Professional Documents
Culture Documents
ORM
ATIO
N
INFORMATION SECURITY
SEC
URIT
Y
Presented By:
Pravin Pawar
Prashant khirwadka
A
G
E
N
D
A
What is Information?
What is Information Security?
What is RISK?
An Introduction to ISO for information
technology
User Responsibilities
IN
F
O
R
M
A
TI
O
N
INF
ORM
ATIO
N
LIFE
CYCL
E
Information can be
Created
Stored
Destroyed
Processed
Transmitted
Corrupted
Lost
Stolen
4
INF
ORM
ATIO
N
TYPE
S
INF
ORM
ATIO
N
SEC
URIT
Y
11/20/16
Mohan Kamat
a
iz
an
rg
O
tio
INF
OSE
C
COM
PON
ENT
S
by
ed
us on
gy ti
lo iza
no an
c h rg
Te O
TECHNOLOGY
ss
ne es
si ss
Bu oce
Pr
PROCESSES
f
af
St
PEOPLE
PE
O
PL
E
11/20/16
Mohan Kamat
P
R
O
CE
SS
Process what we do
The processes refer to "work practices" or workflow.
Processes are the repeatable steps to accomplish
business
objectives.
Typical
process
in
our
IT
Infrastructure could include:
TE
C
H
N
O
L
O
G
Y
Network Infrastructure:
11/20/16
Mohan Kamat
10
INF
ORM
ATIO
N
SEC
URIT
Y
INFORMATION SECURITY
1.
2.
3.
4.
5.
Mohan Kamat
11
INF
ORM
ATIO
N
ATT
RIB
UTE
S
Confidentiality
Ensuring that information is
accessible only to those
authorized to have access
Integrity
Availability
11/20/16
Mohan Kamat
12
Reputation loss
Financial loss
LOSS OF GOODWILL
11/20/16
Mohan Kamat
13
W
H
AT
IS
RI
S
K
What is Risk?
Risk: A possibility that a threat exploits a
vulnerability in an asset and causes damage or
loss to the asset.
14
THR
EAT
IDE
NTIF
ICAT
ION
Threat Identification
Elements of threats
Agent : The catalyst that performs the
threat.
Human
Machine
Nature
11/20/16
Mohan Kamat
15
T
H
R
E
A
TS
Threats
Employees
External Parties
11/20/16
Mohan Kamat
16
Source
Threat Sources
Motivation
Threat
Challenge
Ego
System hacking
Social
Game engineering
Dumpster diving
Deadline
Financial
problems
Internal Hackers Disenchantment
Revenge
Political
Terrorist
11/20/16
Backdoors
Fraud
Poor
documentation
System attacks
Social
engineering
Letter bombs
Viruses
Denial of service
Unintentional
errors
Programming
Mohan Kamat
Corruption of data
Malicious code
introduction
System
17
RISK
S&
THR
EATS
High User
Knowledge of IT
Systems
Systems &
Network
Failure
11/20/16
Theft, Sabotage,
Misuse
Lack Of
Documentation
Mohan Kamat
Virus Attacks
Natural
Calamities &
Fire
Lapse in
Physical
Security
18
SO HOW DO
WE
OVERCOME
THESE
PROBLEMS?
11/20/16
Mohan Kamat
19
IS
O
27
00
1
ISO 27001
11/20/16
Mohan Kamat
20
FE
A
T
U
R
ES
Features
11/20/16
Mohan Kamat
21
CON
TRO
L
CLA
USE
S
11/20/16
Mohan Kamat
22
CON
TRO
L
CLA
USE
S
11/20/16
Mohan Kamat
23
CON
TRO
L
CLA
USE
S
11/20/16
Mohan Kamat
24
USE
R
RESP
ONSI
BILI
TIES
SECU
RITY
U -R
11/20/16
Mohan Kamat
25
USE
R
RESP
ONSI
BILI
TIES
11/20/16
Mohan Kamat
26
INF
O
ASSE
T
CLAS
SIFI
CATI
ON
11/20/16
Mohan Kamat
27
USE
R
RESP
ONSI
BILI
TIES
11/20/16
Mohan Kamat
28
USE
R
Password Guidelines
RESP
ONSI
BILI
TIES
11/20/16
Mohan Kamat
29
USE
R
Internet Usage
RESP
ONSI
BILI
TIES
11/20/16
Mohan Kamat
30
USE
R
E-mail Usage
RESP
ONSI
BILI
TIES
11/20/16
Mohan Kamat
31
USE
R
RESP
ONSI
BILI
TIES
Security Incidents
Report Security Incidents (IT and Non-IT) to
Helpdesk through
E-mail to info.sec@organisation.com
Telephone : xxxx-xxxx-xxxx
Anonymous Reporting through Drop boxes
e.g.:
IT Incidents: Mail Spamming, Virus attack, Hacking, etc.
Non-IT Incidents: Unsupervised visitor movement, Information
leakage, Bringing unauthorized Media
11/20/16
Mohan Kamat
32
USE
R
RESP
ONSI
BILI
TIES
Cyber Law
IPR, Copyrights, NDA
Contractual Obligations with customer
11/20/16
Mohan Kamat
33
THANK
YOU
11/20/16
Mohan Kamat
34