SlideShare a Scribd company logo
1 of 18
INFORMATION
SECURITY POLICIES
& STANDARDS.
 Define security policies and standards.
 Measure actual security against policy.
 Report violations to policy.
 Correct violations to confirm with policy.
 Summarize policy compliance for the organization.
2
Challenges before us:
BUT
Where DO We Start?????
 What assets within the organization need protection?
 What are the risks to each of these assets?
 How much time, effort, and money is the organization willing to
expend to upgrade or obtain new adequate protection against these
threats?
3
Basic Risk Assessment
 Physical items
 Sensitive data and other
information
 Computers, laptops, mobiles,
etc.
 Backups and archives.
 Manuals, books, and guides
 Communications equipment
and wiring.
 Personnel records.
 Audit records.
 Commercial software
4
Identifying the Assets:
 Non-physical items
 Personnel passwords
 Public image and reputation
 Processing availability and
continuity of operations
 Configuration information.
 Data integrity
 Confidentiality of information
 Component failure
 Misuse of software and hardware
 Viruses, Trojan horses, or worms
 Unauthorized deletion or modification
 Unauthorized disclosure of information
 Penetration ("hackers" getting into your machines)
 Software bugs and flaws
 Fires, floods, or earthquakes
 Riots
5
The risks:
 Sensitive :-
This classification applies to information that needs protection
from unauthorized modification or deletion to assure its integrity.
It is information that requires a higher than normal assurance of
accuracy and completeness. Examples of sensitive information
include organizational financial transactions and regulatory
actions.
6
Data Sensitivity Classification:
 Confidential :-
This classification applies to the most sensitive business
information that is intended strictly for use within the
organization. Its unauthorized disclosure could seriously and
adversely impact the organization, its stockholders, its business
partners, and/or its customers. Health care-related information
should be considered at least confidential.
7
Data Sensitivity Classification:
 Private :-
This classification applies to personal information that is
intended for use within the organization. Its unauthorized
disclosure could seriously and adversely impact the
organization and/or its employees.
 Public :-
This classification applies to all other information that does not
clearly fit into any of the above three classifications. While its
unauthorized disclosure is against policy, it is not expected to
impact seriously or adversely affect the organization, its
8
Data Sensitivity Classification:
Types of Security Policies:
 Password policies
 Administrative
Responsibilities
 User Responsibilities
 E-mail policies
 Internet policies
9
 Backup and restore policies
 Technologies to secure IT
Infra:
 Firewalls.
 Auditing.
 System Policies.
 IT admin policies.
 The use of e-mail to conduct official business ,which users should
adhere to.
 The use of e-mail for personal business is strictly prohibited.
 Access control and confidential protection of messages.
 The management and retention of e-mail messages.
 Official email ids should not be subscribed on any sort of websites.
 There should not be bulk emailing from any or all of the users within
the Organization.
 Spam emailing is against official policy and any email user doing
any such would be held against criminal offence.
10
E-mail Policies :
 Set of protocols and conventions used to traverse and find
information over the Internet which should be followed by all the
users.
 Browsers also introduce vulnerabilities to an organization which
should be strictly prohibited.
 Web servers can be attacked directly, or used as jumping off points
to attack an organization's internal networks so users should be
very careful while surfing and browsing.
 Firewalls and proper configuration of routers and the IP protocol can
help to fend off denial of service attacks.
11
Internet Policies:
 The backup polices should include plans for:
 Regularly scheduled backups.
 Types of backups. Most backup systems support, normal backups,
incremental backups, and differential backups.
 A schedule for backups. The schedule should normally be during
the night when the company has the least amount of users.
 The information to be backed up.
 Type of media used for backups. Tapes, CD-ROMs, other hard
drives, and so forth.
12
Backup Policies:
 Firewall configuration.
 Audits at regular intervals.
 System Policies.
 Administrator Policies.
13
Secure Network Connectivity :
 Should block unwanted traffic.
 Should direct incoming traffic to more trustworthy internal systems.
 Should hide vulnerable systems that cannot easily be secured from
the Internet.
 Should can log traffic to and from the private network.
 Should hide information such as system names, network topology,
network device types, and internal user IDs from the Internet.
 Should provide more robust authentication than standard
applications might be able to do.
14
Firewalls:
 Logon and logoff information
 System shutdown and restart information
 File and folder access
 Password changes
 Object access
 Policy changes
15
Auditing :
 All the systems should be configured with proper firewall
gateway.
 Systems should strictly have licensed and only as per use Soft
wares installed.
 Every system should be allowed to login with complex
passwords and authenticated users.
 A password must be initially assigned to a user when enrolled
on the system.
 Users must remember their passwords.
 Users must enter their passwords into the system at
authentication time.
16
System Policies:
 A user's password must be changed periodically
 The system must maintain a "password database.“
 All the systems must have user and administrator user roles
defined.
 Scheduled audits to ensure the IT security policies.
 Administrator passwords should not be shared .
 No spam and network violating activities within the organization.
17
IT Admin Policies :
PRESENTED
BY
Senseware IT Admin
Responsibilities: Managed IT.
18
Thank you for the time devoted.

More Related Content

What's hot

Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureThe Pathway Group
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1MLG College of Learning, Inc
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 

What's hot (20)

Information security management system
Information security management systemInformation security management system
Information security management system
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Data security
Data securityData security
Data security
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Information security
Information securityInformation security
Information security
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
 
Information security
Information securityInformation security
Information security
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
 
Cyber security mis
Cyber security  misCyber security  mis
Cyber security mis
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Viewers also liked

COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
3.4 ict strategy
3.4 ict strategy3.4 ict strategy
3.4 ict strategymrmwood
 
Ict policy planning and implementation issues
Ict policy planning and implementation issuesIct policy planning and implementation issues
Ict policy planning and implementation issuesEric Kluijfhout
 
Minneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsMinneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsBrandon Macon
 
Racial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxRacial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxAshley Chao
 
บทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมบทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมpennapa34
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns   How To Make Security Arch Easy To ConsumeSecurity Patterns   How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
Introduction to ITIL Service Management
Introduction to ITIL Service ManagementIntroduction to ITIL Service Management
Introduction to ITIL Service ManagementITILstudy
 
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY  2014INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY  2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014VARINDIA
 
Mito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareMito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareFederica Mondin
 

Viewers also liked (15)

COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
3.4 ict strategy
3.4 ict strategy3.4 ict strategy
3.4 ict strategy
 
Ict policy planning and implementation issues
Ict policy planning and implementation issuesIct policy planning and implementation issues
Ict policy planning and implementation issues
 
Minneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsMinneapolis Community and Technical College Reviews
Minneapolis Community and Technical College Reviews
 
follow up 1
follow up 1 follow up 1
follow up 1
 
diseño empresarial
diseño empresarialdiseño empresarial
diseño empresarial
 
Racial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxRacial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashx
 
Osama CV
Osama CVOsama CV
Osama CV
 
Tanya jawab
Tanya jawabTanya jawab
Tanya jawab
 
บทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมบทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรม
 
Desprendimiento de Virutas
Desprendimiento de VirutasDesprendimiento de Virutas
Desprendimiento de Virutas
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns   How To Make Security Arch Easy To ConsumeSecurity Patterns   How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
Introduction to ITIL Service Management
Introduction to ITIL Service ManagementIntroduction to ITIL Service Management
Introduction to ITIL Service Management
 
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY  2014INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY  2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
 
Mito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareMito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementare
 

Similar to IT Policy

Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
IRJET- Data Leak Prevention System: A Survey
IRJET-  	  Data Leak Prevention System: A SurveyIRJET-  	  Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_PolicyMrinal Dutta
 
Ways to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data BreachWays to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data Breachincmagazineseo
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Dr. Khaled Bakro
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 

Similar to IT Policy (20)

Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
Computer security
Computer securityComputer security
Computer security
 
IRJET- Data Leak Prevention System: A Survey
IRJET-  	  Data Leak Prevention System: A SurveyIRJET-  	  Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
 
Ways to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data BreachWays to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data Breach
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 

Recently uploaded

Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdf
Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdfTea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdf
Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdfDIGGIT
 
Beyond Silos: How Holistic B2B Digital Strategy Drives Pipeline
Beyond Silos: How Holistic B2B Digital Strategy Drives PipelineBeyond Silos: How Holistic B2B Digital Strategy Drives Pipeline
Beyond Silos: How Holistic B2B Digital Strategy Drives PipelineSearch Engine Journal
 
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...DIGGIT
 
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdf
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdfLicença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdf
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdfLotter Pro Brasil
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di MagetanWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetaninfoobataborsi24
 
Influencer Marekting Trends- Where the creator economy is going in in 2024
Influencer Marekting Trends- Where the creator economy is going in in 2024Influencer Marekting Trends- Where the creator economy is going in in 2024
Influencer Marekting Trends- Where the creator economy is going in in 2024Inflyx
 
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptx
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptxUsing GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptx
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptxGreg Jarboe
 
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptx
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptxThe Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptx
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptxelizabethella096
 
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdf
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdfGenerating Leads with Analyst Content Webinar Slides_SJN Final.pdf
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdfShawnNewman13
 
The Vital Role of Keyword Density in Crafting SEO-Optimized Content
The Vital Role of Keyword Density in Crafting SEO-Optimized ContentThe Vital Role of Keyword Density in Crafting SEO-Optimized Content
The Vital Role of Keyword Density in Crafting SEO-Optimized ContentKhalid332898
 
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptx
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptxThe Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptx
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptxelizabethella096
 
Killer Packaging | PrintAction
Killer Packaging | PrintActionKiller Packaging | PrintAction
Killer Packaging | PrintActionVictoria Gaitskell
 
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀Victoria Olsina
 
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...Valters Lauzums
 
Key Social Media Marketing Trends for 2024
Key Social Media Marketing Trends for 2024Key Social Media Marketing Trends for 2024
Key Social Media Marketing Trends for 2024Jomer Gregorio
 
Leading Customer Retention Strategies for 2024
Leading Customer Retention Strategies for 2024Leading Customer Retention Strategies for 2024
Leading Customer Retention Strategies for 2024experienceprosarah
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di PasuruanWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruaninfoobataborsi24
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampang
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di SampangWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampang
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampanginfoobataborsi24
 
obat pelancar haid di apotik dan harganya
obat pelancar haid di apotik dan harganyaobat pelancar haid di apotik dan harganya
obat pelancar haid di apotik dan harganyainfoobataborsi24
 
Unit 3 - Liberalization, Privatization & Globalization
Unit 3 - Liberalization, Privatization & GlobalizationUnit 3 - Liberalization, Privatization & Globalization
Unit 3 - Liberalization, Privatization & GlobalizationKaushik Jaiswal
 

Recently uploaded (20)

Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdf
Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdfTea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdf
Tea Gobec, Kako pluti po morju tehnoloških sprememb, Innovatif.pdf
 
Beyond Silos: How Holistic B2B Digital Strategy Drives Pipeline
Beyond Silos: How Holistic B2B Digital Strategy Drives PipelineBeyond Silos: How Holistic B2B Digital Strategy Drives Pipeline
Beyond Silos: How Holistic B2B Digital Strategy Drives Pipeline
 
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...
Klaus Schweighofer, Zakaj je digitalizacija odlična priložnost za medije, Sty...
 
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdf
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdfLicença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdf
Licença Lotter Pro - Conheça o Certificado Oficial da Licença Lotter Pro.pdf
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di MagetanWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Magetan
 
Influencer Marekting Trends- Where the creator economy is going in in 2024
Influencer Marekting Trends- Where the creator economy is going in in 2024Influencer Marekting Trends- Where the creator economy is going in in 2024
Influencer Marekting Trends- Where the creator economy is going in in 2024
 
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptx
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptxUsing GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptx
Using GA 4 to to Prove Value - Greg Jarboe - Aug 8, 2023.pptx
 
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptx
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptxThe Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptx
The Majestic Salar de Uyuni A Natural Wonder of Bolivia.pptx
 
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdf
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdfGenerating Leads with Analyst Content Webinar Slides_SJN Final.pdf
Generating Leads with Analyst Content Webinar Slides_SJN Final.pdf
 
The Vital Role of Keyword Density in Crafting SEO-Optimized Content
The Vital Role of Keyword Density in Crafting SEO-Optimized ContentThe Vital Role of Keyword Density in Crafting SEO-Optimized Content
The Vital Role of Keyword Density in Crafting SEO-Optimized Content
 
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptx
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptxThe Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptx
The Indian Ocean Tsunami of 2004 Remembering a Catastrophe.pptx
 
Killer Packaging | PrintAction
Killer Packaging | PrintActionKiller Packaging | PrintAction
Killer Packaging | PrintAction
 
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀
How To Structure Your Web3 Website For Max Visibility In The Bull Market🚀
 
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...
Digital PR & Content Marketing Lecture for Advanced Digital & Social Media St...
 
Key Social Media Marketing Trends for 2024
Key Social Media Marketing Trends for 2024Key Social Media Marketing Trends for 2024
Key Social Media Marketing Trends for 2024
 
Leading Customer Retention Strategies for 2024
Leading Customer Retention Strategies for 2024Leading Customer Retention Strategies for 2024
Leading Customer Retention Strategies for 2024
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di PasuruanWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruan
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Pasuruan
 
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampang
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di SampangWA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampang
WA | 0821-8888-6412 | Apotik Jual Obat Aborsi Cytotec Asli Di Sampang
 
obat pelancar haid di apotik dan harganya
obat pelancar haid di apotik dan harganyaobat pelancar haid di apotik dan harganya
obat pelancar haid di apotik dan harganya
 
Unit 3 - Liberalization, Privatization & Globalization
Unit 3 - Liberalization, Privatization & GlobalizationUnit 3 - Liberalization, Privatization & Globalization
Unit 3 - Liberalization, Privatization & Globalization
 

IT Policy

  • 2.  Define security policies and standards.  Measure actual security against policy.  Report violations to policy.  Correct violations to confirm with policy.  Summarize policy compliance for the organization. 2 Challenges before us: BUT Where DO We Start?????
  • 3.  What assets within the organization need protection?  What are the risks to each of these assets?  How much time, effort, and money is the organization willing to expend to upgrade or obtain new adequate protection against these threats? 3 Basic Risk Assessment
  • 4.  Physical items  Sensitive data and other information  Computers, laptops, mobiles, etc.  Backups and archives.  Manuals, books, and guides  Communications equipment and wiring.  Personnel records.  Audit records.  Commercial software 4 Identifying the Assets:  Non-physical items  Personnel passwords  Public image and reputation  Processing availability and continuity of operations  Configuration information.  Data integrity  Confidentiality of information
  • 5.  Component failure  Misuse of software and hardware  Viruses, Trojan horses, or worms  Unauthorized deletion or modification  Unauthorized disclosure of information  Penetration ("hackers" getting into your machines)  Software bugs and flaws  Fires, floods, or earthquakes  Riots 5 The risks:
  • 6.  Sensitive :- This classification applies to information that needs protection from unauthorized modification or deletion to assure its integrity. It is information that requires a higher than normal assurance of accuracy and completeness. Examples of sensitive information include organizational financial transactions and regulatory actions. 6 Data Sensitivity Classification:
  • 7.  Confidential :- This classification applies to the most sensitive business information that is intended strictly for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization, its stockholders, its business partners, and/or its customers. Health care-related information should be considered at least confidential. 7 Data Sensitivity Classification:
  • 8.  Private :- This classification applies to personal information that is intended for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization and/or its employees.  Public :- This classification applies to all other information that does not clearly fit into any of the above three classifications. While its unauthorized disclosure is against policy, it is not expected to impact seriously or adversely affect the organization, its 8 Data Sensitivity Classification:
  • 9. Types of Security Policies:  Password policies  Administrative Responsibilities  User Responsibilities  E-mail policies  Internet policies 9  Backup and restore policies  Technologies to secure IT Infra:  Firewalls.  Auditing.  System Policies.  IT admin policies.
  • 10.  The use of e-mail to conduct official business ,which users should adhere to.  The use of e-mail for personal business is strictly prohibited.  Access control and confidential protection of messages.  The management and retention of e-mail messages.  Official email ids should not be subscribed on any sort of websites.  There should not be bulk emailing from any or all of the users within the Organization.  Spam emailing is against official policy and any email user doing any such would be held against criminal offence. 10 E-mail Policies :
  • 11.  Set of protocols and conventions used to traverse and find information over the Internet which should be followed by all the users.  Browsers also introduce vulnerabilities to an organization which should be strictly prohibited.  Web servers can be attacked directly, or used as jumping off points to attack an organization's internal networks so users should be very careful while surfing and browsing.  Firewalls and proper configuration of routers and the IP protocol can help to fend off denial of service attacks. 11 Internet Policies:
  • 12.  The backup polices should include plans for:  Regularly scheduled backups.  Types of backups. Most backup systems support, normal backups, incremental backups, and differential backups.  A schedule for backups. The schedule should normally be during the night when the company has the least amount of users.  The information to be backed up.  Type of media used for backups. Tapes, CD-ROMs, other hard drives, and so forth. 12 Backup Policies:
  • 13.  Firewall configuration.  Audits at regular intervals.  System Policies.  Administrator Policies. 13 Secure Network Connectivity :
  • 14.  Should block unwanted traffic.  Should direct incoming traffic to more trustworthy internal systems.  Should hide vulnerable systems that cannot easily be secured from the Internet.  Should can log traffic to and from the private network.  Should hide information such as system names, network topology, network device types, and internal user IDs from the Internet.  Should provide more robust authentication than standard applications might be able to do. 14 Firewalls:
  • 15.  Logon and logoff information  System shutdown and restart information  File and folder access  Password changes  Object access  Policy changes 15 Auditing :
  • 16.  All the systems should be configured with proper firewall gateway.  Systems should strictly have licensed and only as per use Soft wares installed.  Every system should be allowed to login with complex passwords and authenticated users.  A password must be initially assigned to a user when enrolled on the system.  Users must remember their passwords.  Users must enter their passwords into the system at authentication time. 16 System Policies:
  • 17.  A user's password must be changed periodically  The system must maintain a "password database.“  All the systems must have user and administrator user roles defined.  Scheduled audits to ensure the IT security policies.  Administrator passwords should not be shared .  No spam and network violating activities within the organization. 17 IT Admin Policies :
  • 18. PRESENTED BY Senseware IT Admin Responsibilities: Managed IT. 18 Thank you for the time devoted.