The Isms in American Literature w American Studies Program w Skeletal Outline Presentation.
ISMS Awareness Presentation - CCEs.ppsx
-
Upload
muhammadomer -
Category
Documents
-
view
226 -
download
0
Transcript of ISMS Awareness Presentation - CCEs.ppsx
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
1/45
1
ISMS AWARENESS
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
2/45
2
What is Information?
An asset essential to an organizations business and needsto be protected.
Forms of information- printed, written, stored electronically,transmitted by post, email.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
3/45
3
What is Information Security?
The protection of information and information systems againstunauthorized access or modifications, whether in storage,
processing, or transit, and against denial of service to
authorized users.
Safe-guarding an organization's data from unauthorizedaccess or modification to ensure its availability, confidentiality,and integrity.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
4/45
4
Why Information Security?
1. Protects information from a range of threats
2. Ensures business continuity
3. Minimizes financial loss
4. Optimizes return on investments
5. Increases business opportunities
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
5/45
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
6/45
6
Reputation loss
Financial loss
Intellectual property loss
Legislative Breaches leading to legalactions (Cyber Law)
Loss of customer confidence
Business interruption costs
Loss of goodwill
Security Breaches Leads to..
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
7/457
TBSS Information Security Policy
Inform at ion Secur i ty Pol icy Sta tement
TBSS is com mit ted to p rotec t the Conf ident ia l i ty, In tegr i ty and A ccess ib i l i ty o f i t s
Inform at ion , thereby prov iding com prehens ive assurance to a l l it s s takeholders .
To tha t end TBSS wi l l aggress ive ly u nravel and learn the ch anging landscape of r i sk ,
review org aniza t ion s tandards and pro cess per iodica l ly and focu s re lent less ly on
execution.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
8/458
Information Classification
Information Classification Description
PublicDisclosure inside or outside organization would not cause any damage orinconvenience.
InternalDisclosure inside the organization for effective implementation ofprocedures and processes would not cause any damage or inconvenience
RestrictedDisclosure inside or outside organization would be inappropriate andinconvenient.
ConfidentialDisclosure inside or outside would cause significant harm to the interest ofthe organization.
SecretDisclosure inside or outside would cause serious damage to the interests ofthe organization.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
9/459
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
10/4510
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
a. Check for your system Antivirus update regularlyb. Do not download unauthorized softwaresc. Do not store Confidential documents on your local machine
d. Do not store songs and videos on to your system
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
11/4511
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
a. Think Before you click
b. Confirm that the message is legitimate
c. Close pop-up messages carefully
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
12/4512
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
a. Give a proper classification to the information
b. Information should be stored only in Share Portals
c. Information should be stored in a manner such that at least userID/password authentication is required for accessing the same
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
13/4513
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
a. Passwords must be treated as sensitive and confidentialinformation.
b. Never share your password with anyone for any reason.
c. Passwords should not be written down, stored electronically,or published.
d. Use different passwords for your different accounts.
e. Create passwords that arenot common,avoid common keyboard sequences,contain personal information, such as pets & birthdays.
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
14/451414
1 Strengthen your computers defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when youre on the go
a. Use Organizations VPN for email communication
b. Confirm the connection
c. Do not use flash drives & Memory cards
Steps to Strengthen your information security
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
15/4515
Guidelines and Safe practices for, Creation of Passwords
Email Usage
Clear desk
Internet Usage
Tailgating and Piggybacking
Social Engineering
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
16/4516
Password SecurityGuidelines
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
17/4517
Password Security Guidelines
Password should containAt least 8 charactersUppercase Letters (A-Z)Lowercase Letters (a-z)Numbers (0-9)Special characters (!@#$%^&*)
Use Hard-to-Guess passwords
Change password regularly (for every 30 days)
Memorize password and refrain from writing it down.
Never choose Remember password feature in any application
Last 5 passwords should not be reused for any reason.
Password should strictly be kept private and confidential.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
18/4518
Password Security Guidelines
DOs Use a combination of lower and upper case letters,
Numbers and special characters Change the password regularly Create a complex, strong password, and protect its
secrecy
DONTs
Use of personal information(ex: birthday, home address, phone number)
Dictionary words (including foreign languages) Write it down Share it with anyone
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
19/4519
Password Security Guidelines
Which of the below passwords are strong?
Password@123
weak
abc@1122harshaSree@1841MpbN!h@5612
Strong
My P ets Baby Name Is Happy
Rsw3yO!D
Reemas S on Was 3 Years Old In December
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
20/4520
Safe EmailPractices
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
21/4521
Safe Email Practices
Do not open unexpected or suspicious E-mails.
Delete them if they does not concern you.
Be aware of sure signs of scam email.Not addressed to you by nameAsks for personal or financial informationAsks you for passwordAsks you to forward it to lots of other people
Before opening an email attachment, Save theattachment on to the disk and scan for viruses.
Do not forward chain e-mails containingconfidential information, unless the recipient is
the trusted information seeker.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
22/4522
Safe Email Practices
A suspicious email address.(Note that the real emailaddress is not from Outlook.)
Generic salutations ratherthan using your name
Alarmist messages. Criminals
try to create a sense ofurgency so youll respondwithout thinking.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
23/4523
Social Engineering
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
24/4524
Social Engineering
Socia l engineer ing i s a hacking technique tha t rel ies on hu man na ture . This approach i s us ed bymany h ackers to obta in inform at ion va luable to access ing a secure sys tem.
Rather than us ing sof tware to ident i fy secur i ty w eaknesses , hackers a t tempt to t r ick an ind iv idualin to reveal ing passwor ds and o ther informat ion tha t can com prom ise your sys tem secur i ty.
They use peoples inh erent na ture to t rus t to learn passw ords , logon IDs , server nam es , opera t ingsys tems, or o ther sens i t ive informat ion .
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
25/4525
For example, a hacker may attempt to gain system information from an employee by posing as a servicetechnician or system administrator with an urgent access problem.
Nobody should ever ask you fo r you r pas swords . This includes system administrators and help desk personnel.
Never hesitate to ask the following questions,
Ask for the correc t spe l l ing of thei r name
Ask for a contac t numb er and person ' s pos i t io n to have a ca l l back
Ask for the purpo se and urgency of the inform at ion
Ask the approval for seeking the inform at ion
Do no t g ive ou t pas swords .
If someone request you for sensitive information?
Social Engineering
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
26/45
26
Clear Desk Guidelines
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
27/45
27
What's Wrong with This Picture?
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
28/45
28
Clear Desk Guidelines
Lock the computer when yourworkspace is unattended.
Shut down the system atthe end of the day..!
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
29/45
29
Clear Desk Guidelines
All the Confidential and Internal usedocuments must be removed fromthe desk and locked in a drawer orfile cabinet when the workstation isunattended and at the end of the
workday.
All waste papers, which havepersonal or confidentialinformation, must be destroyedthrough shredding machines .
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
30/45
30
Clear Desk Guidelines
Passwords and any other confidentialinformation must not be posted on orunder a computer or in any otheraccessible location.
Copies of documents containing Confidential orInternal use information must be immediatelyremoved from printers. If problem with printer, turnoff printer to remove sensitive material from printers memory.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
31/45
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
32/45
32
Handling Media Devices
Do not bring any personal removable media like USB storage devices, CDs, DVDs into office premises.
If i t i s requi red to br ing th e media device , same mu st be expl ic i t ly d ec lared a t secur i ty desk .
All events detected for th e use of USB mass s torage wil l be treated
as securi ty incidents and shall be dealt as per organizat ion's
inform at ion secur i ty inc ident management process
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
33/45
33
Handling Media Devices
If removable media devices are carried for office use
A prior authorization from business head is required, stating the usage.
Technology team should approve the same after scanning the content.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
34/45
34
InternetUsageGuidelines
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
35/45
35
Internet Usage Guidelines
Acc ess to the In ternet i s prov ided to emp loyees for the benef i t of TBSS and i t scus tomers
Employees us ing the In ternet a re represent ing the company. Employees areresponsib le for ensur ing tha t the In ternet i s us ed in an effec t ive , eth ica l , and lawfulmanner.
The In ternet shou ld no t genera lly be used fo r personal ga in or advancem ent ofindiv idu al in teres t . Sol ic i ta t ion of non -TBSS bus iness o r use o f In ternet for p ersonalgain i s s t r ic t ly pro hibi ted .
Use of the In ternet must n ot d is ru pt the opera t ion of the TBSS netwo rk. It mu st notin ter fere wi th yo ur pro duct iv i ty.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
36/45
36
Internet Usage Guidelines
Acc ess ing gam ing s i tes , adul t s i tes and in i t ia t ing anyhacking ac t iv i ty or denia l -of -serv ice a t tack over thein ternet are s t r ic t ly prohibi ted and Users are sole lyresponsib le for any legal ac t ion ar i s ing ou t of the same.
Fi le dow nloads l ike exe, mp3 e tc f rom the In ternet a renot perm i t ted unless speci f ica l ly autho r ized in w r i t ingby th e Techn olog y Team.
Users dur ing the i r course of in ternet access sho uld no tv io la te or inf r inge upo n the r ights of o thers , dow nload
pirated softw are (copy righ ted material).
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
37/45
37
Access to Ins tant Messengers shal l not bepermit ted . If required , i t shal l be sup por ted b y th ebus iness need supp or ted by requ i s i t e approva l s .
Internet Usage Guidelines
Users are sole ly respo nsib le for any legal ac t ion
ar is ing ou t of abuse or agains t n a t ional secur i tythat has or ig in ated f rom th ei r com pu ter /Lapto p.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
38/45
38
Physical Security
Guidelines
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
39/45
39
I forgot my Identity card. can youplease tag me in, with your card..?
No, You should inform the reception,they will issue temporary Identitycard for you.
Physical Security Guidelines
It is mandatory for users to display the ID card / visitor pass legibly.
Users are not allowed to swipe their ID cards on restricted entry points.
Users must swipe their ID cards at all times to access all access controlled areas.
Loss of ID card to be reported to Facilities department and BMS team immediately.
Users are not allowed to lend their ID cards to others.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
40/45
40
Physical Security Guidelines
Users are not allowed to carry any removable media storage devices like Floppy,CD, Pen drive, etc into TBSS premises.
Usage of camera (also camera in the mobile phone) is prohibited inside TBSSpremises.
Users are required to cooperate with security for frisking.
Tailgating is strictly prohibited.
All company laptops must have Laptop cards attached to it.
Laptop users must display their laptop cards to carry laptops into & from TBSS
office premises
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
41/45
41
Physical Security Guidelines
No Tailgating
Make sure that you are the only one entering with your access card..!Ensure Access Doors to controlled areas closed securely after Entering and exiting.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
42/45
42
Physical Security Guidelines
You need to know Fire / Emergency Exits.
Evacuation plan / procedure
Emergency information.
Reporting mechanisms.
-
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
43/45
43
Acceptable Usage Policy
Clear Desk Policy
Email Policy
Information Security Incident Management policy
Information Security Policy
Internet Utilization Policy
Password Policy
Physical Security Policy
Printer Usage Policy
ISO 27001: 2013 documents available at the below mentioned link:
http://be.serwizsol.com/Internal/Forms/View.aspx?RootFolder=%2FInternal%2FISO%2027001&View=%7bD59EBEF6%2dBB33%2d4A8A%2d8FE6%2dE35ADB51165E%7d
You need to know below ISMS policies available in Drishti
ISMS Policies
http://be.serwizsol.com/Internal/Forms/View.aspx?RootFolder=/Internal/ISO%2027001&View={D59EBEF6-BB33-4A8A-8FE6-E35ADB51165E}http://be.serwizsol.com/Internal/Forms/View.aspx?RootFolder=/Internal/ISO%2027001&View={D59EBEF6-BB33-4A8A-8FE6-E35ADB51165E}http://be.serwizsol.com/Internal/Forms/View.aspx?RootFolder=/Internal/ISO%2027001&View={D59EBEF6-BB33-4A8A-8FE6-E35ADB51165E}http://be.serwizsol.com/Internal/Forms/View.aspx?RootFolder=/Internal/ISO%2027001&View={D59EBEF6-BB33-4A8A-8FE6-E35ADB51165E} -
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
44/45
44
INFORMATION SECURITY
Report all information security incidents to [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
8/11/2019 ISMS Awareness Presentation - CCEs.ppsx
45/45
Reach us at :E-mail : [email protected]