SlideShare una empresa de Scribd logo

Information Systems Policy

Ali Sadhik Shaik
Ali Sadhik Shaik

This document discusses information security policies and provides an overview of key topics: 1) It outlines a framework for designing security policies including commitment, risk assessment, and risk mitigation. 2) Risk assessment involves analyzing business, physical, technological, and human risks while risk mitigation uses administrative, physical, and technical controls. 3) The document also provides an example security policy for email at SandZ Technologies and discusses implementing policies through training, awareness programs, and audits.

EmpresarialesTecnología
1 de 19
Information Security Policy Presented by Mr Ali Sadhik Shaik BE (ECE), PGDVLSI, MBA (IS) sadhiqali@gmail.com
Agenda • Introduction • Security Policy Framework • Need for IS Policy • E-mail Policy: SandZ Technologies • Implementing security policy • Conclusion Information Security Policy
Introduction • Tangible to intangible assets based organizations • Need for protecting information assets • The objective of the policy is to convey the risk concerning information security and what preventive measures a company has adapted. Information Security Policy
Security Policy Designing Framework Commitment Risk Assessment Risk Mitigation Final Policy Information Security Policy
Commitment • Educate the top management • Align according to corporate vision and business objectives • We also need to analyze the following: • What are the information assets of a company in terms of hardware and software, network as well as the future investment plan in IT/IS? • What is the company's dependence on IT in real measurable terms? • What is the impact of the threat? Information Security Policy
Risk Assessment • Business risks, physical risks, environmental risks, technological risks, human risks and so on……. • Tabulate and prioritize the risks involved based on impact and probability of occurrence. Ex: Probability of a website getting hacked is an annual frequency of 0.5 i.e. once in 2 years, and the business loss for each event is Rs 100 lakhs. So the product of probability and consequences gives us an Annual Loss Expectancy of Rs 50 lakhs (0.5 X 100). Information Security Policy
Threats Natural and Environmental Threats: Database Security: Disaster recovery Network & Telecommunication Security Backup and recovery WAN recovery Human Threats: Operating Systems Security: Password Security & Controls Firewall Security Internet access and security Data Classification Web server Security Intranet Security Virus-Protection E-commerce Security Data encryption Email security: Administrative Controls: Technical controls Physical Security Logical Access Controls Incidence Response management Program Change Controls Punitive actions Version Controls Application Software Security Information Security Policy
Risk Mitigation • Security is not possible with single defense. Have multiple layers of protection. • The measures for risk mitigations could be: Administrative Measures Physical Measures Technical Measures Information Security Policy
Risk Mitigation Administrative Physical Technical Measures Measures Measures • Policies, • Perimeter • Logical Access Procedures, Control Control • Network Access Standards and measures • Physical Access Guidelines; Controls • Personnel • Identification Control • Intruder Screening and and Security Detection Authentication awareness • Fire Protection devices training • Data Encryption • Environmental Monitoring. Information Security Policy
Risk Mitigation Security Efforts 25 Admisistrative 75 Technical Information Security Policy
Final Policy • Security policy is not the last and final word. • It is a master plan, which identifies a company's security concerns and is the first step towards building a secure infrastructure. Information Security Policy
Anatomy of Security Policy Specific issues Policy that the policy Best practices Statement is addressing Mandatory Policy Scope Policy details practices Compliance Procedure for Essential Validity requirements implementation Policies Monitoring and Owner Review-details reporting Annexure mechanism Information Security Policy
Security Policy Information Security Policy
SandZ Technologies • Mainly concentrated into providing online education in the domains of electronic design. • E-mails in and out of company are crucial and are confidential. • E-mail policy to reduce the risk of hampering company image and important information. Information Security Policy
Information Security Policy
Information Security Policy
Implementation of Security Policies • Conduct Security Awareness Seminars, workshops and quizzes. • Have Security Week for the organization. • Prepare Do's & Don'ts of Security Policy, distribute and display them. • Create posters, stickers, t-shirts, mugs and mouse pads all with security messages. • Run slogan competitions. • Perform security audits. Information Security Policy
Conclusion An ounce of prevention is better than a pound of detection and correction Information Security Policy
References • Avinash Kadam, Writing an Information Security Policy, Network Magazine,Issue of october 2002. Chief Executive - Assurance and Training at Miel e-Security, Pvt. Ltd. • Whitman ME & Mattord HJ (2007) Managing Information security, Thomson Course Technology. Information Security Policy

Recomendados

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 

Recomendados

The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Computer Security Policy
Computer Security PolicyComputer Security Policy
Computer Security Policyeverestsky66
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP CertifiedHamed Moghaddam
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Más contenido relacionado

La actualidad más candente

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesJack Nichelson
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 

La actualidad más candente (20)

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
information security management
information security managementinformation security management
information security management
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 

Destacado

Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Research data policy
Research data policyResearch data policy
Research data policySarah Jones
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policieswardjo
 
Management Information System
Management Information SystemManagement Information System
Management Information SystemPinaki Basu
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
SECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALESECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALEAndy Ng
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Project report erp success
Project report erp successProject report erp success
Project report erp successSurajeet Singh
 

Destacado (19)

Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Research data policy
Research data policyResearch data policy
Research data policy
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
 
Management Information System
Management Information SystemManagement Information System
Management Information System
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
SECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALESECRET ART OF WAR TO CLOSE EVERY SALE
SECRET ART OF WAR TO CLOSE EVERY SALE
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Project report erp success
Project report erp successProject report erp success
Project report erp success
 

Similar a Information Systems Policy

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
FIS Profile Summary V7.3
FIS Profile Summary V7.3FIS Profile Summary V7.3
FIS Profile Summary V7.3Jorge Sebastiao
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdfDorcusSitali
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need LR_Yanus
 
Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Graeme Payne
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 

Similar a Information Systems Policy (20)

Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
FIS Profile Summary V7.3
FIS Profile Summary V7.3FIS Profile Summary V7.3
FIS Profile Summary V7.3
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2Microsoft Power Point Information Security And Risk Managementv2
Microsoft Power Point Information Security And Risk Managementv2
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 

Más de Ali Sadhik Shaik

IT Industry in India after Liberalization
IT Industry in India after LiberalizationIT Industry in India after Liberalization
IT Industry in India after LiberalizationAli Sadhik Shaik
 
Core Competency & Competitive Advantage
Core Competency & Competitive AdvantageCore Competency & Competitive Advantage
Core Competency & Competitive AdvantageAli Sadhik Shaik
 
Blind Spots And 7s Framework
Blind Spots And 7s FrameworkBlind Spots And 7s Framework
Blind Spots And 7s FrameworkAli Sadhik Shaik
 
Capability Maturity Model (CMM)
Capability Maturity Model (CMM)Capability Maturity Model (CMM)
Capability Maturity Model (CMM)Ali Sadhik Shaik
 
Building Your Companies Vision
Building Your Companies VisionBuilding Your Companies Vision
Building Your Companies VisionAli Sadhik Shaik
 

Más de Ali Sadhik Shaik (8)

IT Industry in India after Liberalization
IT Industry in India after LiberalizationIT Industry in India after Liberalization
IT Industry in India after Liberalization
 
IT Industry in India
IT Industry in IndiaIT Industry in India
IT Industry in India
 
Core Competency & Competitive Advantage
Core Competency & Competitive AdvantageCore Competency & Competitive Advantage
Core Competency & Competitive Advantage
 
Blind Spots And 7s Framework
Blind Spots And 7s FrameworkBlind Spots And 7s Framework
Blind Spots And 7s Framework
 
Order to Cash Cycle
Order to Cash CycleOrder to Cash Cycle
Order to Cash Cycle
 
Cryptography Basics
Cryptography BasicsCryptography Basics
Cryptography Basics
 
Capability Maturity Model (CMM)
Capability Maturity Model (CMM)Capability Maturity Model (CMM)
Capability Maturity Model (CMM)
 
Building Your Companies Vision
Building Your Companies VisionBuilding Your Companies Vision
Building Your Companies Vision
 

Último

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 

Último (20)

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 

Information Systems Policy

  • 1. Information Security Policy Presented by Mr Ali Sadhik Shaik BE (ECE), PGDVLSI, MBA (IS) sadhiqali@gmail.com
  • 2. Agenda • Introduction • Security Policy Framework • Need for IS Policy • E-mail Policy: SandZ Technologies • Implementing security policy • Conclusion Information Security Policy
  • 3. Introduction • Tangible to intangible assets based organizations • Need for protecting information assets • The objective of the policy is to convey the risk concerning information security and what preventive measures a company has adapted. Information Security Policy
  • 4. Security Policy Designing Framework Commitment Risk Assessment Risk Mitigation Final Policy Information Security Policy
  • 5. Commitment • Educate the top management • Align according to corporate vision and business objectives • We also need to analyze the following: • What are the information assets of a company in terms of hardware and software, network as well as the future investment plan in IT/IS? • What is the company's dependence on IT in real measurable terms? • What is the impact of the threat? Information Security Policy
  • 6. Risk Assessment • Business risks, physical risks, environmental risks, technological risks, human risks and so on……. • Tabulate and prioritize the risks involved based on impact and probability of occurrence. Ex: Probability of a website getting hacked is an annual frequency of 0.5 i.e. once in 2 years, and the business loss for each event is Rs 100 lakhs. So the product of probability and consequences gives us an Annual Loss Expectancy of Rs 50 lakhs (0.5 X 100). Information Security Policy
  • 7. Threats Natural and Environmental Threats: Database Security: Disaster recovery Network & Telecommunication Security Backup and recovery WAN recovery Human Threats: Operating Systems Security: Password Security & Controls Firewall Security Internet access and security Data Classification Web server Security Intranet Security Virus-Protection E-commerce Security Data encryption Email security: Administrative Controls: Technical controls Physical Security Logical Access Controls Incidence Response management Program Change Controls Punitive actions Version Controls Application Software Security Information Security Policy
  • 8. Risk Mitigation • Security is not possible with single defense. Have multiple layers of protection. • The measures for risk mitigations could be: Administrative Measures Physical Measures Technical Measures Information Security Policy
  • 9. Risk Mitigation Administrative Physical Technical Measures Measures Measures • Policies, • Perimeter • Logical Access Procedures, Control Control • Network Access Standards and measures • Physical Access Guidelines; Controls • Personnel • Identification Control • Intruder Screening and and Security Detection Authentication awareness • Fire Protection devices training • Data Encryption • Environmental Monitoring. Information Security Policy
  • 10. Risk Mitigation Security Efforts 25 Admisistrative 75 Technical Information Security Policy
  • 11. Final Policy • Security policy is not the last and final word. • It is a master plan, which identifies a company's security concerns and is the first step towards building a secure infrastructure. Information Security Policy
  • 12. Anatomy of Security Policy Specific issues Policy that the policy Best practices Statement is addressing Mandatory Policy Scope Policy details practices Compliance Procedure for Essential Validity requirements implementation Policies Monitoring and Owner Review-details reporting Annexure mechanism Information Security Policy
  • 14. SandZ Technologies • Mainly concentrated into providing online education in the domains of electronic design. • E-mails in and out of company are crucial and are confidential. • E-mail policy to reduce the risk of hampering company image and important information. Information Security Policy
  • 17. Implementation of Security Policies • Conduct Security Awareness Seminars, workshops and quizzes. • Have Security Week for the organization. • Prepare Do's & Don'ts of Security Policy, distribute and display them. • Create posters, stickers, t-shirts, mugs and mouse pads all with security messages. • Run slogan competitions. • Perform security audits. Information Security Policy
  • 18. Conclusion An ounce of prevention is better than a pound of detection and correction Information Security Policy
  • 19. References • Avinash Kadam, Writing an Information Security Policy, Network Magazine,Issue of october 2002. Chief Executive - Assurance and Training at Miel e-Security, Pvt. Ltd. • Whitman ME & Mattord HJ (2007) Managing Information security, Thomson Course Technology. Information Security Policy