© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Mr C Johnston ICT Teacher
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
General Awareness Training
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Crime and Information Technology Security
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Small Business Security Keith Slagle April 24, 2007.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Module 11: Designing Security for Network Perimeters.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Pro-active Security Measures
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
MIS323 – Business Telecommunications Chapter 10 Security.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Management System Ali Saeed Khan 29 th April, 2016.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Securing Information Systems
Securing Information Systems
Cyber Security Zafar Sadik
ISSeG Integrated Site Security for Grids WP2 - Methodology
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Lecture 14: Business Information Systems - ICT Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Business Risks of Insecure Networks
Securing Information Systems
I have many checklists: how do I get started with cyber security?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Andy Hall – Cyber & Tech INSURANCE Specialist
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Reconnaissance Report Trillium Technologies
Prepared By : Binay Tiwari
12 STEPS TO A GDPR AWARE NETWORK
How to Mitigate the Consequences What are the Countermeasures?
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 2 IT Act 2000 Amendment (Sec 43 A)  Corporate Bodies like Banks handling sensitive personal data to implement and practice reasonable security practices and procedures.  Damages by way of compensation to person affected without any upper limit.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 3 Information Security- Myths Passwords are enough to secure our business Data backups are enough Why plan for BCP ? Information Security is responsibility of IT… Our existing Security controls are adequate to prevent any information loss

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 4 Information Security- Reality  Critical data is accessible to others because I have left my PC/terminal unattended  Worm infecting my machine can bring down the entire network  My account is used to commit fraud because my password is weak /shared

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 5 Why Information Security?  Confidentiality, Integrity, Availability  People are the weakest link in Information Security  To know Security Responsibilities  To know Information Security Risks associated with their job responsibilities  Adherence to the Organizational security policies

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 6 Information Security Risks  Online Frauds  Hacking Attacks  Phishing / Vishing Attacks  Spam  Data Theft  Insecure Business Applications  Malware / Spyware  Virus / Worm / Trojan Attacks  Denial of Service (DOS) Attacks  Lack of User Awareness

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 7 Risk Mitigation Measures  Infrastructure Set up DR Site DR Drills Updated BCP  Critical Applications High Availability Clusters/Multiple Servers Application Security Testing Parameter Fine Tuning Hardened Operating Systems Strong Physical Security/Surveillance Camera/Biometric Access

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 8 Risk Mitigation Measures  Delivery Channels Secured Indirect Access to CBS Independent Systems Encrypted Data Exchange across systems Multiple Authentication  Outsourced Services Drafting and Monitoring of SLAs Non Disclosure Clauses Review and Monitoring of Reports and Outputs Third Party Employee Background Checks

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 9 Risk Mitigation Measures  Users Need to know basis Periodic Review of Access rights Strong Authentications Awareness Training  Networks Intrusion Detection/Prevention Systems Internal and External Firewalls Periodic Penetration Testing 24x7 Cyber Policing/Monitoring Attacks Virus/Worm/Malware/Spyware Protection Regular Security Updates – IPS/IDS, Anti-Virus

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 10 Information Security Practices  Information Security Management System  Information Security Policy & Procedures  Continuous Risk Assessment  Information Security Incident Management  Business Continuity/Disaster Recovery Plans  Information Systems Audit  Network Security Audit  Application Security Testing  Vulnerability Assessment/Penetration Testing  Security Operations Centre (SOC)/Cyber Policing Control Room  Awareness Trainings

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 11 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.