Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISMS Information Security Management System

Published byScot Stephens Modified over 7 years ago

Similar presentations

Presentation on theme: "ISMS Information Security Management System"— Presentation transcript:

1 ISMS Information Security Management System
04th June, 2015

2 What is Information ? Asset: Anything that has value to the organization. Information is an asset that, like any other important business assets, is essential to an organization’s business and thus needs to be protected. Can exists in many form data stored on computers transmitted across networks printed out written on a paper sent by fax stored on disks held on microfilm spoken in conversations over the telephone etc. etc.

3 Information Security Risks
System failures Denial of service (DOS) attacks Misuse of resources - Internet/ /telephone Fraud Viruses/spy-ware etc Use of unlicensed software

4 What is ISMS? Information Security Management System is a framework to protect information through appropriate security controls. Security Controls may be: Security policies Documented procedures Ensuring business continuity Information asset management Awareness and training

5 Objectives of ISMS Confidentiality : Ensuring that information is available to only those authorized to have access. Integrity : Safeguarding the accuracy and completeness of information & processing methods. Availability : Ensuring that information and vital services are available to authorized users when required.

6 ISMS Organogram

7 Information classification
Restricted: Information that is highly sensitive and is available only to specific, named individuals (or specific positions). Confidential: Information that is sensitive within the Company/Business and available only to a specific function, group or role. Internal: Information that is sensitive outside the Company/Business and needs to be protected. Authorized Access to employees, contractors, sub-contractors and agents on a "Need to Know Basis" for Business related Purposes. Public: Public Information (including information deemed public by legislation or through a policy of routine disclosure), available to the Public, all employees, contractors, sub-contractors and agents.

8 Physical & Environment Security
Physical Aspects Identity cards must be carried by all at all times. An unknown or third party person must be questioned if they are not carrying the visitor card. Third party personnel must be escorted to the visitor’s room. Proper access must be exercised while entering the data centers. There should not be any tailgating. In the event of a power outage, shift operators must check the UPS if the power is drawn from battery or Genset and inform the respective personnel.

9 Physical & Environment Security
Environment Aspects Scan documents should be removed after copying to required location. Food items, used cups should be properly disposed in the work area.

10 Clear Screen/Clear Desk Policy
No critical information should be kept unattended and proper filing must be exercised. Desktops must be locked when not used.

11 Password Policy Every user should ensure usage of strong password for accessing any information system. Passwords will never be shared or revealed to anyone other than the authorized user. Users will not store fixed passwords in any computer files. Passwords will not be written down. Password should be- Length – 8 characters, should contain special characters and numbers, uppercase letters.

12 Usage Users will use Company’s account only for the business purposes. Users will not use or access an account assigned to another employee of the organisation to either send or receive messages. Users will not create or send computer viruses through . Users will not forge or try to forge messages. Users will not use their personal accounts for sending official mail. In case a user encounters profane, obscure or derogatory remarks in , he/she will either communicate with the originator of the offensive s, asking him/her to stop sending such messages, or report such offensive s directly to the respective Head and/or CISO or ISWG member. Users will not transmit/re-transmit chain messages.

13 User Responsibility Any security incident should be immediately reported to CISO or any member of ISWG. In case of fire, raise alarm and inform fire department immediately. Contact information of special interest groups should be kept in handy.

14 Thank You.

Download ppt "ISMS Information Security Management System"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
System Security & Patient Confidentiality General Lesson 1.

System Security & Patient Confidentiality General Lesson 1.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Information Security Awareness:

Information Security Awareness:
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1.0 Computer Lab Regulations 1.1 Computer Lab Rules 1.2 User 1.3 Equipment 1.4 Data and User Security.

1.0 Computer Lab Regulations 1.1 Computer Lab Rules 1.2 User 1.3 Equipment 1.4 Data and User Security.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.
Security Awareness Norfolk State University Policies.

Security Awareness Norfolk State University Policies.
Program Objective Security Basics

Program Objective Security Basics

Similar presentations

Ads by Google