Model Information Office


Published on

A Model Information Office - Compliance, Control, Processes and Systems

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Model Information Office

  1. 1. Compliance & Control, Systems & Partner Relationship Management Mahesh Patwardhan
  2. 2. Information Office Office of Technology Compliance Systems Partner and Control Relations Partner Change Policy Ops and Contract Information Access Build and Relationship Managemen Managemen Maintenanc Managemen Security Control Deploy Managemen t t e t t
  3. 3. Compliance and Control: Information Security  Information Security Office  Chief Information Security Officer  Implement the Information Security Policy  Implement the Access Control Policy  Implement the Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged
  4. 4. Compliance and Control: Information Security  Communication:  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.
  5. 5. Compliance and Control: Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)
  6. 6. Access Control Creation/Deletion of User IDs /privilege grants process Request for user id Request for user id Authorized creation / deletion creation / deletion Request (email authorized by and hardcopy) raised by business business unit Head approved by unit mgr. Head - IO Request from HR for domain/email ID Hardcopy of Authorized Confirmation Request sent for granting Filed by Mgr – IS & App and Server requested Request for temporary Access Auth Matrix Privileges/access unprivileged access Updated To server raised by user Email/Domain Application User Request for privileged Login Login Access on server raised Request Created/Removed Created/Removed By NOC/Engineering Authorized By Manager - IT by Manager: IS team By CTO
  7. 7. Access Control Authorizations Filing Authorization Filing Manager Process & Control Email / Domain Privileged Access Application Users Temporary Access Users Users Authorizations Authorizations Authorizations Authorizations Signed Signed Signed Signed Authorization Authorization Authorization Authorization Form Form Form Form User Creation / User Creation / Removal Removal Log Log Application Email / Domain Authorization Users List Matrix
  8. 8. Office of Compliance and Control: Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Review Meetings minutes to be recorded and the findings of the review documented  Review Report with recommendations for re-mediation submitted, report approved.  Approved recommendations carried out.  Review of re-mediation carried out, approved and signed-off on.
  9. 9. Office of Compliance and Control: Policy Management  Information Steering Committee (ISC)  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
  10. 10. Information Office Hierarchy Head – Information Office Chief Information Security Information Director Officer Office Information Systems Sr. Mgr Office of Sr. Mgr Sr. Mgr Technology Compliance & Info. Systems Vendor Partner Control Compliance Relations Systems Relations & (Engineering Control Office) Information Partner Access Change Policy Build and Ops & Contract Security Relationship Control Control Management Deploy Maintenance Management Management