Documente Academic
Documente Profesional
Documente Cultură
10/15/2019 1
What is Information Security?
Ensuring
Confidentiality Confidentiality
Integrity
Availability
Of Information
Integrity Availability
10/15/2019 2
Information Classification
Confidential (top confidentiality level)
Restricted (medium confidentiality level)
Internal use (lowest level of confidentiality)
Public (everyone can see the information)
Private/Personal (can be viewed by individual or the
authorised body)
10/15/2019 3
Why is Information Security
Required
Information is an asset that has a value.
Information needs protection from unauthorized
access, modification, deletion etc.
Some information has legal protection requirements-
failure to comply has legal implications
10/15/2019 4
Motives behind information
security attacks
Disrupting business continuity
Performing information theft
Manipulating data
Disrupting critical infrastructures
Bringing financial loss to the target
Propagating religious or political beliefs
Achieving state's military objectives
Damaging reputation of the target
Taking revenge
Demanding ransom
Sale of information
10/15/2019 5
Sources of Information
Financial- eg. turnover, profit
Employees- eg. attendance, salary, performance ...
Customers- eg. name, address, contracts details ...
Consumers- eg. name, address, use behaviour ...
Suppliers- eg. name, purchase orders ...
Regulatory- eg. notices, letters ...
Society- eg. complaints...
10/15/2019 6
Safe Practices
Paper based files
Do not leave open
Keep under lock and key
Protect from damage
Destroy (shred) unwanted
files
Do not take unnecessary
photocopies
10/15/2019 7
Safe Practices
Information
“Need to know”
Restrict
10/15/2019 8
Safe Practices
Phone
Verify caller identity
Do not share confidential
information on phone
Keep phone locked
Keep track of use
10/15/2019 9
Safe Practices
Smart Phone
Keep locked
Verify apps before use
Minimize data storage
Do not store sensitive
data
Delete data if not used
Use antivirus
10/15/2019 10
Safe Practices
Email
Do not respond to unknown
emails- Verify sender
Do not click on attachments
from unknown emails
Do not click on links in the
emails
Scan attachments
Classify the email
Check the “send to” before
sending
Use disclosure statements
10/15/2019 11
Safe Practices
Internet Browsing
Do not browse unsafe
sites
Use firewall
Do not download un
licensed software,
movies etc
10/15/2019 12
Safe Practices
Wi-Fi
While setting up Wi-Fi,
change username and
password
Do not use if not
protected by password
Avoid Wi-Fi at public
places
10/15/2019 13
Safe Practices
Personal Computer
Keep the screen
(desktop) clear
Save files in folders
Take regular back ups
Lock the screen before
moving from the PC
Delete files not required
Encrypt files if possible
10/15/2019 14
Safe Practices
Password
Keep at least 8 characters
Use alphabets, numeric and
special characters
Mix capital and small case
letters
Do not use birthday, names
of pets, persons etc as
password
Change frequently
Do not write down
password
Have different password
10/15/2019 15
Safe Practices
Removable media –
USB, Hard Disk etc
Keep encrypted
Scan before using
Protect while handling
10/15/2019 16
Few types of Attack
Data Leaks
Ransomware
Phone Locking
Vishing
Malware– virus, worm, trojans, adware, key logger
USB Key Drop
Social Engineering
Brute force attack
10/15/2019 17
Few types of Attack
Dumpster Diving
Chain Letter
CEO Scam
Tailgating
Phishing/Spear Phishing
Shoulder Surfing
Man-In-the-Middle attack
Denial of service
Dictionary attack
10/15/2019 18
What to do?
Caution, Prevention, If in doubt ask
If password has been leaked- change all passwords
Report immediately any disclosure of data
Supervisors/managers
Bank helpline
Police
10/15/2019 19
Personal Data
“Personal data” means data about or relating to a
natural person who is directly or indirectly
identifiable, having regard to any characteristic, trait,
attribute or any other feature of the identity of such
natural person, or any combination of such features, or
any combination of such features with any other
information;
10/15/2019 20
Sensitive Personal Data
passwords; biometric data;
financial data; genetic data;
health data; transgender status;
official identifier; intersex status;
sex life; caste or tribe
sexual orientation; medical data
10/15/2019 21
Few websites for reference
https://www.cert-in.org.in/ Cert-in is the national
nodal agency for responding to cyber security
incidents in India
https://infosecawareness.in/home/index.php an
informative website under MeitY Government of India
10/15/2019 22
ISMS ISO 27001:2013
ISO 27001:2013 is a management system to manage
information security.
Having a ISMS ISO 27001:2013 shows that the
organisation is committed to information security.
It has a system to protect information security.
10/15/2019 23
Questions?
10/15/2019 24