Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Objective Security Basics

Published byJoseph Tracy Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Program Objective Security Basics"— Presentation transcript:

1 Program Objective Security Basics
Framework for managing information security user’s role in implementing & maintaining information security

2 Information Security Information Security is a method by which an organization ensures that- it has control over its systems and data, thereby protecting its investment in information technology, customer’s confidence and its ability to maintain business operations in effective and efficient manner

3 Information Security Is NOT…
Its not just IS team or IT team….It’s more than that! Information security is not only about applying technical controls and installing security devices. Rather.. Information security is achieved by implementing a suitable set of controls like - policies procedures & guidelines technical systems security awareness workshops

4 Information Security Objectives
Confidentiality Integrity Availability Securing an information asset primarily means ensuring it’s - Confidentiality Integrity Availability

5 What is Confidentiality?
Integrity Availability Protecting sensitive records from unauthorized use and distribution Examples include:- Income Information Transaction Records Customer site information, Designs & Layouts, intellectual property related records.

6 What is Integrity? Confidentiality Integrity Availability Maintaining the quality and validity of a record. Non-repudiation is the concept arising out of integrity. It is a process by which the ultimate responsibility for a transaction is pinned on the user/ customer Examples include:- Balance and transaction data is not changed in an unauthorized manner. Formulation of medicine are not changed. Composition of materials are not altered

7 What is Availability? Confidentiality Integrity Availability Ensuring that Records are accessible whenever required Examples include:- Information is available when it is required like Customer Information Customer Medical records.

8 How every one is involved?
An aware workforce is the best defense against information security threats We are all responsible for Information security PEOPLE INFORMATION SECURITY PROCESSES TECHNOLOGY Suitable Policies and Processes need to be implemented for effective Information Security The right technology needs to be implemented for cost effective Information Security

9 Information Security Basics

10 What is an Asset? Asset is anything of value / importance to an organization. Asset can be of the following types: Data Assets – Records / Data Assets - others; Software Assets; Physical Assets; Services Asset; People Asset.

11 What is a Threat? Fire Theft Virus & worms Malicious software
A threat has the potential to cause an unwanted incident which may result in harm to a system, organization and its assets For e.g. Fire Theft Virus & worms Malicious software

12 What are Vulnerabilities?
Vulnerabilities are weaknesses associated with an assets. Trust is equal to voluntary vulnerability These weaknesses may be exploited by a threat resulting in loss, damage or harm to assets For e.g. Lack of physical protection Wrong selection and use of passwords Unprotected storage of documents Insufficient security training

13 What are Security Controls?
Security controls are practices, procedures or mechanisms which protect against threats reduce vulnerabilities limit the impact of an incident For e.g.:- Access control Access Cards Userid / Password Environmental controls Fire control system Water leakage prevention

14 End User Responsibilities & Security Guidelines

15 Password Security Select Strong Passwords Control Implemented
8 characters Has numbers (1,2..), capital letters (A,B..) and special characters Make simple words complex – First letter of sentence – J&Jwuth Note: Do not use these examples as your passwords Control Implemented Password policy for operating system and application Your Support Don’t Do not write it down or share it with ANYONE Never use Your logon id or its variations Words in dictionary Birth dates, name of spouse, Company name etc. Do Keep long passwords Change password frequently User secure systems

16 Laptop Security Your Support
Always lock your laptop when stepping away from it. Lock your laptop to your desks using laptop locks. Do not leave laptop unattended in public places Use application passwords for all confidential data so that nobody can access in case, laptop is lost Never install any application on the PC which is not purchased or downloaded from genuine suppliers site.

17 E-Mail Security Pls change your password frequently.
In case if you are leaving confidential data in the mail, please ensure that they are encrypted, so that in case of compromise of your no body can use it. Don't open documents that are received from unknown sources. Be aware of Trojan, viruses that are being sent across by attachments. Donot share personal information to unknown recepeints Donot forward any with other parties -ids Donot respond to spam s received from source not known 17

18 Phishing How to safeguard yourself?
It is not a virus, but ways to trick you into giving up personal or financial information How to safeguard yourself? Never use a link in to get to any web page Never send personal or financial information to anyone via Access any financial institution site through the genuine parent site than through s

19 Clear Desk & Clear Screen
Lock all the restricted and confidential documents in lockable container, i.e. in lock and key Do not leave sensitive documents on your desk/printer/fax/ public places Always shred your unwanted documents properly to avoid dumpster diving Lock your computer when you leave any place. Source as above 19

20 Social Engineering Do not discuss sensitive information with others in public Do not give out sensitive information over /telephone Make sure nobody is looking at you when you are typing in your password. “Avoid Shoulder Surfing” Always be assure of the other person’s identity, when you receive a call which you are not expecting Social engineering preys on qualities of human nature: the desire to be helpful the tendency to trust people the fear of getting into trouble Some of the ways in which social engineering is carried out are: Forged phone calls Dumpster Diving Persuasion Phishing

21 PC best practices Buy genuine software Install firewall, antivirus
Update patches given by OS and other vendors Do not open, download any executable file or attachment when in doubt

22 Physical Security Data Centre door ……..…… Keep it closed
Access control card……... Use it , do not share it Always wear your identification and access badge Escort a visitor/ vendor to work/ server area Never leave the entry gate open Tail-gating/ Piggy-backing should be discouraged Never use camera phone at work / server area Never share your ID card with others

23 Thank You, Any Question, please put it in forum

Download ppt "Program Objective Security Basics"

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Session # 48 Security on Your Campus: How to Protect Privacy Information Robert Ingwalson.

Session # 48 Security on Your Campus: How to Protect Privacy Information Robert Ingwalson.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IT Security Essentials Ian Lazerwitz, Information Security Officer.

IT Security Essentials Ian Lazerwitz, Information Security Officer.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services

Similar presentations

Ads by Google