SlideShare a Scribd company logo

Information security overview

Download as PPTX, PDF
Ponum Raja
Ponum Raja

The document discusses information security. It begins by defining information and information security, noting that information is a valuable asset that needs protection. It then discusses the components of information security including people, processes, and technology. Finally, it outlines some user responsibilities for maintaining information security, such as following password guidelines, acceptable internet and email use, and reporting security incidents.

Technology
1 of 27
INFORMATION SECURITY I N F O R M A T I O N S E C U R I T Y -Farid Ud Din
What is Information? What is Information Security? What is RISK? An Introduction to ISO for information technology User Responsibilities A G E N D A 2
'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005 I N F O R M A T I O N 3
I N F O R M A T I O N L I F E C Y C L E Information can be  Created  Stored  Destroyed  Processed  Transmitted  Used – (For proper & improper purposes)  Corrupted  Lost  Stolen 4
I N F O R M A T I O N T Y P E S Printed or written on paper Stored electronically  Transmitted by post or using electronics means Shown on corporate videos Displayed / published on web Verbal – spoken in conversations ‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’ (BS ISO 27002:2005) 5
I N F O R M A T I O N S E C U R I T Y What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do 6
 The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together What Is Information Security  Security is for PPT and not only for appliances or devices  Monitored 24x7  Having People, Processes, Technology, policies, procedures, I N F O R M A T I O N S E C U R I T Y 12/17/20 15 7MOHAN KAMAT
I N F O S E C C O M P O N E N T S PEOPLE PROCESSES TECHNOLOGY 12/17/201 5 8MOHAN KAMAT
P E O P L E People “Who we are” People who use or interact with the Information include:  Share Holders / Owners  Management  Employees  Business Partners  Service providers  Contractors  Customers / Clients  Regulators etc… 12/17/20 15 9MOHAN KAMAT
Process “what we do” The processes refer to "work practices" or workflow. Processes are the repeatable steps to accomplish business objectives. Typical process in our IT Infrastructure could include:  Helpdesk / Service management  Incident Reporting and Management  Change Requests process  Request fulfillment  Access management  Identity management  Service Level / Third-party Services Management  IT procurement process etc... P R O C E S S 10
Technology “what we use to improve what we do” Network Infrastructure:  Cabling, Data/Voice Networks and equipment  Telecommunications services (PABX), including VoIP services , ISDN , Video Conferencing  Server computers and associated storage devices  Operating software for server computers  Communications equipment and related hardware.  Intranet and Internet connections  VPNs and Virtual environments  Remote access services  Wireless connectivity T E C H N O L O G Y 12/17/20 15 11MOHAN KAMAT
Technology “what we use to improve what we do” T E C H N O L O G Y Application software:  Finance and assets systems, including Accounting packages, Inventory management, HR systems, Assessment and reporting systems  Software as a service (Sass) - instead of software as a packaged or custom-made product. Etc.. Physical Security components:  CCTV Cameras  Clock in systems / Biometrics  Environmental management Systems: Humidity Control, Ventilation , Air Conditioning, Fire Control systems  Electricity / Power backup Access devices:  Desktop computers  Laptops, ultra-mobile laptops and PDAs  Thin client computing.  Digital cameras, Printers, Scanners, Photocopier etc. 12/17/20 15 12MOHAN KAMAT
1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities I N F O R M A T I O N S E C U R I T Y Business survival depends on information security. INFORMATION SECURITY 12/17/20 15 13MOHAN KAMAT
ISO 27002:2005 defines Information Security as the preservation of: – Confidentiality Ensuring that information is accessible only to those authorized to have access – Integrity Safeguarding the accuracy and completeness of information and processing methods – Availability Ensuring that authorized users have access to information and associated assets when required I N F O R M A T I O N A T T R I B U T E S 12/17/20 15 14MOHAN KAMAT
• Reputation loss • Financial loss • Intellectual property loss • Legislative Breaches leading to legal actions (Cyber Law) • Loss of customer confidence • Business interruption costs Security breaches leads to… LOSS OF GOODWILL 12/17/20 15 15MOHAN KAMAT
• Information Security is “Organizational Problem” rather than “IT Problem” • More than 70% of Threats are Internal • More than 60% culprits are First Time fraudsters • Biggest Risk : People • Biggest Asset : People • Social Engineering is major threat • More than 2/3rd express their inability to determine “Whether my systems are currently compromised?” I N F O S E C U R I T Y S U R V E Y 12/17/20 15 16MOHAN KAMAT
W H A T I S R I S K What is Risk? Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset. Threat: Something that can potentially cause damage to the organisation, IT Systems or network. Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat. 17
U S E R R E S P O N S I B I L I T I E S Information Security Policy IS Policy is approved by Top Management Policy is released on Intranet at http://xx.xx.xx.xx/ISMS/index.htm 12/17/20 15 18MOHAN KAMAT
I N F O A S S E T C L A S S I F I C A T I O N CONFIDENTIAL: If this information is leaked outside Organisation, it will result in major financial and/or image loss. Compromise of this information will result in statutory, legal non- compliance. Access to this information must be restricted based on the concept of need-to-know. Disclosure requires the information owner’s approval. In case information needs to be disclosed to third parties a signed confidentiality agreement is also required. Examples include Customer contracts, rate tables, process documents and new product development plans. INTERNAL USE ONLY: If this information is leaked outside Organisation, it will result in Negligible financial loss and/or embarrassment. Disclosure of this information shall not cause serious harm to Organisation, and access is provided freely to all internal users. Examples include circulars, policies, training materials etc. PUBLIC: Non availability will have no effect. If this information is leaked outside Organisation, it will result in no loss. This information must be explicitly approved by the Corporate Communications Department or Marketing Department in case of marketing related information, as suitable for public dissemination. Examples include marketing brochures, press releases. 12/17/20 15 19MOHAN KAMAT Information Asset Classification
U S E R R E S P O N S I B I L I T I E S Access Control - Physical • Follow Security Procedures • Wear Identity Cards and Badges • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so 12/17/20 15 20MOHAN KAMAT
U S E R R E S P O N S I B I L I T I E S Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria 12/17/20 15 21MOHAN KAMAT
U S E R R E S P O N S I B I L I T I E S Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.  Do not access internet through dial-up connectivity  Do not use internet for viewing, storing or transmitting obscene or pornographic material  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Use internet services for business purposes only Internet Usage 12/17/20 15 22MOHAN KAMAT
U S E R R E S P O N S I B I L I T I E S E-mail Usage  Do not use official ID for any personal subscription purpose  Do not send unsolicited mails of any type like chain letters or E-mail Hoax  Do not send mails to client unless you are authorized to do so  Do not post non-business related information to large number of users  Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails  If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired 12/17/20 15 23MOHAN KAMAT
U S E R R E S P O N S I B I L I T I E S Security Incidents Report Security Incidents (IT and Non-IT) to Helpdesk through • E-mail to info.sec@organisation.com • Telephone : xxxx-xxxx-xxxx • Anonymous Reporting through Drop boxes e.g.: IT Incidents: Mail Spamming, Virus attack, Hacking, etc. Non-IT Incidents: Unsupervised visitor movement, Information leakage, Bringing unauthorized Media •Do not discuss security incidents with any one outside organisation •Do not attempt to interfere with, obstruct or prevent anyone from reporting incidents 12/17/20 15 24MOHAN KAMAT
U S E R R E S P O N S I B I L I T I E S  Ensure your Desktops are having latest antivirus updates  Ensure your system is locked when you are away  Always store laptops/ media in a lockable place  Be alert while working on laptops during travel  Ensure sensitive business information is under lock and key when unattended  Ensure back-up of sensitive and critical information assets  Understand Compliance Issues such as Cyber Law IPR, Copyrights, NDA Contractual Obligations with customer  Verify credentials, if the message is received from unknown sender  Always switch off your computer before leaving for the day  Keep your self updated on information security aspects 12/17/20 15 25MOHAN KAMAT
Human Wall Is Always Better Than A Firewall . . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL 12/17/2015 26MOHAN KAMAT
12/17/2015 27MOHAN KAMAT

Recommended

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
Online terms & conditions
Online terms & conditionsOnline terms & conditions
Online terms & conditionsProf. Jacques Folon (Ph.D)
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-CommerceAleksandr Yampolskiy
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1Pankaj Nandurkar
 

Recommended

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Best Practices For Information Security Management 2011
Best Practices For Information Security Management 2011Tony Richardson CISSP
 
Online terms & conditions
Online terms & conditionsOnline terms & conditions
Online terms & conditionsProf. Jacques Folon (Ph.D)
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-CommerceAleksandr Yampolskiy
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1Pankaj Nandurkar
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
IAM
IAMIAM
IAMProf. Jacques Folon (Ph.D)
 
Big Data Requires Big Protection
Big Data Requires Big ProtectionBig Data Requires Big Protection
Big Data Requires Big ProtectionIBM Security
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
E-discovery
E-discoveryE-discovery
E-discoveryProf. Jacques Folon (Ph.D)
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web SiteDonny Shimamoto
 
Information ethics & intro to information security
Information ethics & intro to information securityInformation ethics & intro to information security
Information ethics & intro to information securityUMaine
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimesprincejhulan
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselOCTF Industry Engagement
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINALFINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINALMatthew Magner
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MISAmirul Shafiq Ahmad Zuperi
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptxAhmadNaswin
 

More Related Content

What's hot

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Big Data Requires Big Protection
Big Data Requires Big ProtectionBig Data Requires Big Protection
Big Data Requires Big ProtectionIBM Security
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web SiteDonny Shimamoto
 
Information ethics & intro to information security
Information ethics & intro to information securityInformation ethics & intro to information security
Information ethics & intro to information securityUMaine
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINALFINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINALMatthew Magner
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 

What's hot (20)

Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
IAM
IAMIAM
IAM
 
Big Data Requires Big Protection
Big Data Requires Big ProtectionBig Data Requires Big Protection
Big Data Requires Big Protection
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 Overview
 
E-discovery
E-discoveryE-discovery
E-discovery
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web Site
 
Information ethics & intro to information security
Information ethics & intro to information securityInformation ethics & intro to information security
Information ethics & intro to information security
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINALFINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 

Similar to Information security overview

Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
IT Policy - Need of the Hour
IT Policy - Need of the HourIT Policy - Need of the Hour
IT Policy - Need of the HourVijay Dalmia
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxSAbedinArman
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxharigopala
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Social media data leakage and data accountability risks
Social media data leakage and data accountability risksSocial media data leakage and data accountability risks
Social media data leakage and data accountability risksArrka Consulting
 
Social media risks - data leakage and data accountability
Social media risks - data leakage and data accountabilitySocial media risks - data leakage and data accountability
Social media risks - data leakage and data accountabilityArrka Consulting
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage DetectionIJERA Editor
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 

Similar to Information security overview (20)

Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptx
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
IT Policy
IT PolicyIT Policy
IT Policy
 
IT Policy - Need of the Hour
IT Policy - Need of the HourIT Policy - Need of the Hour
IT Policy - Need of the Hour
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptx
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptx
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Social media data leakage and data accountability risks
Social media data leakage and data accountability risksSocial media data leakage and data accountability risks
Social media data leakage and data accountability risks
 
Social media risks - data leakage and data accountability
Social media risks - data leakage and data accountabilitySocial media risks - data leakage and data accountability
Social media risks - data leakage and data accountability
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 

Recently uploaded

الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistandanishmna97
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 

Recently uploaded (20)

الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 

Information security overview

  • 2. What is Information? What is Information Security? What is RISK? An Introduction to ISO for information technology User Responsibilities A G E N D A 2
  • 3. 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005 I N F O R M A T I O N 3
  • 4. I N F O R M A T I O N L I F E C Y C L E Information can be  Created  Stored  Destroyed  Processed  Transmitted  Used – (For proper & improper purposes)  Corrupted  Lost  Stolen 4
  • 5. I N F O R M A T I O N T Y P E S Printed or written on paper Stored electronically  Transmitted by post or using electronics means Shown on corporate videos Displayed / published on web Verbal – spoken in conversations ‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’ (BS ISO 27002:2005) 5
  • 6. I N F O R M A T I O N S E C U R I T Y What Is Information Security  The quality or state of being secure to be free from danger  Security is achieved using several strategies  Security is achieved using several strategies simultaneously or used in combination with one another  Security is recognized as essential to protect vital processes and the systems that provide those processes  Security is not something you buy, it is something you do 6
  • 7.  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together What Is Information Security  Security is for PPT and not only for appliances or devices  Monitored 24x7  Having People, Processes, Technology, policies, procedures, I N F O R M A T I O N S E C U R I T Y 12/17/20 15 7MOHAN KAMAT
  • 9. P E O P L E People “Who we are” People who use or interact with the Information include:  Share Holders / Owners  Management  Employees  Business Partners  Service providers  Contractors  Customers / Clients  Regulators etc… 12/17/20 15 9MOHAN KAMAT
  • 10. Process “what we do” The processes refer to "work practices" or workflow. Processes are the repeatable steps to accomplish business objectives. Typical process in our IT Infrastructure could include:  Helpdesk / Service management  Incident Reporting and Management  Change Requests process  Request fulfillment  Access management  Identity management  Service Level / Third-party Services Management  IT procurement process etc... P R O C E S S 10
  • 11. Technology “what we use to improve what we do” Network Infrastructure:  Cabling, Data/Voice Networks and equipment  Telecommunications services (PABX), including VoIP services , ISDN , Video Conferencing  Server computers and associated storage devices  Operating software for server computers  Communications equipment and related hardware.  Intranet and Internet connections  VPNs and Virtual environments  Remote access services  Wireless connectivity T E C H N O L O G Y 12/17/20 15 11MOHAN KAMAT
  • 12. Technology “what we use to improve what we do” T E C H N O L O G Y Application software:  Finance and assets systems, including Accounting packages, Inventory management, HR systems, Assessment and reporting systems  Software as a service (Sass) - instead of software as a packaged or custom-made product. Etc.. Physical Security components:  CCTV Cameras  Clock in systems / Biometrics  Environmental management Systems: Humidity Control, Ventilation , Air Conditioning, Fire Control systems  Electricity / Power backup Access devices:  Desktop computers  Laptops, ultra-mobile laptops and PDAs  Thin client computing.  Digital cameras, Printers, Scanners, Photocopier etc. 12/17/20 15 12MOHAN KAMAT
  • 13. 1. Protects information from a range of threats 2. Ensures business continuity 3. Minimizes financial loss 4. Optimizes return on investments 5. Increases business opportunities I N F O R M A T I O N S E C U R I T Y Business survival depends on information security. INFORMATION SECURITY 12/17/20 15 13MOHAN KAMAT
  • 14. ISO 27002:2005 defines Information Security as the preservation of: – Confidentiality Ensuring that information is accessible only to those authorized to have access – Integrity Safeguarding the accuracy and completeness of information and processing methods – Availability Ensuring that authorized users have access to information and associated assets when required I N F O R M A T I O N A T T R I B U T E S 12/17/20 15 14MOHAN KAMAT
  • 15. • Reputation loss • Financial loss • Intellectual property loss • Legislative Breaches leading to legal actions (Cyber Law) • Loss of customer confidence • Business interruption costs Security breaches leads to… LOSS OF GOODWILL 12/17/20 15 15MOHAN KAMAT
  • 16. • Information Security is “Organizational Problem” rather than “IT Problem” • More than 70% of Threats are Internal • More than 60% culprits are First Time fraudsters • Biggest Risk : People • Biggest Asset : People • Social Engineering is major threat • More than 2/3rd express their inability to determine “Whether my systems are currently compromised?” I N F O S E C U R I T Y S U R V E Y 12/17/20 15 16MOHAN KAMAT
  • 17. W H A T I S R I S K What is Risk? Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset. Threat: Something that can potentially cause damage to the organisation, IT Systems or network. Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat. 17
  • 18. U S E R R E S P O N S I B I L I T I E S Information Security Policy IS Policy is approved by Top Management Policy is released on Intranet at http://xx.xx.xx.xx/ISMS/index.htm 12/17/20 15 18MOHAN KAMAT
  • 19. I N F O A S S E T C L A S S I F I C A T I O N CONFIDENTIAL: If this information is leaked outside Organisation, it will result in major financial and/or image loss. Compromise of this information will result in statutory, legal non- compliance. Access to this information must be restricted based on the concept of need-to-know. Disclosure requires the information owner’s approval. In case information needs to be disclosed to third parties a signed confidentiality agreement is also required. Examples include Customer contracts, rate tables, process documents and new product development plans. INTERNAL USE ONLY: If this information is leaked outside Organisation, it will result in Negligible financial loss and/or embarrassment. Disclosure of this information shall not cause serious harm to Organisation, and access is provided freely to all internal users. Examples include circulars, policies, training materials etc. PUBLIC: Non availability will have no effect. If this information is leaked outside Organisation, it will result in no loss. This information must be explicitly approved by the Corporate Communications Department or Marketing Department in case of marketing related information, as suitable for public dissemination. Examples include marketing brochures, press releases. 12/17/20 15 19MOHAN KAMAT Information Asset Classification
  • 20. U S E R R E S P O N S I B I L I T I E S Access Control - Physical • Follow Security Procedures • Wear Identity Cards and Badges • Ask unauthorized visitor his credentials • Attend visitors in Reception and Conference Room only • Bring visitors in operations area without prior permission • Bring hazardous and combustible material in secure area • Practice “Piggybacking” • Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so 12/17/20 15 20MOHAN KAMAT
  • 21. U S E R R E S P O N S I B I L I T I E S Password Guidelines  Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)  Use passwords that can be easily remembered by you  Change password regularly as per policy  Use password that is significantly different from earlier passwords Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria 12/17/20 15 21MOHAN KAMAT
  • 22. U S E R R E S P O N S I B I L I T I E S Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.  Do not access internet through dial-up connectivity  Do not use internet for viewing, storing or transmitting obscene or pornographic material  Do not use internet for accessing auction sites  Do not use internet for hacking other computer systems  Do not use internet to download / upload commercial software / copyrighted material  Use internet services for business purposes only Internet Usage 12/17/20 15 22MOHAN KAMAT
  • 23. U S E R R E S P O N S I B I L I T I E S E-mail Usage  Do not use official ID for any personal subscription purpose  Do not send unsolicited mails of any type like chain letters or E-mail Hoax  Do not send mails to client unless you are authorized to do so  Do not post non-business related information to large number of users  Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails  If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired 12/17/20 15 23MOHAN KAMAT
  • 24. U S E R R E S P O N S I B I L I T I E S Security Incidents Report Security Incidents (IT and Non-IT) to Helpdesk through • E-mail to info.sec@organisation.com • Telephone : xxxx-xxxx-xxxx • Anonymous Reporting through Drop boxes e.g.: IT Incidents: Mail Spamming, Virus attack, Hacking, etc. Non-IT Incidents: Unsupervised visitor movement, Information leakage, Bringing unauthorized Media •Do not discuss security incidents with any one outside organisation •Do not attempt to interfere with, obstruct or prevent anyone from reporting incidents 12/17/20 15 24MOHAN KAMAT
  • 25. U S E R R E S P O N S I B I L I T I E S  Ensure your Desktops are having latest antivirus updates  Ensure your system is locked when you are away  Always store laptops/ media in a lockable place  Be alert while working on laptops during travel  Ensure sensitive business information is under lock and key when unattended  Ensure back-up of sensitive and critical information assets  Understand Compliance Issues such as Cyber Law IPR, Copyrights, NDA Contractual Obligations with customer  Verify credentials, if the message is received from unknown sender  Always switch off your computer before leaving for the day  Keep your self updated on information security aspects 12/17/20 15 25MOHAN KAMAT
  • 26. Human Wall Is Always Better Than A Firewall . . . LET US BUILD A HUMAN WALL ALONG WITH FIREWALL 12/17/2015 26MOHAN KAMAT