2. We are living in an Information Age.
Information is an asset which, like other
important business assets, has value to an
organization and consequently needs to be
suitably protected.
3. Can exist in many forms
data stored on computers
transmitted across networks
printed out
Exist on web
Exist as videos, audio, sms
written on a paper sent by fax
stored on disks
held on microfilm
spoken in conversations over the
telephone
..
Whatever form the information takes, or means by which it is shared or
stored, it should always be appropriately protected throughout its life
cycle
Information Life Cycle
Information can be :
Created Stored Destroyed ?
Processed Transmitted
Used – (for proper and improper purposes)
Lost! Corrupted!
Copied
5. protects information from a range of
threats
Ensures IT uptime
ensures business continuity
Protects company’s reputation
minimizes financial loss
maximizes return on
investments and business
opportunities
Information Security is about protecting Information
through selection of appropriate Security Controls
I
n
f
o
r
m
a
t
i
o
n
S
y
s
t
e
m
s
L
o
g
i
c
a
l
S
e
c
u
r
i
t
y
P
h
y
s
i
c
a
l
S
e
c
u
r
i
t
y
O
r
g
a
n
i
s
a
t
i
o
n
a
l
a
n
d
P
r
o
c
e
d
u
r
a
l
S
e
c
u
r
i
t
y
6. Information security is what keeps valuable information ‘free of
danger’ (protected, safe from harm)
It is not something you buy, it is something you do
It’s a process not a product
It is achieved using a combination of suitable strategies and
approaches
Determining the risks to information and treating them
accordingly (proactive risk management)
Avoiding, preventing, detecting and recovering from incidents
Securing people, processes and technology … not just IT!
7. Confidentiality
Making information
accessible only to those
authorized to use it
Integrity
Safeguarding the accuracy
and completeness of
information and processing
methods
Availability
Ensuring that information
is available when required
8.
9. People who use or have an interest in our
information security include:
Shareholders / owners
Management & staff
Customers / clients, suppliers & business
partners
Service providers, contractors, consultants
& advisors
Authorities, regulators & judges
10. Our biggest threats arise from people (social
engineers, unethical competitors, hackers,
fraudsters, careless workers, bugs, flaws …),
yet our biggest asset is our people (e.g.
security-aware employees who spot trouble
early)
11. Processes are work practices or workflows, the steps
or activities needed to accomplish business objectives.
Processes are described in procedures.
Information security policies and procedures define
how we secure information appropriately and
repeatedly.
12. Cabling, data/voice networks and equipment
Telecommunications services (PABX, VoIP, ISDN,
videoconferencing)
Phones, cellphones, PDAs
Computer servers, desktops and associated data
storage devices (disks, tapes)
Operating system and application software
Paperwork, files
Security technologies
Locks, barriers, card-access systems, CCTV
17. Ensure your PC is getting antivirus updates and
patches.
Protect your laptop during trips.
Use corporate internet facilities only for
legitimate and authorized official purposes.
Ensure sensitive information the computer
screen is not visible to others. Apply a Screen
Saver.
Use corporate Email for official purposes only.
18. Store confidential information (physical
documents / files) under lock and key.
Protect your user ID and password.
Ensure your important files are being taken
back-up of.
Keep complex passwords and change them
routinely.
Read and comply with company Information
Security Policies and Procedures.
19. ×Don’t store sensitive information in portable
device without strong encryption.
×Don’t leave your computer / sensitive
documents unlocked.
×Don’t discuss something sensitive in public
place. People around you may be listening to
your conversation.
×Don't download data from doubtful sources.
20. ×Don't visit untrustworthy sites out of
curiosity.
×Don't use illegal software and programs.
×Don't download programs without
permission of IT.
×Don't open email attachments from unknown
sources.
×Don't send mail bomb, forward or reply to
junk email or hoax message.
×Don’t click on links embedded in spam
mails.
21. ×Don’t buy things or make charity donations
in response to spam email.
×Don’t share your Password or Id. Cards with
others.
×Don't let others watch over your shoulder
while logging in or doing online transactions
× Don’t allow unauthorized visitors in the
office premises
×Don’s use personal computing devices in
office unless authorized by management
×Don’t hack