Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Published byWesley O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation."— Presentation transcript:

1 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation

2 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 2 IT Act 2000 Amendment (Sec 43 A)  Corporate Bodies like Banks handling sensitive personal data to implement and practice reasonable security practices and procedures.  Damages by way of compensation to person affected without any upper limit.

3 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 3 Information Security- Myths Passwords are enough to secure our business Data backups are enough Why plan for BCP ? Information Security is responsibility of IT… Our existing Security controls are adequate to prevent any information loss

4 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 4 Information Security- Reality  Critical data is accessible to others because I have left my PC/terminal unattended  Worm infecting my machine can bring down the entire network  My account is used to commit fraud because my password is weak /shared

5 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 5 Why Information Security?  Confidentiality, Integrity, Availability  People are the weakest link in Information Security  To know Security Responsibilities  To know Information Security Risks associated with their job responsibilities  Adherence to the Organizational security policies

6 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 6 Information Security Risks  Online Frauds  Hacking Attacks  Phishing / Vishing Attacks  Spam  Data Theft  Insecure Business Applications  Malware / Spyware  Virus / Worm / Trojan Attacks  Denial of Service (DOS) Attacks  Lack of User Awareness

7 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 7 Risk Mitigation Measures  Infrastructure Set up DR Site DR Drills Updated BCP  Critical Applications High Availability Clusters/Multiple Servers Application Security Testing Parameter Fine Tuning Hardened Operating Systems Strong Physical Security/Surveillance Camera/Biometric Access

8 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 8 Risk Mitigation Measures  Delivery Channels Secured Indirect Access to CBS Independent Systems Encrypted Data Exchange across systems Multiple Authentication  Outsourced Services Drafting and Monitoring of SLAs Non Disclosure Clauses Review and Monitoring of Reports and Outputs Third Party Employee Background Checks

9 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 9 Risk Mitigation Measures  Users Need to know basis Periodic Review of Access rights Strong Authentications Awareness Training  Networks Intrusion Detection/Prevention Systems Internal and External Firewalls Periodic Penetration Testing 24x7 Cyber Policing/Monitoring Attacks Virus/Worm/Malware/Spyware Protection Regular Security Updates – IPS/IDS, Anti-Virus

10 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 10 Information Security Practices  Information Security Management System  Information Security Policy & Procedures  Continuous Risk Assessment  Information Security Incident Management  Business Continuity/Disaster Recovery Plans  Information Systems Audit  Network Security Audit  Application Security Testing  Vulnerability Assessment/Penetration Testing  Security Operations Centre (SOC)/Cyber Policing Control Room  Awareness Trainings

11 © 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 11 Thank You

Download ppt "© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Securing Information Systems

Securing Information Systems
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

Similar presentations

Ads by Google