Program Objective Security Basics

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Session # 48 Security on Your Campus: How to Protect Privacy Information Robert Ingwalson.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IT Security Essentials Ian Lazerwitz, Information Security Officer.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Why Comply with PCI Security Standards?
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Information Security Information Technology and Computing Services Information Technology and Computing Services
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
General Awareness Training
PART THREE E-commerce in Action Norton University E-commerce in Action.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
1.1 System Performance Security Module 1 Version 5.
What does “secure” mean? Protecting Valuables
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Information Security Office Protecting Privacy in the New Millennium © Copyright Melissa Guenther, LLC. All rights reserved. Kelley Bogart – Information.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
Chap1: Is there a Security Problem in Computing?.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
ONLINE SECURITY Tips 1 Online Security Online Security Tips.
Computer Security Sample security policy Dr Alexei Vernitski.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
2015Computer Services – Information Security| Information Security Training Budget Officers.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Management System Ali Saeed Khan 29 th April, 2016.
Technological Awareness for Teens and Young Adults.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
ISMS End User Awareness
ISMS Information Security Management System
Security Issues in Information Technology
What is Information Security?
IT Security  .
Social Engineering Charniece Craven COSC 316.
Information Security Awareness
Lecture 14: Business Information Systems - ICT Security
Information Security 101 Richard Davis, Rob Laltrello.
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Malware, Phishing and Network Policies
INFORMATION SYSTEMS SECURITY and CONTROL
Information Security Awareness
Presentation transcript:

Program Objective Security Basics Framework for managing information security user’s role in implementing & maintaining information security

Information Security Information Security is a method by which an organization ensures that- it has control over its systems and data, thereby protecting its investment in information technology, customer’s confidence and its ability to maintain business operations in effective and efficient manner

Information Security Is NOT… Its not just IS team or IT team….It’s more than that! Information security is not only about applying technical controls and installing security devices. Rather.. Information security is achieved by implementing a suitable set of controls like - policies procedures & guidelines technical systems security awareness workshops

Information Security Objectives Confidentiality Integrity Availability Securing an information asset primarily means ensuring it’s - Confidentiality Integrity Availability

What is Confidentiality? Integrity Availability Protecting sensitive records from unauthorized use and distribution Examples include:- Income Information Transaction Records Customer site information, Designs & Layouts, intellectual property related records.

What is Integrity? Confidentiality Integrity Availability Maintaining the quality and validity of a record. Non-repudiation is the concept arising out of integrity. It is a process by which the ultimate responsibility for a transaction is pinned on the user/ customer Examples include:- Balance and transaction data is not changed in an unauthorized manner. Formulation of medicine are not changed. Composition of materials are not altered

What is Availability? Confidentiality Integrity Availability Ensuring that Records are accessible whenever required Examples include:- Information is available when it is required like Customer Information Customer Medical records.

How every one is involved? An aware workforce is the best defense against information security threats We are all responsible for Information security PEOPLE INFORMATION SECURITY PROCESSES TECHNOLOGY Suitable Policies and Processes need to be implemented for effective Information Security The right technology needs to be implemented for cost effective Information Security

Information Security Basics

What is an Asset? Asset is anything of value / importance to an organization. Asset can be of the following types: Data Assets – Records / Data Assets - others; Software Assets; Physical Assets; Services Asset; People Asset.

What is a Threat? Fire Theft Virus & worms Malicious software A threat has the potential to cause an unwanted incident which may result in harm to a system, organization and its assets For e.g. Fire Theft Virus & worms Malicious software

What are Vulnerabilities? Vulnerabilities are weaknesses associated with an assets. Trust is equal to voluntary vulnerability These weaknesses may be exploited by a threat resulting in loss, damage or harm to assets For e.g. Lack of physical protection Wrong selection and use of passwords Unprotected storage of documents Insufficient security training

What are Security Controls? Security controls are practices, procedures or mechanisms which protect against threats reduce vulnerabilities limit the impact of an incident For e.g.:- Access control Access Cards Userid / Password Environmental controls Fire control system Water leakage prevention

End User Responsibilities & Security Guidelines

Password Security Select Strong Passwords Control Implemented 8 characters Has numbers (1,2..), capital letters (A,B..) and special characters (!,@..) Make simple words complex – H1m@l@y@ First letter of sentence – J&Jwuth Note: Do not use these examples as your passwords Control Implemented Password policy for operating system and application Your Support Don’t Do not write it down or share it with ANYONE Never use Your logon id or its variations Words in dictionary Birth dates, name of spouse, Company name etc. Do Keep long passwords Change password frequently User secure systems

Laptop Security Your Support Always lock your laptop when stepping away from it. Lock your laptop to your desks using laptop locks. Do not leave laptop unattended in public places Use application passwords for all confidential data so that nobody can access in case, laptop is lost Never install any application on the PC which is not purchased or downloaded from genuine suppliers site.

E-Mail Security Pls change your password frequently. In case if you are leaving confidential data in the mail, please ensure that they are encrypted, so that in case of compromise of your email no body can use it. Don't open documents that are received from unknown sources. Be aware of Trojan, viruses that are being sent across by attachments. Donot share personal information to unknown recepeints Donot forward any email with other parties email-ids Donot respond to spam emails received from source not known 17

Phishing How to safeguard yourself? It is not a virus, but ways to trick you into giving up personal or financial information How to safeguard yourself? Never use a link in E-mail to get to any web page Never send personal or financial information to anyone via E-mail Access any financial institution site through the genuine parent site than through emails

Clear Desk & Clear Screen Lock all the restricted and confidential documents in lockable container, i.e. in lock and key Do not leave sensitive documents on your desk/printer/fax/ public places Always shred your unwanted documents properly to avoid dumpster diving Lock your computer when you leave any place. Source as above 19

Social Engineering Do not discuss sensitive information with others in public Do not give out sensitive information over email/telephone Make sure nobody is looking at you when you are typing in your password. “Avoid Shoulder Surfing” Always be assure of the other person’s identity, when you receive a call which you are not expecting Social engineering preys on qualities of human nature: the desire to be helpful the tendency to trust people the fear of getting into trouble Some of the ways in which social engineering is carried out are: Forged phone calls Dumpster Diving Persuasion Phishing

PC best practices Buy genuine software Install firewall, antivirus Update patches given by OS and other vendors Do not open, download any executable file or email attachment when in doubt

Physical Security Data Centre door ……..…… Keep it closed Access control card……... Use it , do not share it Always wear your identification and access badge Escort a visitor/ vendor to work/ server area Never leave the entry gate open Tail-gating/ Piggy-backing should be discouraged Never use camera phone at work / server area Never share your ID card with others

Thank You, Any Question, please put it in forum

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.