Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Training and Awareness Presentation.

Published byIsabel Stafford Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Training and Awareness Presentation."— Presentation transcript:

1 Information Security Training and Awareness Presentation

2 © 2014 Saggezza Inc. All rights reserved Agenda Information Security Management Goal & Objective of the ISMS Policies Implementation of ISMS Review

3 © 2014 Saggezza Inc. All rights reserved Information Security Management System Lifecycle Physical Security Information Security Email and Internet Usage Backup and Disaster Recovery Audit Self Assessments Security Incidents Feedback Objectives as per ISMS Tools SLA Root Cause Analysis Continuous Improvement MaintainPlan ImplementEvaluate

4 © 2014 Saggezza Inc. All rights reserved Goal & Objective of the ISMS The goal of the ISMS is to align the IT and Business security to ensure information security is effectively managed in all services The objective of ISMS is to Plan, Implement, Evaluate and Maintain documented Information Security Management System to protect the interests of those relying on information and ensure Availability, Confidentiality, Integrity and Authenticity of the information

5 © 2014 Saggezza Inc. All rights reserved Policies ISMS Policy ODC Policies Location Specific Policies Access Card Policy Incident Mgmt HR PoliciesSoftware Usage Policy Network Security (Firewall, Email, Internet) Physical Security Policies Security Review/Audit Policies Management Focus Technical Focus Physical Aspects Management Operations

6 © 2014 Saggezza Inc. All rights reserved Implementation of ISMS

7 © 2014 Saggezza Inc. All rights reserved Physical Security To Safe Guard & minimize threats to Saggezza’s Assets & Environment and ensure minimal loss or damage Door Access Door Access is controlled through Access Control System Access Control System is connected to Operations tool to monitor the Swipe in / Swipe out Access to Development or Production areas are restricted to Authorized Personnel Door Alarm goes off when Doors are left ajar for 30 seconds. This is done to ensure there are no tail-gating Access card are issued and access enabled based on the project / location / area of work. Access is revoked on the day of Employee Separation

8 © 2014 Saggezza Inc. All rights reserved Physical Security CCTV Cameras are located in critical / sensitive zones Data will be stored for a period of 2 months. Security Personnel Security Guard monitoring on a 24/7 basis

9 © 2014 Saggezza Inc. All rights reserved Information Classification To enable common understanding of the Information Sensitivity and ensure inadvertent distribution of Customer information Confidential or Restricted - Classified and Highly Sensitive information and should be shared only with specific personnel in the organization. When in doubt ask your managers. All client information or documents that are strategic and gives competitive information are classified as Confidential Internal – Information cannot be shared outside of the company. Usually all Corporate communication, Organization Announcements are considered as Internal Public - Information can be shared with others in the organization and others as long as there is no tampering of information.

10 © 2014 Saggezza Inc. All rights reserved Email Usage To ensure Company Email are used for Business purpose and to protect Customer’s sensitive and Confidential Information Users not to respond to Email that request for Company Confidential Information Users shall not forward Saggezza or Customer’s internal communication to anyone outside of the organization Password Protect Outlook or Email Application Do not open Suspicious mails as they may be enable Security hack

11 © 2014 Saggezza Inc. All rights reserved Password Policy Following restrictions shall be placed on passwords when they are created or changed: Does not contain all or part of the user's account name Is at least 8 (eight) characters in length Contains at least one character from three of the following four categories: English upper case characters (A...Z) English lower case characters (a...z) Base 10 digits (0...9) Non alphanumeric (For example, ! $ # % ) As always, we recommend you to change your password every 90 days. Password should not be disclosed to any one including IT Support Team

12 © 2014 Saggezza Inc. All rights reserved Network Security Firewall To restrict or protect from unauthorised Access getting inside the Saggezza network. Internal Projects are categorised by virtual LANs and dedicated bandwidth shall be allocated. UTM Appliance is imposed on the firewall to prevent Gate way antivirus/ intrusion detection/ Malware Spam etc Security Policy's with in the firewall are maintained to restrict the Access between the ODC/ DMG VPN IPsec are used to establish a Secured Tunnel Connection Between One site to other SSL VPN connections are required for Users to access the critical servers inside the Org Remotely through the secured socket layer Asset Protection E-Scan shall be activated (unless there is a need for a different solution) on all Desktops and Laptops Policy's under E-scan shall be imposed to restrict accessing of the USB Drives (Laptop/Desktops) Monitor and track the Software Applications installed on the organization assets. End-user's Responsibility User shall Report the incidents impacting InfoSec by logging on to Service desk tool (servicedesk.saggezza.com)

13 © 2014 Saggezza Inc. All rights reserved Back up and Disaster Recovery Critical Servers and Systems Data are been Backed up by using encription256 bit method and saved in the remote system(Other Saggezza Location) through SSL mode Backup methods Incremental Backup (Daily) Full backup (Monthly)

14 © 2014 Saggezza Inc. All rights reserved Summary

15 © 2014 Saggezza Inc. All rights reserved Do’s Always wear your badge and ensure visibility at all times while in the facility. Keep workstations locked and secured while unattended. Ensure latest antivirus is running / enabled on your desktop. Always secure Saggezza confidential information and dispose after use. Ensure Microsoft Security Essentials / E-scan is enabled on your desktop & Security level is set to medium or high. Ensure periodic restart of your system and there is no failed security updates. Keep changing the Login passwords once in every 30 to 40 days.

16 © 2014 Saggezza Inc. All rights reserved Don’ts Do not Share your account password with anyone under any circumstance. Do not Forward Saggezza email to an external destination. Do not connect any removable media to the desktop equipment. Do not leave confidential papers unattended. Do not allow un-badge persons into ODC area. Do not use internet to access sites like Torrent or video streaming. Do not download any freeware or unapproved software without IT Services approval. Do not bring your personal laptop inside the production area. Do not install unlicensed or unapproved software on your desktop / laptop.

17 © 2014 Saggezza Inc. All rights reserved Review and Reporting Mechanism Quarterly Management review of ISMS compliance of all development centers Monthly Account reviews covering Project level compliance to ISMS policies (Backup/DR, Archival / Retention / Retrieval, Security Incident) by IT Team All review and audit non-compliance are tracked for closure in the monthly review. Sample Asset are randomly identified for Audits. Audit Checklist shall be used for the same. IT team on a periodic basis, shall monitor the strength of the user’s password. A dark green or green indicates strength is good and non-vulnerable. The indicators change over time in relation to the password length requirements and common passwords that are known to be vulnerable. If the criteria are not met, IT team shall intimate users to change their passwords immediately

18 © 2014 Saggezza Inc. All rights reserved IT Team Audit Process IT Team performs internal audit on a monthly basis for the below mentioned Categories. Access Permissions for users to checked in case of employees moving in and out of ODC area Server room access control to be monitored and permitted only to authorized personnel Backup process for all critical servers, firewall and machines to be conducted as scheduled. Computer Security check with regards to updates on Anti-virus & Operating system patches are to be taken care. Firewall Policy Check within the Network. Monitor and Update the Servers & firewall Patches/versions. De-activation/deletion of the access card and E-mail account to be done for the users during his/her exit from the organization.

19 About Saggezza Saggezza helps ambitious businesses unlock the power of their enterprise data to accelerate growth and uncover opportunities. We combine software development and implementation expertise with our next-generation data analytics platform to turn our customers into data driven enterprises. For more information, visit www.saggezza.com. North America Global Headquarters 200 West Madison Street, Suite 1800, Chicago, IL 60606 Tel: +1 800 460 5912 Tel: +1 312 267 2929 West Coast Region 3945 Freedom Circle, Suite 630, Santa Clara, CA 95054 Tel: +1 408 427 3435 Europe United Kingdom 63–65 North Wharf Road, Paddington, London, W2 1LA Tel: +44 20 7680 8630 Asia Pacific Bangalore Unit 3, Level 3, Block B, Laurel Bagmane Tech Park, CV Raman Nagar, Bangalore 560 093 Tel: +91 80 42838585 Fax: +91 80 41161358 Chennai IIT Madras – Research Park, 9 th Floor, Kanagam Road, Taramani, Chennai – 600113 Tel: +91 44 66800900 United Kingdom Sunderland Software Centre, Tavistock Place, Sunderland, SR1 1PB Saggezza LinkedIn @saggezza_inc

Download ppt "Information Security Training and Awareness Presentation."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Maintaining Security While Using Computers What all of Our Computer Users Need to Know.

Maintaining Security While Using Computers What all of Our Computer Users Need to Know.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Network security policy: best practices

Network security policy: best practices
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Similar presentations

Ads by Google