Uploaded bykhattar31
PPTX, PDF262 views

Information awareness program

The document outlines an approach to information security emphasizing the importance of making information accessible while ensuring its protection through a five-step process: information location, classification, protection, audit, and training. It discusses the significance of classifying information to tailor protection measures and includes the necessity of auditing usage patterns to enhance policy effectiveness. Finally, end-user training is highlighted as a critical component for ensuring proper information handling and minimizing misuse.

Embed presentation

Download to read offline
Approach to Information Security Rahul Khattar
Approach to Information Security Setting the Agenda • Making Information available to all users, is essential for the enterprise to conduct its business • Leakage of such information may impact the organization adversely Five step approach to make information available and secure Information Location  Classification  Protection  Audit  Training
Approach to Information Security Where does Information Reside? On File-Servers (FTP) Shared Within DMS folders Backup Content Emails Management Backup Tapes Extracts from BI tools Laptops Removable Mobile Printer hard disk media devices This Information is shared with Employees/ Vendors/ Partners/ Desktops Email Consultants/ Contractors/ Auditors Recognize where information exists Information Location  Classification  Protection  Audit  Training
Approach to Information Security Classification What is Information Classification? It is the science to describe principles that need to be followed to protect information It guides you on how and to whom you can distribute information with a particular classification Why Classify? Classification of information is essential for every business because without classification everyone treats the same piece of information differently, which could have major consequences Classified data helps to better define and implement protection policies Information Location  Classification  Protection  Audit  Training
Approach to Information Security Protection What is Protection? Ensure that only legit users have access to the data Control data with internal/external users Define and apply policies based on Classification Why Protect? Protection enables the enterprises to manage the usage and consumption of its valuable data Information Location  Classification  Protection  Audit  Training
Approach to Information Security Audit Auditing Information Usage Track all end user actions on protected information Generate and analyze reports Keep a close eye on all your data that resides within or outside the organization Why Audit Information Usage? To understand the Information consumption pattern To showcase the shortcomings of existing policies To fine tune “Control-Policies” for your confidential data Information Location  Classification  Protection  Audit  Training
Approach to Information Security End User Training What is Training Educate employees on Information Usage Ensure participation, role play for users Using email, standees, flyers, KM portal as a medium of knowledge transfer Why Train Staff? Helps enterprise define better control-policies on data Minimize accidental misuse of information Ensure technology platform is well accepted Training ensures User participation and acceptance Information Location  Classification  Protection  Audit  Training
Approach to Information Security Importance of DFA in building better policies Data Flow Analysis is an activity to understand what is valuable information and which department holds it It also helps in tracking the information and the consumption pattern & risk DFA maps the information flow for a particular business process DFA clearly points out the security issues attached with a piece of information at different stages of its lifecycle DFA sharpens classification and protection policies on information
More Info? www.seclore.com +91-22-6130-4200 9

More Related Content

PPTX
Importance Of A Security Policy
bycharlesgarrett
 
PDF
Enterprise Security Architecture: From access to audit
byBob Rhubart
 
PDF
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
byRapidValue
 
PDF
ITFM Business Brief
bywdjohnson1
 
PDF
IANS-2008
byBob Radvanovsky
 
PDF
Data Integrity Protection
byproitsolutions
 
DOCX
Risk management
bykalli007
 
PDF
Securing_Medical_Imaging_in_the_Cloud_Whitepaper
bylaurenstill
 
Importance Of A Security Policy
bycharlesgarrett
 
Enterprise Security Architecture: From access to audit
byBob Rhubart
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
byRapidValue
 
ITFM Business Brief
bywdjohnson1
 
IANS-2008
byBob Radvanovsky
 
Data Integrity Protection
byproitsolutions
 
Risk management
bykalli007
 
Securing_Medical_Imaging_in_the_Cloud_Whitepaper
bylaurenstill
 

What's hot

PPT
Information security policy_2011
bycodka
 
PPTX
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
PPTX
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
PPTX
Security models for security architecture
byVladimir Jirasek
 
PDF
Managed firewall service.
byMindtree Ltd.
 
PDF
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
byJS
 
PPTX
Cloud Audit and Compliance
byQuadrisk
 
PPTX
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
PPTX
Cloud security - Auditing and Compliance
byJosh Tullo
 
PPT
Network security and policies
bywardjo
 
PPTX
iCode Security Architecture Framework
byMohamed Ridha CHEBBI, CISSP
 
PDF
113505 6969-ijecs-ijens
bygeekmodeboy
 
PPTX
Sw keynote
bygueste69f645
 
PPTX
Ramnish Singh Platform Security Briefing
byguestb099f64c
 
PPTX
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
PPTX
Cloud Compliance Auditing - Closer 2011
byJonathan Sinclair
 
PPTX
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
byMichael Davis
 
PPTX
Best Practices for Cloud Security
byIT@Intel
 
PPTX
CISSPills #3.02
byPierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
PDF
How to write an IT security policy guide - Tareq Hanaysha
byHanaysha
 
Information security policy_2011
bycodka
 
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
Enterprise Security in Hybrid Cloud ISACA-SV 2012
bySymosis Security (Previously C-Level Security)
 
Security models for security architecture
byVladimir Jirasek
 
Managed firewall service.
byMindtree Ltd.
 
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
byJS
 
Cloud Audit and Compliance
byQuadrisk
 
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
Cloud security - Auditing and Compliance
byJosh Tullo
 
Network security and policies
bywardjo
 
iCode Security Architecture Framework
byMohamed Ridha CHEBBI, CISSP
 
113505 6969-ijecs-ijens
bygeekmodeboy
 
Sw keynote
bygueste69f645
 
Ramnish Singh Platform Security Briefing
byguestb099f64c
 
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
Cloud Compliance Auditing - Closer 2011
byJonathan Sinclair
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
byMichael Davis
 
Best Practices for Cloud Security
byIT@Intel
 
CISSPills #3.02
byPierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
How to write an IT security policy guide - Tareq Hanaysha
byHanaysha
 

Similar to Information awareness program

PPT
Data Classification And Loss Prevention
byNicholas Davis
 
PDF
Data Protection - Safeguarding Your Business in the Digital Age.pdf
byEntrust Network Services
 
PPTX
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
PDF
Hiring Guide to the Information Security Profession
byamiable_indian
 
PPTX
Electronic data & record management
byGreenLeafInst
 
PPTX
Comprehensive Data Leak Prevention
byTanvir Hashmi
 
PPT
Responsible for information
byDunton Environmental
 
PPT
Lecture Data Classification And Data Loss Prevention
byNicholas Davis
 
PPT
Lecture data classification_and_data_loss_prevention
byNicholas Davis
 
PDF
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
PPT
Protecting Donor Privacy
byRaymond Cunningham
 
PDF
How to Secure Your Files with DLP and FAM
byImperva
 
PDF
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
bySecurity Bootcamp
 
PDF
Protecting Personal Information: A Guide for Business
by- Mark - Fullbright
 
PDF
Why Have A Digital Investigative Infrastructure
byKevin Wharram
 
PPS
H R M
byIzram Ali
 
DOCX
Replies Required for below Posting 1 user security awarene.docx
bysodhi3
 
PDF
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
byRIYAJAIN179446
 
PPTX
People are the biggest risk
byEvan Francen
 
PPT
FTC Protecting Info A Guide For Business Powerpoint
byBucacci Business Solutions
 
Data Classification And Loss Prevention
byNicholas Davis
 
Data Protection - Safeguarding Your Business in the Digital Age.pdf
byEntrust Network Services
 
L2 - Protecting Security of Assets_.pptx
byRebeccaMunasheChimhe
 
Hiring Guide to the Information Security Profession
byamiable_indian
 
Electronic data & record management
byGreenLeafInst
 
Comprehensive Data Leak Prevention
byTanvir Hashmi
 
Responsible for information
byDunton Environmental
 
Lecture Data Classification And Data Loss Prevention
byNicholas Davis
 
Lecture data classification_and_data_loss_prevention
byNicholas Davis
 
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
Protecting Donor Privacy
byRaymond Cunningham
 
How to Secure Your Files with DLP and FAM
byImperva
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
bySecurity Bootcamp
 
Protecting Personal Information: A Guide for Business
by- Mark - Fullbright
 
Why Have A Digital Investigative Infrastructure
byKevin Wharram
 
H R M
byIzram Ali
 
Replies Required for below Posting 1 user security awarene.docx
bysodhi3
 
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
byRIYAJAIN179446
 
People are the biggest risk
byEvan Francen
 
FTC Protecting Info A Guide For Business Powerpoint
byBucacci Business Solutions
 

Recently uploaded

PDF
Pengelolaan SDM Terintegrasi Berbasis Manajemen Risiko 2025
bySeta Wicaksana
 
PDF
Buy LinkedIn Connections _ Grow Your Network Fast (2).pdf
byxuexmv3qbymlv32ohdjf
 
PPTX
Business Improvement blue and white scribble art presentation
byAndrew Laurey
 
PDF
Aagami Corporate Presentation December 2025
byAagami, Inc.
 
PDF
Top 7 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byh55oga0kd25m12iaza2
 
PDF
How To Buy, Verified Wise Account in 2026.pdf
byzze2jltsflran03jy3m
 
PDF
_How to Safely Buy Instagram Accounts in 2025.pdf
byzze2jltsflran03jy3m
 
PDF
How to Buy Instagram Accounts in 2026.pdf
byh55oga0kd25m12iaza2
 
PPTX
Con Keating's slides from Pension PlayPen budget comments
byHenry Tapper
 
PDF
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
bybxi4tn48i3wkgpbyyfg
 
PDF
How to Buy Verified Binance Accounts for USDT and BTC ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
Buy Verified Google Ads Accounts to Maximize #ROI and Launch High-Impact #PPC...
byusasmmpva3211
 
PDF
How to Safely Buy Instagram Accounts in 2025 (1).pdf
byxuexmv3qbymlv32ohdjf
 
PDF
Step-by-Step Guide to Purchasing USA Facebook Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
DOCX
17 Best Platforms to Buy Verified Cash App Accounts in Bulk .docx
byWWW.USAALLHUB.COM
 
PDF
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Dark Side of Hosting_ Why People Buy Verified Airbnb Accounts
byUsaviral Wave
 
PDF
PS_DB Report_Back to the Future.pdf Punter Southall
byHenry Tapper
 
PDF
Updated-costings-on-changes-to-PPF-compensation-levels---with-31-March-2025-f...
byHenry Tapper
 
Pengelolaan SDM Terintegrasi Berbasis Manajemen Risiko 2025
bySeta Wicaksana
 
Buy LinkedIn Connections _ Grow Your Network Fast (2).pdf
byxuexmv3qbymlv32ohdjf
 
Business Improvement blue and white scribble art presentation
byAndrew Laurey
 
Aagami Corporate Presentation December 2025
byAagami, Inc.
 
Top 7 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byh55oga0kd25m12iaza2
 
How To Buy, Verified Wise Account in 2026.pdf
byzze2jltsflran03jy3m
 
_How to Safely Buy Instagram Accounts in 2025.pdf
byzze2jltsflran03jy3m
 
How to Buy Instagram Accounts in 2026.pdf
byh55oga0kd25m12iaza2
 
Con Keating's slides from Pension PlayPen budget comments
byHenry Tapper
 
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
byndsfcm3nubx18jc4s6f4
 
Best 7 Sites to Buy Verified Venmo Accounts With Zero ....pdf
bybxi4tn48i3wkgpbyyfg
 
How to Buy Verified Binance Accounts for USDT and BTC ....pdf
bykeb2bq5cegc6m2xa32ay
 
Buy Verified Google Ads Accounts to Maximize #ROI and Launch High-Impact #PPC...
byusasmmpva3211
 
How to Safely Buy Instagram Accounts in 2025 (1).pdf
byxuexmv3qbymlv32ohdjf
 
Step-by-Step Guide to Purchasing USA Facebook Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
17 Best Platforms to Buy Verified Cash App Accounts in Bulk .docx
byWWW.USAALLHUB.COM
 
How to Buy Snapchat Account( 9.7) A Step-by-Step Guide ....pdf
byndsfcm3nubx18jc4s6f4
 
Dark Side of Hosting_ Why People Buy Verified Airbnb Accounts
byUsaviral Wave
 
PS_DB Report_Back to the Future.pdf Punter Southall
byHenry Tapper
 
Updated-costings-on-changes-to-PPF-compensation-levels---with-31-March-2025-f...
byHenry Tapper
 

Information awareness program

  • 1.
    Approach to InformationSecurity Rahul Khattar
  • 2.
    Approach to InformationSecurity Setting the Agenda • Making Information available to all users, is essential for the enterprise to conduct its business • Leakage of such information may impact the organization adversely Five step approach to make information available and secure Information Location  Classification  Protection  Audit  Training
  • 3.
    Approach to InformationSecurity Where does Information Reside? On File-Servers (FTP) Shared Within DMS folders Backup Content Emails Management Backup Tapes Extracts from BI tools Laptops Removable Mobile Printer hard disk media devices This Information is shared with Employees/ Vendors/ Partners/ Desktops Email Consultants/ Contractors/ Auditors Recognize where information exists Information Location  Classification  Protection  Audit  Training
  • 4.
    Approach to InformationSecurity Classification What is Information Classification? It is the science to describe principles that need to be followed to protect information It guides you on how and to whom you can distribute information with a particular classification Why Classify? Classification of information is essential for every business because without classification everyone treats the same piece of information differently, which could have major consequences Classified data helps to better define and implement protection policies Information Location  Classification  Protection  Audit  Training
  • 5.
    Approach to InformationSecurity Protection What is Protection? Ensure that only legit users have access to the data Control data with internal/external users Define and apply policies based on Classification Why Protect? Protection enables the enterprises to manage the usage and consumption of its valuable data Information Location  Classification  Protection  Audit  Training
  • 6.
    Approach to InformationSecurity Audit Auditing Information Usage Track all end user actions on protected information Generate and analyze reports Keep a close eye on all your data that resides within or outside the organization Why Audit Information Usage? To understand the Information consumption pattern To showcase the shortcomings of existing policies To fine tune “Control-Policies” for your confidential data Information Location  Classification  Protection  Audit  Training
  • 7.
    Approach to InformationSecurity End User Training What is Training Educate employees on Information Usage Ensure participation, role play for users Using email, standees, flyers, KM portal as a medium of knowledge transfer Why Train Staff? Helps enterprise define better control-policies on data Minimize accidental misuse of information Ensure technology platform is well accepted Training ensures User participation and acceptance Information Location  Classification  Protection  Audit  Training
  • 8.
    Approach to InformationSecurity Importance of DFA in building better policies Data Flow Analysis is an activity to understand what is valuable information and which department holds it It also helps in tracking the information and the consumption pattern & risk DFA maps the information flow for a particular business process DFA clearly points out the security issues attached with a piece of information at different stages of its lifecycle DFA sharpens classification and protection policies on information
  • 9.
    More Info? www.seclore.com +91-22-6130-4200 9

Editor's Notes

  • #3 Thank you for being present today.The agenda of this presentation is to lay down a very simple and a basic approach for us to understand on what steps need to taken to protect the enterprise from the risk of its information being put to misuse. The assumption being made here is that , We recognize the need to protect information, however, we still need to identify what is that piece of information that is most valuable to the company and finally lay down the way forward.This presentation is an attempt to provide all of us with the ways and means of getting to answers to the following questions..1) Why should I be protecting my information?2) What is information classification and on Why it is a means to getting to where we want to go?3) How do I get an understand on the risk that my business is exposed to and finally around the business controls that are available to Protect my Information?So lets start by answering the 1st questions..… “Why should I be protecting my information?” Read the 1st 2 para of the slide deck…Information is exchanged by people across the enterprise. So for example an escalation about a customer transaction or perhaps a job on the design floor may end up reaching the HEAD of the given department or the CIO. Information in this case traverses across the company and you do not need a policy to hinder this flow of escalation . In fact once the issue is sorted you may need to ensure that the information is not put to misuse. Another example would be quotations that you send to customers or information that business partners receive to complete a given assignment. What would be the risk to your information that is now with an external user? Does your NDA report back to you in case information is accidentally put to misuse. . So in simple words every bit of information , during its lifecycle is exposed to some or the other risk of misuse and this risk can be measured and quantified in terms of financial loss and legal liabilities if you have not protected the confidential information that the other party has handed to youWhat would we cover… we would stich together words such as [read the 3rdpara..]Where do I start from…[next slide]
  • #5 Information classification is an approach, a science, a set of guidelines that an enterprise needs to understand & follow. It would help you understand on what is valuable to you and on how we should protect informationClassification is a means to helping different people or systems understand on how they should behave , react, behave and act when they receive information with a specific classification attached to it.
  • #9 Using a technique know as “Data Flow Analysis” we can get a grip of what information does a specific department hold and for how long. This technique provides us a map of the existing business risk that we are exposed to.Read Para 1,2,3Once we have this information I can now identify the correct policies and classification that needs to fall in place .What is now needed is a technology tool to automate some of this work. Using a plain technology approach to automate discovery and classification does not work