Documente Academic
Documente Profesional
Documente Cultură
• INTRODUCTION
• PHYSICAL ACCESS CONTROL
• WORK AREA SECURITY
• COMPUTER ACCESS
• INTERNET ACCESS
• REMOTE ACCESS POLICY
• LAPTOPS SECURITY
• VIRUS PROTECTION
• ELECTRONIC MAIL
• SOFTWARE LICENSE
• SOCIAL ENGINEERING
• COMPLIANCE
Phone Email
Phone Email
CMS
CMS
Hardware/O
Hardware/O
Web S
Web S
Events
Interface Events
Interface
Helpdesk Reporting
Helpdesk Reporting
&
Team &
Team Monitoring
Monitoring
SPOC
SPOC
Coordinate Internal
Coordinate Call Internal
with Call Service
with Resolution Service
Vendor Resolution Support
Vendor Support
• HELPDESK CONTACT
• Ph: - 6111
• Email id: -helpdeskit@collabera.com
• Display Name: HelpdeskIT-Collabera-Bangalore
Koramangala Ecospace
Service Window: Infrastructure (all Critical Service Window: Infrastructure (all Critical
servers / links) servers / links)
Days Staffing Timings Days Staffing Timings
Monday - Full Load 8-00 am to 9-00 pm Monday - Full Load 8-00 am to 9-00 pm
Friday Friday
Purpose
WHICH IS THE
Information Security Management System (ISMS)
Process Approach
• ISO 27001 has adopted a Process Approach
Policies and Procedures Authentication is Gateway Firewalls are BCP and DR plans have
are implemented to implemented in the installed to protect been established
assure safety, availability, organization to provide a network L1,L2,L3 disaster
integrity & confidentiality secure enviornment for VPN is established to the locations are identified
of our customers data the employees client network for secure RTO and RPO has been
Security roles and Smoke detectors, fire communication defined based on the
responsibilities are extinguishers are installed Penetration Testing is business needs
established for all the to ensure protection of all carried out in periodic
employees resources Mock drills and Resiliency
intervals Tests are conducted to
ISMS Training is provided 2 Factor Autnetication & Routers are installed and ascertain readiness
to all employees about CCTVs have been monitored to regulate
the relevance & installed at the required network traffic
importance of information locations
security Appropriate access rights
to the information systems
are granted to employees
based on the role
Information as an Asset
Information is:
‘An asset that, like other important business assets, is essential to an
organization’s business and consequently needs to be suitably
protected.’
Asset Definition:
“anything that has value to the organization”
PDCA MODEL
• Integrity: safeguarding the
accuracy and completeness of
information/data and ways in PLAN DO
which it is processed Establish
Implement
& Optimize
the ISMS the ISMS
• Availability: ensuring that
authorized users have access to
information and associated
assets whenever required ACT CHECK
Maintain Monitor
& Improve & Review
the ISMS the ISMS
• All users are issued an access card when they join Collabera.
• Always use your access cards to enter & exit the facility
• Awareness and clear written instructions should be given to cleaning staff on do’s and don’t
inside the Secure Area.
• Secure Area should not be used to stock any boxes, unused equipment, backup tapes, CD’s,
papers.
• Accessories like keyboard, monitor, and mouse should not be removed from live systems.
• All Secure Area rack keys should be placed at the appropriate location in master key cabinet.
• Startup-Shutdown procedures for all critical systems hosted in the Secure Area should be
followed
• Servers / Network devices used for testing / evaluation should be present in a separate
network segment and should not interact with production network segment.
• Each employee is responsible for • Each user is provided a password for system
keeping his/her computer secure, and network access.
including access to it.
• Change the default password on first login.
• Lock your workstation every time
you leave your desk.
• Select a robust password of minimum 12
characters.
• Keep hardcopies of all sensitive
documents locked.
• Password must include alphanumeric
characters and at least one special character.
• NEVER Share directories on your PC. Should you have a compelling business
reason for doing so, ensure the share is removed immediately after usage
• Do NOT use modems in the Collabera LAN, if you have a specific need, get a
security clearance from your superior.
• Accessing all information systems in Collabera internal networks via VPN or any
other technology shall comply with Collabera Information Security policies
• Should use the most up-to-date anti-virus software, which is the corporate standard.
• Do not perform illegal activities or use the access for outside business interests.
• User shall bear the responsibility for the consequences arising out of misuse.
• Employees shall not connect to dial up networking when they are connected to
Collabera VPN.
• Shall ensure at all times that Anti virus software is updated regularly.
• Ensure Backup is done for all critical information stored on your laptop
• Ensure that you do not use dial-up facility when the laptop is connected to Collabera
networks.
• Please ensure your computer has antivirus installed; else call IT Help desk
• Do not uninstall the antivirus program, if it causes system conflicts call IT Help
desk for help.
• If you receive virus through mails, please contact IT Help desk immediately.
• Do not open any email message or e-mail attachments which is received from
unknown sources and immediately delete such e-mails as it may contain virus
• Collabera electronic mail should be used only for the conduct of the
Collabera business
• Be careful when addressing e-mail – know whom you are sending the
mail to. Do not use the “Reply to All” option without checking.
• Do NOT respond to mails that ask you to click on a link from people you
do not know.
• If you are not able to interpret the licensing applicability, contact IT OPS
Team .
• Should you need specific software, contact your manager for approval
and IT Help desk for installation.
• User emails shall be backed up only if the user closes outlook express
access before leaving for the day
IS Team Collabera, Bangalore
Security Incident Management
• Detailed Security Incident Process
Analysis of data flows
• Do not leave sensitive documents on your desk /printer /fax /public places
• STPI
• ISMS
• Follow policies & procedures laid down by the ISMS.
ProjectInitiation
Project Initiation
ProjectResource
Project ResourceManagement
Management
RiskAssessment
Risk Assessment&&Management
Management
Process&&Procedures
Process Procedures
Interfaces
Interfaces
Trainingand
Training andAwareness
Awareness
Compliance
Compliance
• Communication Plan
• VPN Details
• Information Exchange Plans
IS Team Collabera, Bangalore
Communication Plan