensuring that information
is available when required

9. People who use or have an interest in our
information security include:
 Shareholders / owners
 Management & staff
 Customers / clients, suppliers & business
partners
 Service providers, contractors, consultants
& advisors
 Authorities, regulators & judges

10. Our biggest threats arise from people (social
engineers, unethical competitors, hackers,
fraudsters, careless workers, bugs, flaws …),
yet our biggest asset is our people (e.g.
security-aware employees who spot trouble
early)

11.  Processes are work practices or workflows, the steps
or activities needed to accomplish business objectives.
 Processes are described in procedures.
 Information security policies and procedures define
how we secure information appropriately and
repeatedly.

12.  Cabling, data/voice networks and equipment
 Telecommunications services (PABX, VoIP, ISDN,
videoconferencing)
 Phones, cellphones, PDAs
 Computer servers, desktops and associated data
storage devices (disks, tapes)
 Operating system and application software
 Paperwork, files
 Security technologies
 Locks, barriers, card-access systems, CCTV

14. So how do
we secure
our
information
assets?

15. ISO 27001 Information
Security Management
Standard formally specifies a
management system.

17.  Ensure your PC is getting antivirus updates and
patches.
 Protect your laptop during trips.
 Use corporate internet facilities only for
legitimate and authorized official purposes.
 Ensure sensitive information the computer
screen is not visible to others. Apply a Screen
Saver.
 Use corporate Email for official purposes only.

18.  Store confidential information (physical
documents / files) under lock and key.
 Protect your user ID and password.
 Ensure your important files are being taken
back-up of.
 Keep complex passwords and change them
routinely.
 Read and comply with company Information
Security Policies and Procedures.

19. ×Don’t store sensitive information in portable
device without strong encryption.
×Don’t leave your computer / sensitive
documents unlocked.
×Don’t discuss something sensitive in public
place. People around you may be listening to
your conversation.
×Don't download data from doubtful sources.

20. ×Don't visit untrustworthy sites out of
curiosity.
×Don't use illegal software and programs.
×Don't download programs without
permission of IT.
×Don't open email attachments from unknown
sources.
×Don't send mail bomb, forward or reply to
junk email or hoax message.
×Don’t click on links embedded in spam
mails.

21. ×Don’t buy things or make charity donations
in response to spam email.
×Don’t share your Password or Id. Cards with
others.
×Don't let others watch over your shoulder
while logging in or doing online transactions
× Don’t allow unauthorized visitors in the
office premises
×Don’s use personal computing devices in
office unless authorized by management
×Don’t hack