Information Security Awareness

Similar documents
TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

An Introduction to the ISO Security Standards

Cyber Criminal Methods & Prevention Techniques. By

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Annual Report on the Status of the Information Security Program

Advent IM Ltd ISO/IEC 27001:2013 vs

ISO & ISO & ISO Cloud Documentation Toolkit

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Altius IT Policy Collection

10 FOCUS AREAS FOR BREACH PREVENTION

Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Physical and Environmental Security Standards

General Data Protection Regulation

Baseline Information Security and Privacy Requirements for Suppliers

01.0 Policy Responsibilities and Oversight

Oracle Data Cloud ( ODC ) Inbound Security Policies

Policy and Procedure: SDM Guidance for HIPAA Business Associates

1) Are employees required to sign an Acceptable Use Policy (AUP)?

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

INTERNATIONAL SOS. Information Security Policy. Version 2.00

AUTHORITY FOR ELECTRICITY REGULATION

Trust Services Principles and Criteria

Information Services IT Security Policies L. Network Management

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

Security Audit What Why

Information Security Policy

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

University of Sunderland Business Assurance PCI Security Policy

Network Security Policy

ISO based Written Information Security Program (WISP) (a)(1)(i) & (a)(3)(i) & (ii) & (A) (A)(5)(ii) & (ii)(a)

Altius IT Policy Collection Compliance and Standards Matrix

Security Policies and Procedures Principles and Practices

The Common Controls Framework BY ADOBE

Third Party Security Review Process

Security Principles for Stratos. Part no. 667/UE/31701/004

_isms_27001_fnd_en_sample_set01_v2, Group A

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Information Technology General Control Review

Altius IT Policy Collection Compliance and Standards Matrix

Protecting your data. EY s approach to data privacy and information security

SECURITY & PRIVACY DOCUMENTATION

Version 1/2018. GDPR Processor Security Controls

Employee Security Awareness Training Program

Corporate Information Security Policy

Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC

NEN The Education Network

Network Security Assessment

LESSOR Group CVR no.:

Security+ SY0-501 Study Guide Table of Contents

WELCOME ISO/IEC 27001:2017 Information Briefing

ISAE 3402-II. LESSOR Group. April 2016

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

SYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement

Effective Strategies for Managing Cybersecurity Risks

Integration Technologies Group, Inc. Uncompromising Performance

MINIMUM SECURITY CONTROLS SUMMARY

EXHIBIT A. - HIPAA Security Assessment Template -

QuickBooks Online Security White Paper July 2017

Industrial Control System Security white paper

Information Security at the IEA DPC. IEA General Assembly October 10 12, 2011 Malahide, Ireland

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

PCI Compliance Assessment Module with Inspector

Security Information & Policies

LESSOR Group CVR no.:

GDPR Draft: Data Access Control and Password Policy

Prohire Software Systems Limited ("Prohire")

Juniper Vendor Security Requirements

10 Hidden IT Risks That Might Threaten Your Business

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

About the company. What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle).

MEETING ISO STANDARDS

Google Cloud Platform: Customer Responsibility Matrix. December 2018

EXAM PREPARATION GUIDE

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Recommendations for Implementing an Information Security Framework for Life Science Organizations

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

Data Privacy Breach Policy and Procedure

WORKSHARE SECURITY OVERVIEW

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Information Security Management

What is ISO ISMS? Business Beam

emarketeer Information Security Policy

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Security Standards for Electric Market Participants

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Office Name: Enterprise Risk Management Questions

Total Security Management PCI DSS Compliance Guide

Checklist: Credit Union Information Security and Privacy Policies

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

The Eight Rules of Security

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

ISO/IEC Information technology Security techniques Code of practice for information security controls

Security Architecture

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C

Transcription:

Information Security Awareness

Agenda Ø What is Information and 14 more questions! www.coralesecure.com

What is Information?

Information Anything which has a business value! www.coralesecure.com

Information Where is it? Services Paper Software Information Personnel Service Provider Physical (Hardware) Literally.. everywhere www.coralesecure.com

What is Security? What are the key terms?

What is CIA? ConFidentiality? Ensuring that information is accessible only to those authorised to have access. Integrity? Safeguarding the accuracy and completeness of information and processing methods. Availability? Ensuring that authorised users have access to information and associated assets when required. E x a m p l e? www.coralesecure.com

Why do we need to protect information?

Why is Information Security needed? To prevent unauthorised disclosure (ConFidentiality) To prevent unauthorized modi>ication/alteration (Integrity) Business Requirements To protect against Loss/Destruction natural/man- made (Availability) Legislative Requirements www.coralesecure.com

Bene>its of Information Security 1. Protects your job 2. Protects business enables Continuity 3. Partner Trust 4. Security in everything we do 5. Reduce response time in case of incident *Not exhaustive

Who is interested in your information?

What is ISO 27001?

ISO 27001 Domain & Controls Domains Control Objectives Controls A.5 Security policy 1 2 A.6 Organization of information security 2 7 A.7 Human resource security 3 6 A.8 Asset management 3 10 A.9 Access control 4 14 A.10 Cryptography 1 2 A.11 Physical and environmental security 2 15 A.12 Operations Security 7 14 A.13 Communications security 2 7 A.14 System acquisition, development and maintenance 3 13 A.15 Supplier relationships 2 5 A. 16 Information security incident management 1 7 A. 17 Information security aspects of business continuity management 2 4 A. 18 Compliance 2 8 Total 14 35 114 www.coralesecure.com

Physical security controls covers all aspects of physical security such as doors, access control systems, entry and exit areas, and associated processes (such as Fire evacuation, visitor management to name a few..) Technical controls can cover user ID and password, Antivirus, encryption, Firewall and associated processes (such as change management, access management) Personnel controls such as background screening, induction training, revocation of access upon employee departure (not exhaustive) Administrative controls such as asset identification, document classification, risk assessment, documentation to name a few.. Anything else?

What is a vulnerability?

Vulnerability Types Process Vulnerability Insecure Practices/Usage No formal change management process No screen saver in the machines No induction process of information security Irregular backups Implementation Flaw Door s lock is not working No responsibility for Firewall configuration Unnecessary services running on the server Insecure Product/Protocol telnet instead of ssh http instead of https Plain text instead of encrypted data store Wrong allocation of password rights Tail gating Irregular patch management Insecure Development Process Absence of security in development LC No check in application for invalid characters 16

What is the difference between incident and weakness?

When do YOU become a security incident?

How to report a security incident/weakness?

By Phone! By Email! By Direct Reporting!

Which policy document you must read to know about your security Dos and Donts?

Acceptable Usage Policy

Acceptable Usage Policy (AUP) Table of Contents 1.! Purpose... 2.! ISO.27001..2013.reference... 3.! Definition.of.Information.Assets... 4.! Responsibility... 5.! General.Security.Practices... 6.! Userid.&.Password.Protection... 7.! Usage.of.Electronic.Mail.(email)... 8.! Prohibited.Actions.Using.Email... 9.! Usage.of.Office.Network.&.Communication.Infrastructure... 10.! Usage.of.Desktop.Computer... 11.! Usage.of.Notebook/Laptop.Computer... 12.! Connecting.to.Internet.from.Public.places... 13.! Secure.usage.of.mobile.devices... 14.! Secure.usage.of.physical.access.cards... 15.! Secure.usage.of.cryptographic.keys... 16.! Internet.usage.policy... 17.! Clear.Desk.and.Clear.Screen.Policy... 18.! Teleworking.Policy... 19.! Social.Media/Social.networking.Policy... 20.! Weakness.&.Incident.Reporting... 21.! Consequence.Management/Disciplinary.action.Procedure.(DAP)... 22.! Intellectual.Property/ownership... 23.! Right.to.audit... 24.! Question/clarifications/improvements... Reading and accepting terms of AUP is mandatory!

Common End User Security Expectations You are eyes and ears for securing information/organisation Clear desk and clear screen policy Learn [Windows] + L! Do not exploit a weakness report it! Use complex passwords Protect your smartphone by adding password Know your security manager Read Policy - Acceptable Usage

& Q A www.coralesecure.com

! Thank You www.coralesecure.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback