Keep your Information safe in your Computer & Mobile, Lesson 26

Data is classified into - Classified or Top Secret

Examples
Content of Corporate Investigation Reports
Top or Executive Management Compensation and Benefits
Business Plan/Strategy (both short and long-term)
Information relating to re-structuring and joint ventures

Care Required
When stored in electronic format, data, where possible, must be password protected and/or encrypted.
Access to data must be recorded/logged, tracked and regularly monitored.
When stored on mobile devices and media, protection and encryption measures provided through mechanisms approved by the Head of IT must be employed (e.g., access/password controls and 128 bit encryption).
Data must be stored in locked physical storages like drawers, rooms, or warehouses or areas where physical access is controlled by security guards, cipher locks, biometric controls, and/or card readers.
Data of this kind must not be sent via fax.
Data must not be posted on any public website.
Data must be opened by the intended addressee only.
Data must be destroyed when no longer needed, subject to the Group’s Data Retention Policy. Destruction of data can be in any of the following ways:
- Hard copies of documents containing classified information must be destroyed by shredding them or another approved process that destroys the data beyond recognition or reconstruction.
- Electronic storage media containing classified information must be appropriately sanitized by degaussing/bit by-bit formatting and physical destruction.
- Deleting files or re‐formatting media containing data in electronic format is NOT an acceptable method of destroying classified data.
Top Management must immediately be notified if classified data is accessed without proper authorization, lost, disclosed to unauthorized parties or is suspected of being lost or disclosed to unauthorized parties, or if any unauthorized use of Group information systems has taken place or is suspected of taking place.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 25

Data Classification

Data classification is the most important part of Information Security Regulation. Data owners must define the classification for the associated information asset with the department / business unit. Care should be taken to not over‐protect or under protect data in a way that it hinders the execution of associated tasks or it exposes the organization to risks. The data classification methodology to be employed should take into consideration the following:

 Applicable laws, regulations and legislation
 Criticality and confidentiality of the data item to the department, business unit(s), or the Group as a whole.
 Risks and implications of disclosure, loss, or unauthorized public release or access
 Value of the data item to the organization or business
 Data Owners should ensure that there is adequate communication of data classification to Data Users and Custodians.
 Classifications must be applied as soon as data (or the information asset) is created or received from a third party. Failure to.classify information in a timely


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 24

Incident Management

Incident Management is another important part of ISR. Without a proper incident management, asset register alone will fail to cover to the ISR umbrella. Incident Management will outline a proper process for the identification and effective handling of information security incidents in order to minimize the adverse impact on the business of the entity.

Information Security Incident Management planning needs to be covered in a formal policy/procedure. Reporting and escalation of any Information Security Incidents should be done through all available reporting channels. Evidences will be gathered and retains and a knowledge base from all information security incidents will be maintained which includes details of previous incidents, their types, cost, and any other relevant information.

In view of the above our company has formulated Information Security Incident Management System which can be used to report any incidents that occur or are suspected to target information or information processing facilities owned or managed.

User needs fill in the Information Security Incident detail that occur or are suspected to target information or information processing facilities owned or managed related to Information Security, which then will be analyzed by the Information Security Incident Management Team and will take necessary action.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 23

Information Asset Register

First and foremost requirement of "Information Security Regulation" (ISR) is to have a company wide Information Asset Register. It Identifies & documents all information assets, including the information and data assets and the related information processing facilities and components, such as software assets, people assets, physical assets, etc. and consider other details such as, physical location, license details, business value, and any other necessary information that may be required to avoid risks and recover from disasters.

You have to create a Program module “Information Asset Register” which covers all the requirements of a successful information asset register. Everyone will be update the asset under there department as per the definition of assets given.

The Information Asset Register will be used to support the ISR Objective of developing and maintain an Information Asset Register. This will ensure that all critical or important (i.e., high and medium risk) information is identified and monitored for the purpose of protection and risk management.

The Program module will allow departments and functions in custody of valuable information to list these down and maintain such in a secured environment or system. Such facility will also enable the information custodians to provide and save pertinent and useful information such as information asset type, location, relevant system/process or sub system, origin or source, data classification, and risk type, among others.

Asset Register, Storage details Data Owners/Custodian/Users are the important part of the program which will cover the details of information asset, its storage, it’s sharing and risk associated with it.

While entering in the Information Asset Register user needs to first identify their information under which category they fall. To support this formulated and finalized few policies like Data Ownership Policy, Data Classification Policy and Data Retention Policy. These policies will clarify and identify how and what type of data requires which level of classification.

Once populated the Information Asset Register will identify the key areas which needs to be protected and also the Risk Assessment will identify the risk associated with it which needs to be mitigated.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 22

User Manual

Introduction
The Information Security Regulation presents the minimum requirements for information security controls and is applicable to all Government Entities, including but not limited to employees, consultants, contractors and visitors who are not employed by the government but are engaged with it through various means. Furthermore the regulation applies to any government information regardless of its type and medium (e.g. Printed, Electronic and Non Electronic Verbal, Written, etc.), therefore, Government Entities are expected to implement this regulation in their entire entity and not to limit it to Information Technology (IT) divisions/departments only.
The scope of the government information assets must consider all the information processing facilities and components, which may include the following components or few of them:
 Storage (electronics storage device; logical and physical, paper documents, etc.)
 Infrastructure (hardware, applications, networks, etc.)
 Organizational (processes, policies, etc.)
 Personnel (administrators, employees, visitors, etc.)

Information Security Regulations (ISR)
We considers information, business process, and information systems among its most critical business assets, which require protection from unauthorized access, modification, disclosure or destruction.
The information Security Regulation is broken down into twelve domains. Each domain takes into
consideration one or more major classes of information security: Governance, Operation, and Assurance.
The Governance domains set high-level requirements for structuring and managing information security.
The Operation domains are technical or non-technical solutions an entity may use depending on the results of their risk assessment study. The Assurance domains act as the quality assurance for the entity,
ensuring that the implemented solution is working as intended. We are therefore committed to protect all our information assets against all threats, actual or potential, internal or external, deliberate or not.
In line with this, we also support and comply with the Information Security Regulation (ISR) pursuant to Executive Council about Government Information Security Regulation as stated earlier. The Information Security Steering Committee, in various capacities, responsible for maintaining the policies & procedures and providing support and advice during the implementation. All managers are also directly responsible for the implementation of the following Information Security
Domains policies and procedures. And ensuring mandatory compliance by employees concerned in their respective departments and external parties they deal with.

Information Security Regulation Structure 
The information Security Regulation is broken down into twelve domains. Each domain takes into consideration one or more major classes of information security: Governance, Operation, and Assurance.
The Governance domains set high-level requirements for structuring and managing information security.
The Operation domains are technical and/or non-technical solutions an entity may use depending on the results of their risk. The Assurance domains act as the quality assurance for the entity, ensuring that the implemented solution is working as intended.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 21 of 25

Data Classification Folders

Data Classification
Classification of data determines the extent to which data needs to be controlled / secured and is also indicative of its value in terms of business assets. For achieving data classification properly, every network drive will be updated with Data Classification folders which needs to be updated according to the data classification category.

1 - Classified or Top Secret Folder
 Contents like Corporate Investigation Reports, Top or Executive Management Compensation and Benefits, Project Master Drawings etc.
2 - Strictly or Highly Confidential Folder
 Contents like Internal/External Audit Reports, Personnel Information (HR) and Non‐Executive any data identified by government regulation to be treated as confidential, or sealed by order of a court of competent jurisdiction, etc.
3 - Confidential or Proprietary Folder
 Business Policies and Procedures, business partner information not covered by a restrictive confidentiality agreement, internal organizational charts etc.
4 - Internal Use Folder
 Company announcements or bulletins, General Project and Research data; i.e., not including projects which are classified or highly confidential, induction material content, etc.
5 –Public Folder
 Press releases the Marketing materials/Ads, Job postings, etc.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 20 of 25

Computer Security

Frequently asked questions (FAQ)

What is malware?
Malware is any kind of software that compromises security (or performs other bad actions) on a user's computer. Malware, as a general category, includes spyware, viruses, Trojan horses, and a host of other sometimes whimsical names for security compromising software.

What is phishing? 
Phishing is a social engineering technique whereby hackers send authentic-looking emails to a user in order to persuade the user to share some sort of valuable information (e.g., for identity theft or other fraud).
One specialized technique is 'spear phishing'. In this scam, email apparently from a trusted organizational representative is sent to that person's organization in order to glean credentials for subsequent hacking attacks.

What is spyware?
Spyware is computer software that is generally surreptitiously installed on a computer in order to collect information from the computer's user. Such information includes:
 Web sites visited
 Keys typed (including chat sessions and word processors)
 Other application data (including the other half of chat sessions and displayed email)
 File contents
 Search habits
 Camera images
 Sound received by the computer's microphone
Note that spyware is installed without a users' permission. Some programs (e.g., filtering software for juveniles) are installed for the express purpose of 'spying'. Presumably the spied-upon users are informed (vs. the surreptitious paradigm used by spyware).

What is antispyware software? 
Antispyware software tries to find and disable (and/or remove) spyware from your computer. Historically, spyware came as a sort of add on to other malware that inundated a computer's user with pop-up advertising.

How do antivirus programs work?
Antivirus programs monitor a computer's file creation mechanism and use sophisticated pattern-matching mechanisms to see if new files have a 'signature' that matches any known malware.
The list of malware signatures must be updated regularly (an operation performed automatically by any reputable antivirus program).

What is the weakest link in my computer's security?
Generally, passwords are the weakest link in any security situation. The temptation to lend a workstation or account to someone is very high. Once the password is known, somehow others seem to learn it as if by telepathy. Keeping your passwords secret is the first step to keeping your system secure.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 19 of 25

Physical Security

Be familiar with Corporate Physical Security policies, procedures and requirements.

Escort visitors/vendors from the security gate to the particular they want to go.

Do not Lose devices or items used for authentication.

Do not Share access card or access code.

Do not Write down special codes on a piece of paper left unsecured at the workplace.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 18 of 25

Encryption

Use encryption as prescribed in the Information Security Policies

Use encrypted channels for on-line communications (HTTPS, SFTP, SSH, VPN, etc.)

Consult with the Information Security Team when in doubt about the encryption

Avoid to Storing sensitive corporate data without any kind of encryption

Do not Ignore password management rules


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 17 of 25

Clear Screen, Clear Desk & Shoulder

Keep desks clear of sensitive documents.

Watching out for ‘shoulder surfers’

Exercising care when working in public areas.

Avoid to Storing documents and data on desktops with easy or unsecured access.

Avoid to Storing important information (e.g., work related and passwords) on desks.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 16 of 25

Social Engineering

Be prepared for Social Engineering being skeptical than sorry.

Be prepared to avoid a threat – be skeptical when it comes to security of data or information.

Consult with the Information Security Project Team, on observation of or noticing suspicious behavior, especially by outsiders.

Keep all devices locked when not in use.

Do not Give your passwords to anybody on the phone or through e-mails (also see: E-mail, Attachments and Spams).

Do not Open attachments from unknown sources.

Do not Navigate from an e-mail with unknown source (best to always type the internet URL instead).


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 15 of 25

Policy and Compliance

Being familiar with the Information Security Policies of the organization / Government.

Being familiar with the consequences of violating the policies.

Consult with the Information Security Project Team, when in doubt about compliance matters.

Do not Violate the Information Security Policies or Non-conforming to the established and relevant guidelines.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 14 of 25

Web / Internet Usage

Use the Internet responsibly and securely.

Use different passwords and/or different accounts for personal or professional usage (e.g., on-line gaming, subscriptions, etc.).

Use encrypted channels if possible (especially for on-line payment HTTPS://).

Do not Click on hyperlinks or downloadable attachments from suspicious people/websites.

Do not use the internet for viewing, storing or transmitting unauthorized material.

Do not share organizational confidential information to unknown users in the public forum, including social network sites.

Do not use the internet to download unlicensed software.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 13 of 25

Protection of Mobile Devices

Use devices with care and in alignment with the Information Security Policies

Use of encryption where needed

Use password lock on devices

Being familiar with applicable Information Security policies and procedures

Do not use a device being used by someone else (e.g., someone who does not keep in mind the information security rules)

Do not leave devices unattended

Do not share devices or lock codes with others


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 12 of 25

Protection from Malicious Code

Running an updated antivirus program

Always scan media (USB storage, CD) before using it.

Consult on relevant and applicable policies

Do not downward any software from unknown website.

Do not Open unknown/unrecognized e-mails and attachments (also see: E-mails, Attachments and Spams)

Do not plugs into the computer media from unreliable sources

Do not plugs in personal devices or computers in the Yard’s network ports

Do not disable antivirus client


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 11 of 25

E-mails, Attachments and Spams

Send e-mails only to the right or correct recipients.

Use the e-mail facility only for official business and in accordance with the Information Security Policies and Procedures

Use a secured e-mail facility as provided and approved

Use complex passwords for all user accounts

Do not use e-mail in a way that it becomes disruptive, offensive, or harmful to others

Do not Forward chain (unofficial) mails / letters.

Do not Open e-mails from unknown sources / strangers (if received from an external source)

Do not Open / Download attachments from e-mails from unreliable sources

Do not Provide password through an e-mail

Do not Forward official mails to personal e-mail addresses or accounts

Do not use official IDs for subscription purposes


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 10 of 25

Password Management

Resetting passwords immediately when suspected that these have been compromised.

Using strong passwords: adding special characters (! $ % #); it will be harder to crack them.

Using passphrases or sufficiently complex passwords (e.g., random passwords)

Using different passwords for each account, especially for important and not important contents.

Changing passwords regularly.

Do not Share or reveal passwords to others.

Do not Use passwords based on personal information (e.g.. birthdays, pet names, favorite sports club, etc.)

Do not Writhe passwords on a piece of paper (e.g., if such paper is kept in a wallet)

Do not Access confidential information on behalf of co-workers who do not have access rights to the same information.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 9 of 25

Data Backup & Storage

Do Storing organizational data / information in network drives for higher availability.

Do Helping the System Administrator by keeping files orderly, neat and up to date.

Do not Storing personal information on the Network Drives.

Do not Storing corporate data on personal external devices.

Do not Storing corporate data backup at home or in on-line file sharing sites.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 8 of 25

Ransomware Security Alert

Ransomware

Your Money or your Data

Infection Channels
SPAM
Malwares
Compromised Websitess

How to Protect Your self
Verify email senders and links
Update Antivirus and patch your System
Backup your files on regular basis

Critical information security threats related with Ransomware (malware) which encrypts all the data on a computer or mobile device.
How to protect yourself:
- Do not open attachments or files from Unknown or Suspicious Senders,
- Do not click to unsolicited web links from SPAM mails,
- Avoid clicking in images or links in attached PDF files from external emails.
- Place and backup your Business data and documents in Shared Drives,
- Avoid Enabling Macro, Editing and Content for received Office (doc, xls ..) files from external emails.

Security Alert: Very High
We received a Security Alert about a recent ransomware named WanaCry that has been massively circulated through the whole world. The Ransomware affecting thousands of computers across around 99 countries and It has targeted famous organizations (NHS, Telefonica, Iberdrola).
The ransomware has the window
functionality of (always on top) in
displaying the application’s window. It
encrypts all files with the file format
(.WNCRY). It also changes the desktop’s
wallpaper to the following:

Also we received a Security Alert about a recent ransomware named PETYA, Karo spreading across the world and infected thousand of machines.
The PETRA Ransomware can propagate through SPAM email with attached (doc) files with embedded Macro asking Users to enable Editing and Content.

There will be more security threats in future.

Enhanced and More Damaging.

Protection of Information and Information Assets should therefore be Everyone’s Business!

Never provide personal information to untrusted individuals.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 7 of 25

Security Threats

Mobile Applications
Avoid installing any applications you get from unknown sources
The malware can gain administrator access over your phone without your permission.

PDFs
Never open an attachment from e-mails frown unknown sources
Ensure that the Adobe Reader in use is up to date

Phishing Attacks
Never open an e-mail attachment from unknown sources
Always confirm any request to change bank details with your usual contact before effecting the change

War Games
Avoid sharing/posting your work related information on social networks

Fake Antivirus
Ensure you are running a security program that's updated, especially one that effectively blocks new malwares.
Never download a security program from a pop-up window you see online or from a third-party site.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 6 of 25

Information Security Regulation

Information Security Incident Management Reporting System is to report any incidents that occur or are suspected to target information or information processing facilities owned or managed.
Example to report IS Incident: 
Loss or theft of paper records, data or equipment e.g. laptops, smartphones or memory sticks, on which data is stored.


The assessment of the implementation status covering the following:
 Information Asset Register
 Data Classification
 Labeling & Handling
 Awareness of Information Security Policies and Procedures

Sample Incidents – Phishing / SPAM / Malware
Do not click to unsolicited web links from SPAM mails,
Avoid Enabling Macro, Editing and Content for received Office (doc, xls ..) files from external emails.
Perform AV scan before extracting or executing the content of compressed files; 
Do not open attachments or files from unknown or suspicious senders
Do not open any suspicious Attached file : .docm ,.7s, .rtf , .ace, .jar
Avoid clicking in images or links in attached PDF files from external emails.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 5 of 25

Information Asset Labeling and Handling

Labelling
Guidelines
Sensitive electronic information should
state the classification level within the document.
Sensitive physical information should be clearly marked with the classification level on the document.

Instructions
Documents header, footer, including cover page, subject line etc., should be labeled for medias like USBs, CD/DVDs, Tapes, etc.
Placing a stamp with classification level.

Storage
Guidelines
Sensitive electronic information must be encrypted at all times when stored and kept in an access controlled folder or directory.
Sensitive physical information should be stored in a locked drawer, cabinet within a locked office.

Instructions
MS word, excel, etc., should be password protected.
Other formats should be zipped with password (e.g. pdf, txt, AutoCad, etc.,)
Access to the location should be controlled; data owner can seek assistance with IT to make the control in effective manner.
Information should be stored in the shared drives in line with defined classification level folders.
Dedicate physical storage and folders as per the data classification.

Handling
Guidelines
Sensitive electronic information must be encrypted at all times when emailed or electronically transferred.
Sensitive physical information should be transferred in sealed, tamper-proof packaging and a trusted courier should be used.

Instructions
Encryption: MS word, excel, etc., should be password protected. Other formats should be zipped with password (e.g. pdf, txt etc.,)
Transferring or Sending through emails, or copying into USBs*, or uploading to ftp*, etc. * approved employees only can perform
Use non-re-sealable envelope with clear labelling the classification code.
Transmittal notes to be labeled on the documents.
Receiving party should ensure the envelope is not broken/tampered.

Disposal
Guidelines
Sensitive electronic information must be securely wiped when no longer required and it is recommended that data should be deleted/formatted from the file location, media, etc.
Sensitive physical information must be securely shredded using a minimum of a cross-cut shredder.

Instructions
Storage Medias like USBs/CDs/DVDs should be wiped.
Contact IT for assistance Draft versions should be deleted permanently once the approved versions are release
Use shredder.


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 4 of 25

Data Classification Folders in the Network

• For achieving data classification properly, every network drive will be updated with Data Classification folders which needs to be updated according to the data classification category.
• Need to make sure all the data should be saved in the correct folders. can nominate there department individuals for access authority (read/write).
• NO data should be saved in local drives.
• Drive folder structure
• Assess the classification level for each data with the data owner
• Move all data in the corresponding classification folder
• Apply “Permission” to each folder as per approved access rights (read / write)

Information Asset
• It is one of the main requirement of ISR, without which we may fail to comply the Law

Information Asset Risk
• Risk assessment based on the information asset
• Risk mitigation and treatment
• Alignment with enterprise risk management
• Have to review and update People details of employees and contractors who are owner / custodians of Information assets.
• Define Risk , Threats and Vulnerabilities for each Information Asset
• Risk Assessment to be completed with Treatment Plan and Time Frame
- Confidentiality
- Integrity
- Availability
• Simple Risk Assessment for Electronic Asset


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 3 of 25

Data Loss and its Effects

How can data be lost?
• Stealing data storage devices
• Sabotage
• Hacking into computer networks
Impact or Effect of Data Loss?
• Reputational risk
• Financial risk
• Loss of business
• Denial of Service
• Legal risk

Information / Data Classification 
• Information classification defines what kind of information is maintained in an organization.
• Based on such classification, information may need additional protection in place.
• Information can be classified into:
– Classified or Top Secret
– Strictly or Highly Confidential
– Confidential or Proprietary
– Internal Use
– Public

Classified or Top Secret
Highly sensitive information strictly intended for use within the organization
– Top or Executive Management Compensation and Benefits
– Content of Corporate Investigation Reports

Strictly or Highly Confidential
Sensitive information intended for use only within a group of authorized persons associated with a particular department, job function or project
– Personnel Information and/or Non Executive/TM Payroll
– Content of Internal/External Audit Reports
– Project Designs/Drawings

Confidential or Proprietary
Non‐sensitive information used within a department to ensure continuity of operational work routines. Security for this data class is controlled, but information is not highly protected.
– Business Policies and Procedures
– Business partner information not covered by a restrictive confidentiality agreement.

Internal Use
Important but non-sensitive information Examples
– Company announcements or bulletins
– General Project and Research data

Public
Information that requires minimal security and can be handled in the public domain / website.
– Marketing materials/Ads


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Twitter
Google+
Facebook
Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 2 of 25

Security
We must protect our Computers, Data and Information in the same way we secure the doors to our homes.

Why Security?
The “80/20” Rule
» 80% human factor
» 20% technical

Security Awareness
• Knowledge, Skill and Attitude an
individual possesses
• Being Security Conscious
• Individual Responsibility and
sufficient Understanding
• Awareness of Risks

Information Security
What is Information Security?
Keeping valuable information ‘free from danger’ (i.e., protected and safe
from misuse or unauthorized access )
 It is not something we buy, it is something we do
It’s a process not a product

Why Information Security?
– people can work more effectively and
efficiently
– accurate information is accessed or made
available when required
– information is protected from theft,
misuse or use for fraudulent or irregular
transactions
– deterrent against incidences which may
cause reputational damage to the
organization
– provides proactive protection against
attacks on PCs (e.g., viruses, spywares,
malwares, phishing, and other malicious
activities)

Information Security Objectives
• Confidentiality
Information is ONLY available or disclosed to authorized
individuals, entities, or processes.
• Integrity
Safeguarding the accuracy and completeness
of information and reliability on processing
 controls
• Availability
Ensuring that information is available when
required or needed

Key Factors in achieving CIA
• People
» Awareness
» Discipline
• Policy/Process/Procedure
» Clear
» Defined Coverage
» Compliance – Legal, Standards, Guidelines, etc.
• Technology
» Enablers
» Management Tools


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blog beautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
Facebook Page

Youtube
E-mail

Keep your Information safe in your Computer & Mobile, Lesson 1 of 25

Information. for your business processes and information systems as its most critical business assets, and is committed to ensure their confidentiality, integrity and availability for the purpose of ensuring continuity of business, reinforcing trust of its customers and stakeholders, minimizing information security risks, and maximizing returns on investments.

In line with this, we also support and comply with the Information Security Regulation.

Keeping valuable information ‘free from danger’ (i.e., protected and safe from misuse or unauthorized access) is called as Information Security.

We need information security so that people can work more effectively and efficiently, accurate information is accessed or made available when required, information is protected from theft, misuse or use for fraudulent or irregular transactions, deterrent against incidences which may cause reputational damage to the organization and provides proactive protection against attacks on PCs (e.g., viruses, spywares, malwares, phishing, and other malicious activities).

Overview

• Developed to align with the requirements of the Government Information Security Resolution.

• Provides minimum requirement for information security controls.

• Establishes a uniform information security culture to all.

• Drawn from various internationally recognized standards and regulations 

• Reflects specific requirements within the context of the Government.

Information

A sequence of symbols that can be interpreted as a message.

Information exists in many forms:

 Printed or written

 Stored electronically

 Transmitted electronically

 Visual 

e.g. videos, diagrams

 Published on the Web 

e.g., intranet or internet

 Verbal/aural 

e.g., conversations, phone calls

 Intangible 

e.g., knowledge, experience, 

expertise, ideas; trade secrets

Information can be;

 Created

 Owned (as an asset)

 Stored

 Processed

 Transmitted/Communicated

 Used (for proper or improper purposes)

 Modified or corrupted

 Shared or disclosed (whether 

appropriately or not)

 Destroyed or lost

 Stolen

 Controlled, secured, and protected 

throughout its existence

Why Information is Important!

Compliance with Legal Requirements

– Legal Requirements

• Copyright

• Patents/Royalties

• Trademark

Information Security Infrastructure

– Contractual Security Obligations

• Intranet connections to other BUs

• Remote connections to employees

• Customer networks

• Supply chains

• Third-party access

• SLA, Legal Contracts, Outsourcing Arrangements


Thanks for Read,
Please "SHARE" our post that your friends can read and learn and "COMMENT" us so that we can make our blogbeautiful.

Please Follow us.
Facebook Profile
Twitter
Google+
facebook Page
Youtube
E-mail