SlideShare uma empresa Scribd logo

Information Systems Policy

Ali Sadhik Shaik
Ali Sadhik Shaik

This document discusses information security policies and provides an overview of key topics: 1) It outlines a framework for designing security policies including commitment, risk assessment, and risk mitigation. 2) Risk assessment involves analyzing business, physical, technological, and human risks while risk mitigation uses administrative, physical, and technical controls. 3) The document also provides an example security policy for email at SandZ Technologies and discusses implementing policies through training, awareness programs, and audits.

NegóciosTecnologia
1 de 19
Information Security Policy Presented by Mr Ali Sadhik Shaik BE (ECE), PGDVLSI, MBA (IS) sadhiqali@gmail.com
Agenda • Introduction • Security Policy Framework • Need for IS Policy • E-mail Policy: SandZ Technologies • Implementing security policy • Conclusion Information Security Policy
Introduction • Tangible to intangible assets based organizations • Need for protecting information assets • The objective of the policy is to convey the risk concerning information security and what preventive measures a company has adapted. Information Security Policy
Security Policy Designing Framework Commitment Risk Assessment Risk Mitigation Final Policy Information Security Policy
Commitment • Educate the top management • Align according to corporate vision and business objectives • We also need to analyze the following: • What are the information assets of a company in terms of hardware and software, network as well as the future investment plan in IT/IS? • What is the company's dependence on IT in real measurable terms? • What is the impact of the threat? Information Security Policy
Risk Assessment • Business risks, physical risks, environmental risks, technological risks, human risks and so on……. • Tabulate and prioritize the risks involved based on impact and probability of occurrence. Ex: Probability of a website getting hacked is an annual frequency of 0.5 i.e. once in 2 years, and the business loss for each event is Rs 100 lakhs. So the product of probability and consequences gives us an Annual Loss Expectancy of Rs 50 lakhs (0.5 X 100). Information Security Policy
Threats Natural and Environmental Threats: Database Security: Disaster recovery Network & Telecommunication Security Backup and recovery WAN recovery Human Threats: Operating Systems Security: Password Security & Controls Firewall Security Internet access and security Data Classification Web server Security Intranet Security Virus-Protection E-commerce Security Data encryption Email security: Administrative Controls: Technical controls Physical Security Logical Access Controls Incidence Response management Program Change Controls Punitive actions Version Controls Application Software Security Information Security Policy
Risk Mitigation • Security is not possible with single defense. Have multiple layers of protection. • The measures for risk mitigations could be: Administrative Measures Physical Measures Technical Measures Information Security Policy
Risk Mitigation Administrative Physical Technical Measures Measures Measures • Policies, • Perimeter • Logical Access Procedures, Control Control • Network Access Standards and measures • Physical Access Guidelines; Controls • Personnel • Identification Control • Intruder Screening and and Security Detection Authentication awareness • Fire Protection devices training • Data Encryption • Environmental Monitoring. Information Security Policy
Risk Mitigation Security Efforts 25 Admisistrative 75 Technical Information Security Policy
Final Policy • Security policy is not the last and final word. • It is a master plan, which identifies a company's security concerns and is the first step towards building a secure infrastructure. Information Security Policy
Anatomy of Security Policy Specific issues Policy that the policy Best practices Statement is addressing Mandatory Policy Scope Policy details practices Compliance Procedure for Essential Validity requirements implementation Policies Monitoring and Owner Review-details reporting Annexure mechanism Information Security Policy
Security Policy Information Security Policy
SandZ Technologies • Mainly concentrated into providing online education in the domains of electronic design. • E-mails in and out of company are crucial and are confidential. • E-mail policy to reduce the risk of hampering company image and important information. Information Security Policy
Information Security Policy
Information Security Policy
Implementation of Security Policies • Conduct Security Awareness Seminars, workshops and quizzes. • Have Security Week for the organization. • Prepare Do's & Don'ts of Security Policy, distribute and display them. • Create posters, stickers, t-shirts, mugs and mouse pads all with security messages. • Run slogan competitions. • Perform security audits. Information Security Policy
Conclusion An ounce of prevention is better than a pound of detection and correction Information Security Policy
References • Avinash Kadam, Writing an Information Security Policy, Network Magazine,Issue of october 2002. Chief Executive - Assurance and Training at Miel e-Security, Pvt. Ltd. • Whitman ME & Mattord HJ (2007) Managing Information security, Thomson Course Technology. Information Security Policy

Recomendados

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
everestsky66
 

Recomendados

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policy
everestsky66
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
Hanaysha
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
Rois Solihin
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
Hamed Moghaddam
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
Pankaj Rane
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
OxfordCambridge
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
Information Security
Information SecurityInformation Security
Information Security
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 

Mais conteúdo relacionado

Mais procurados

How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
Hanaysha
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 

Mais procurados (20)

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
information security management
information security managementinformation security management
information security management
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 

Destaque

network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
Sapna Kumari
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
wardjo
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Project report erp success
Project report erp successProject report erp success
Project report erp success
Surajeet Singh
 

Destaque (19)

Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Research data policy
Research data policyResearch data policy
Research data policy
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
SECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALESECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALE
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Project report erp success
Project report erp successProject report erp success
Project report erp success
 

Semelhante a Information Systems Policy

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
Nalneesh Gaur
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
R_Yanus
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
Onkar Sule
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
DFLABS SRL
 

Semelhante a Information Systems Policy (20)

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
FIS Profile Summary V7.3
FIS Profile Summary V7.3FIS Profile Summary V7.3
FIS Profile Summary V7.3
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 

Mais de Ali Sadhik Shaik

IT Industry in India after Liberalization
IT Industry in India after LiberalizationIT Industry in India after Liberalization
IT Industry in India after Liberalization
Ali Sadhik Shaik
 
Core Competency & Competitive Advantage
Core Competency & Competitive AdvantageCore Competency & Competitive Advantage
Core Competency & Competitive Advantage
Ali Sadhik Shaik
 
Blind Spots And 7s Framework
Blind Spots And 7s FrameworkBlind Spots And 7s Framework
Blind Spots And 7s Framework
Ali Sadhik Shaik
 
Capability Maturity Model (CMM)
Capability Maturity Model (CMM)Capability Maturity Model (CMM)
Capability Maturity Model (CMM)
Ali Sadhik Shaik
 
Building Your Companies Vision
Building Your Companies VisionBuilding Your Companies Vision
Building Your Companies Vision
Ali Sadhik Shaik
 

Mais de Ali Sadhik Shaik (8)

IT Industry in India after Liberalization
IT Industry in India after LiberalizationIT Industry in India after Liberalization
IT Industry in India after Liberalization
 
IT Industry in India
IT Industry in IndiaIT Industry in India
IT Industry in India
 
Core Competency & Competitive Advantage
Core Competency & Competitive AdvantageCore Competency & Competitive Advantage
Core Competency & Competitive Advantage
 
Blind Spots And 7s Framework
Blind Spots And 7s FrameworkBlind Spots And 7s Framework
Blind Spots And 7s Framework
 
Order to Cash Cycle
Order to Cash CycleOrder to Cash Cycle
Order to Cash Cycle
 
Cryptography Basics
Cryptography BasicsCryptography Basics
Cryptography Basics
 
Capability Maturity Model (CMM)
Capability Maturity Model (CMM)Capability Maturity Model (CMM)
Capability Maturity Model (CMM)
 
Building Your Companies Vision
Building Your Companies VisionBuilding Your Companies Vision
Building Your Companies Vision
 

Último

Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
pr788182
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 

Último (20)

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 

Information Systems Policy

  • 1. Information Security Policy Presented by Mr Ali Sadhik Shaik BE (ECE), PGDVLSI, MBA (IS) sadhiqali@gmail.com
  • 2. Agenda • Introduction • Security Policy Framework • Need for IS Policy • E-mail Policy: SandZ Technologies • Implementing security policy • Conclusion Information Security Policy
  • 3. Introduction • Tangible to intangible assets based organizations • Need for protecting information assets • The objective of the policy is to convey the risk concerning information security and what preventive measures a company has adapted. Information Security Policy
  • 4. Security Policy Designing Framework Commitment Risk Assessment Risk Mitigation Final Policy Information Security Policy
  • 5. Commitment • Educate the top management • Align according to corporate vision and business objectives • We also need to analyze the following: • What are the information assets of a company in terms of hardware and software, network as well as the future investment plan in IT/IS? • What is the company's dependence on IT in real measurable terms? • What is the impact of the threat? Information Security Policy
  • 6. Risk Assessment • Business risks, physical risks, environmental risks, technological risks, human risks and so on……. • Tabulate and prioritize the risks involved based on impact and probability of occurrence. Ex: Probability of a website getting hacked is an annual frequency of 0.5 i.e. once in 2 years, and the business loss for each event is Rs 100 lakhs. So the product of probability and consequences gives us an Annual Loss Expectancy of Rs 50 lakhs (0.5 X 100). Information Security Policy
  • 7. Threats Natural and Environmental Threats: Database Security: Disaster recovery Network & Telecommunication Security Backup and recovery WAN recovery Human Threats: Operating Systems Security: Password Security & Controls Firewall Security Internet access and security Data Classification Web server Security Intranet Security Virus-Protection E-commerce Security Data encryption Email security: Administrative Controls: Technical controls Physical Security Logical Access Controls Incidence Response management Program Change Controls Punitive actions Version Controls Application Software Security Information Security Policy
  • 8. Risk Mitigation • Security is not possible with single defense. Have multiple layers of protection. • The measures for risk mitigations could be: Administrative Measures Physical Measures Technical Measures Information Security Policy
  • 9. Risk Mitigation Administrative Physical Technical Measures Measures Measures • Policies, • Perimeter • Logical Access Procedures, Control Control • Network Access Standards and measures • Physical Access Guidelines; Controls • Personnel • Identification Control • Intruder Screening and and Security Detection Authentication awareness • Fire Protection devices training • Data Encryption • Environmental Monitoring. Information Security Policy
  • 10. Risk Mitigation Security Efforts 25 Admisistrative 75 Technical Information Security Policy
  • 11. Final Policy • Security policy is not the last and final word. • It is a master plan, which identifies a company's security concerns and is the first step towards building a secure infrastructure. Information Security Policy
  • 12. Anatomy of Security Policy Specific issues Policy that the policy Best practices Statement is addressing Mandatory Policy Scope Policy details practices Compliance Procedure for Essential Validity requirements implementation Policies Monitoring and Owner Review-details reporting Annexure mechanism Information Security Policy
  • 14. SandZ Technologies • Mainly concentrated into providing online education in the domains of electronic design. • E-mails in and out of company are crucial and are confidential. • E-mail policy to reduce the risk of hampering company image and important information. Information Security Policy
  • 17. Implementation of Security Policies • Conduct Security Awareness Seminars, workshops and quizzes. • Have Security Week for the organization. • Prepare Do's & Don'ts of Security Policy, distribute and display them. • Create posters, stickers, t-shirts, mugs and mouse pads all with security messages. • Run slogan competitions. • Perform security audits. Information Security Policy
  • 18. Conclusion An ounce of prevention is better than a pound of detection and correction Information Security Policy
  • 19. References • Avinash Kadam, Writing an Information Security Policy, Network Magazine,Issue of october 2002. Chief Executive - Assurance and Training at Miel e-Security, Pvt. Ltd. • Whitman ME & Mattord HJ (2007) Managing Information security, Thomson Course Technology. Information Security Policy