SlideShare une entreprise Scribd logo

IT Policy

Télécharger en tant que PPTX, PDF
S
SensewareInfomedia

How To Secure your Business Network

Marketing
1  sur  18
INFORMATION SECURITY POLICIES & STANDARDS.
 Define security policies and standards.  Measure actual security against policy.  Report violations to policy.  Correct violations to confirm with policy.  Summarize policy compliance for the organization. 2 Challenges before us: BUT Where DO We Start?????
 What assets within the organization need protection?  What are the risks to each of these assets?  How much time, effort, and money is the organization willing to expend to upgrade or obtain new adequate protection against these threats? 3 Basic Risk Assessment
 Physical items  Sensitive data and other information  Computers, laptops, mobiles, etc.  Backups and archives.  Manuals, books, and guides  Communications equipment and wiring.  Personnel records.  Audit records.  Commercial software 4 Identifying the Assets:  Non-physical items  Personnel passwords  Public image and reputation  Processing availability and continuity of operations  Configuration information.  Data integrity  Confidentiality of information
 Component failure  Misuse of software and hardware  Viruses, Trojan horses, or worms  Unauthorized deletion or modification  Unauthorized disclosure of information  Penetration ("hackers" getting into your machines)  Software bugs and flaws  Fires, floods, or earthquakes  Riots 5 The risks:
 Sensitive :- This classification applies to information that needs protection from unauthorized modification or deletion to assure its integrity. It is information that requires a higher than normal assurance of accuracy and completeness. Examples of sensitive information include organizational financial transactions and regulatory actions. 6 Data Sensitivity Classification:
 Confidential :- This classification applies to the most sensitive business information that is intended strictly for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization, its stockholders, its business partners, and/or its customers. Health care-related information should be considered at least confidential. 7 Data Sensitivity Classification:
 Private :- This classification applies to personal information that is intended for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization and/or its employees.  Public :- This classification applies to all other information that does not clearly fit into any of the above three classifications. While its unauthorized disclosure is against policy, it is not expected to impact seriously or adversely affect the organization, its 8 Data Sensitivity Classification:
Types of Security Policies:  Password policies  Administrative Responsibilities  User Responsibilities  E-mail policies  Internet policies 9  Backup and restore policies  Technologies to secure IT Infra:  Firewalls.  Auditing.  System Policies.  IT admin policies.
 The use of e-mail to conduct official business ,which users should adhere to.  The use of e-mail for personal business is strictly prohibited.  Access control and confidential protection of messages.  The management and retention of e-mail messages.  Official email ids should not be subscribed on any sort of websites.  There should not be bulk emailing from any or all of the users within the Organization.  Spam emailing is against official policy and any email user doing any such would be held against criminal offence. 10 E-mail Policies :
 Set of protocols and conventions used to traverse and find information over the Internet which should be followed by all the users.  Browsers also introduce vulnerabilities to an organization which should be strictly prohibited.  Web servers can be attacked directly, or used as jumping off points to attack an organization's internal networks so users should be very careful while surfing and browsing.  Firewalls and proper configuration of routers and the IP protocol can help to fend off denial of service attacks. 11 Internet Policies:
 The backup polices should include plans for:  Regularly scheduled backups.  Types of backups. Most backup systems support, normal backups, incremental backups, and differential backups.  A schedule for backups. The schedule should normally be during the night when the company has the least amount of users.  The information to be backed up.  Type of media used for backups. Tapes, CD-ROMs, other hard drives, and so forth. 12 Backup Policies:
 Firewall configuration.  Audits at regular intervals.  System Policies.  Administrator Policies. 13 Secure Network Connectivity :
 Should block unwanted traffic.  Should direct incoming traffic to more trustworthy internal systems.  Should hide vulnerable systems that cannot easily be secured from the Internet.  Should can log traffic to and from the private network.  Should hide information such as system names, network topology, network device types, and internal user IDs from the Internet.  Should provide more robust authentication than standard applications might be able to do. 14 Firewalls:
 Logon and logoff information  System shutdown and restart information  File and folder access  Password changes  Object access  Policy changes 15 Auditing :
 All the systems should be configured with proper firewall gateway.  Systems should strictly have licensed and only as per use Soft wares installed.  Every system should be allowed to login with complex passwords and authenticated users.  A password must be initially assigned to a user when enrolled on the system.  Users must remember their passwords.  Users must enter their passwords into the system at authentication time. 16 System Policies:
 A user's password must be changed periodically  The system must maintain a "password database.“  All the systems must have user and administrator user roles defined.  Scheduled audits to ensure the IT security policies.  Administrator passwords should not be shared .  No spam and network violating activities within the organization. 17 IT Admin Policies :
PRESENTED BY Senseware IT Admin Responsibilities: Managed IT. 18 Thank you for the time devoted.

Recommandé

Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Data security
Data securityData security
Data securityAbdulBasit938
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 

Recommandé

Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policymarindi
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy PresentationSarah Cortes
 
Data security
Data securityData security
Data securityAbdulBasit938
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Clean desk policy Document
Clean desk policy DocumentClean desk policy Document
Clean desk policy DocumentAnirudh Sharma
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
IT Policy
IT PolicyIT Policy
IT PolicySherri Booher
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
ETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop SunumuETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop SunumuETİD
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
IT security
IT securityIT security
IT securityAman Jain
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
3.5 ICT Policies
3.5 ICT Policies3.5 ICT Policies
3.5 ICT Policiesmrmwood
 
3.4 ict strategy
3.4 ict strategy3.4 ict strategy
3.4 ict strategymrmwood
 

Contenu connexe

Tendances

Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Clean desk policy Document
Clean desk policy DocumentClean desk policy Document
Clean desk policy DocumentAnirudh Sharma
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
ETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop SunumuETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop SunumuETİD
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 

Tendances (20)

Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT Policy
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Clean desk policy Document
Clean desk policy DocumentClean desk policy Document
Clean desk policy Document
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptx
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Information security
Information securityInformation security
Information security
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
ETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop SunumuETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
ETİD Kişisel Verilerin Korunması Kanunu Workshop Sunumu
 
Security policies
Security policiesSecurity policies
Security policies
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and Security
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
IT security
IT securityIT security
IT security
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 

En vedette

3.5 ICT Policies
3.5 ICT Policies3.5 ICT Policies
3.5 ICT Policiesmrmwood
 
3.4 ict strategy
3.4 ict strategy3.4 ict strategy
3.4 ict strategymrmwood
 
Ict policy planning and implementation issues
Ict policy planning and implementation issuesIct policy planning and implementation issues
Ict policy planning and implementation issuesEric Kluijfhout
 
Minneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsMinneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsBrandon Macon
 
Racial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxRacial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxAshley Chao
 
บทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมบทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมpennapa34
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
Introduction to ITIL Service Management
Introduction to ITIL Service ManagementIntroduction to ITIL Service Management
Introduction to ITIL Service ManagementITILstudy
 
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014VARINDIA
 
Mito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareMito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareFederica Mondin
 

En vedette (15)

3.5 ICT Policies
3.5 ICT Policies3.5 ICT Policies
3.5 ICT Policies
 
3.4 ict strategy
3.4 ict strategy3.4 ict strategy
3.4 ict strategy
 
Ict policy planning and implementation issues
Ict policy planning and implementation issuesIct policy planning and implementation issues
Ict policy planning and implementation issues
 
Minneapolis Community and Technical College Reviews
Minneapolis Community and Technical College ReviewsMinneapolis Community and Technical College Reviews
Minneapolis Community and Technical College Reviews
 
follow up 1
follow up 1 follow up 1
follow up 1
 
diseño empresarial
diseño empresarialdiseño empresarial
diseño empresarial
 
Racial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashxRacial Inequality in Film 2007-2013 Final.ashx
Racial Inequality in Film 2007-2013 Final.ashx
 
Osama CV
Osama CVOsama CV
Osama CV
 
Tanya jawab
Tanya jawabTanya jawab
Tanya jawab
 
บทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรมบทที่3คำสั่งควบคุมโปรแกรม
บทที่3คำสั่งควบคุมโปรแกรม
 
Desprendimiento de Virutas
Desprendimiento de VirutasDesprendimiento de Virutas
Desprendimiento de Virutas
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
Introduction to ITIL Service Management
Introduction to ITIL Service ManagementIntroduction to ITIL Service Management
Introduction to ITIL Service Management
 
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) POLICY 2014
 
Mito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementareMito-Lezione per una quinta elementare
Mito-Lezione per una quinta elementare
 

Similaire à IT Policy

Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxtodd331
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_PolicyMrinal Dutta
 
Ways to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data BreachWays to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data Breachincmagazineseo
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxmelbruce90096
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Dr. Khaled Bakro
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 

Similaire à IT Policy (20)

Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
Computer security
Computer securityComputer security
Computer security
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
 
Ways to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data BreachWays to Safeguard Your Business from a Data Breach
Ways to Safeguard Your Business from a Data Breach
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Week - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docxWeek - 5Report.docxjustify and support the relationship bet.docx
Week - 5Report.docxjustify and support the relationship bet.docx
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
Introduction to Engineering and Profession Ethics Lecture9-Computer Ethics, P...
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 

Dernier

Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRCall Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRlizamodels9
 
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...Hugues Rey
 
pptx.marketing strategy of tanishq. pptx
pptx.marketing strategy of tanishq. pptxpptx.marketing strategy of tanishq. pptx
pptx.marketing strategy of tanishq. pptxarsathsahil
 
marketing strategy of tanishq word PPROJECT.pdf
marketing strategy of tanishq word PPROJECT.pdfmarketing strategy of tanishq word PPROJECT.pdf
marketing strategy of tanishq word PPROJECT.pdfarsathsahil
 
Red bull marketing presentation pptxxxxx
Red bull marketing presentation pptxxxxxRed bull marketing presentation pptxxxxx
Red bull marketing presentation pptxxxxx216310017
 
Influencer Marketing Power point presentation
Influencer Marketing Power point presentationInfluencer Marketing Power point presentation
Influencer Marketing Power point presentationdgtivemarketingagenc
 
The Pitfalls of Keyword Stuffing in SEO Copywriting
The Pitfalls of Keyword Stuffing in SEO CopywritingThe Pitfalls of Keyword Stuffing in SEO Copywriting
The Pitfalls of Keyword Stuffing in SEO CopywritingJuan Pineda
 
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garside
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon GarsideInbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garside
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garsiderobwhite630290
 
From Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOFrom Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOSzymon Słowik
 
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdf
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdfDigital Marketing Spotlight: Lifecycle Advertising Strategies.pdf
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdfDemandbase
 
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...Ahrefs
 
The power of SEO-driven market intelligence
The power of SEO-driven market intelligenceThe power of SEO-driven market intelligence
The power of SEO-driven market intelligenceHinde Lamrani
 
McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)DEVARAJV16
 
How To Utilize Calculated Properties in your HubSpot Setup
How To Utilize Calculated Properties in your HubSpot SetupHow To Utilize Calculated Properties in your HubSpot Setup
How To Utilize Calculated Properties in your HubSpot Setupssuser4571da
 
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfResearch and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfVWO
 
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...CIO Business World
 
What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?Juan Pineda
 
2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)Jomer Gregorio
 
Michael Kors marketing assignment swot analysis
Michael Kors marketing assignment swot analysisMichael Kors marketing assignment swot analysis
Michael Kors marketing assignment swot analysisjunaid794917
 

Dernier (20)

Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCRCall Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
Call Girls In Aerocity Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delhi NCR
 
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
(Generative) AI & Marketing: - Out of the Hype - Empowering the Marketing M...
 
pptx.marketing strategy of tanishq. pptx
pptx.marketing strategy of tanishq. pptxpptx.marketing strategy of tanishq. pptx
pptx.marketing strategy of tanishq. pptx
 
marketing strategy of tanishq word PPROJECT.pdf
marketing strategy of tanishq word PPROJECT.pdfmarketing strategy of tanishq word PPROJECT.pdf
marketing strategy of tanishq word PPROJECT.pdf
 
Red bull marketing presentation pptxxxxx
Red bull marketing presentation pptxxxxxRed bull marketing presentation pptxxxxx
Red bull marketing presentation pptxxxxx
 
Influencer Marketing Power point presentation
Influencer Marketing Power point presentationInfluencer Marketing Power point presentation
Influencer Marketing Power point presentation
 
The Pitfalls of Keyword Stuffing in SEO Copywriting
The Pitfalls of Keyword Stuffing in SEO CopywritingThe Pitfalls of Keyword Stuffing in SEO Copywriting
The Pitfalls of Keyword Stuffing in SEO Copywriting
 
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Lajpat Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garside
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon GarsideInbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garside
Inbound Marekting 2.0 - The Paradigm Shift in Marketing | Axon Garside
 
From Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEOFrom Chance to Choice - Tactical Link Building for International SEO
From Chance to Choice - Tactical Link Building for International SEO
 
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdf
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdfDigital Marketing Spotlight: Lifecycle Advertising Strategies.pdf
Digital Marketing Spotlight: Lifecycle Advertising Strategies.pdf
 
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
What I learned from auditing over 1,000,000 websites - SERP Conf 2024 Patrick...
 
The power of SEO-driven market intelligence
The power of SEO-driven market intelligenceThe power of SEO-driven market intelligence
The power of SEO-driven market intelligence
 
McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)McDonald's: A Journey Through Time (PPT)
McDonald's: A Journey Through Time (PPT)
 
How To Utilize Calculated Properties in your HubSpot Setup
How To Utilize Calculated Properties in your HubSpot SetupHow To Utilize Calculated Properties in your HubSpot Setup
How To Utilize Calculated Properties in your HubSpot Setup
 
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdfResearch and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
Research and Discovery Tools for Experimentation - 17 Apr 2024 - v 2.3 (1).pdf
 
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...
The 10 Most Influential CMO's Leading the Way of Success, 2024 (Final file) (...
 
What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?What are the 4 characteristics of CTAs that convert?
What are the 4 characteristics of CTAs that convert?
 
2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)2024 SEO Trends for Business Success (WSA)
2024 SEO Trends for Business Success (WSA)
 
Michael Kors marketing assignment swot analysis
Michael Kors marketing assignment swot analysisMichael Kors marketing assignment swot analysis
Michael Kors marketing assignment swot analysis
 

IT Policy

  • 2.  Define security policies and standards.  Measure actual security against policy.  Report violations to policy.  Correct violations to confirm with policy.  Summarize policy compliance for the organization. 2 Challenges before us: BUT Where DO We Start?????
  • 3.  What assets within the organization need protection?  What are the risks to each of these assets?  How much time, effort, and money is the organization willing to expend to upgrade or obtain new adequate protection against these threats? 3 Basic Risk Assessment
  • 4.  Physical items  Sensitive data and other information  Computers, laptops, mobiles, etc.  Backups and archives.  Manuals, books, and guides  Communications equipment and wiring.  Personnel records.  Audit records.  Commercial software 4 Identifying the Assets:  Non-physical items  Personnel passwords  Public image and reputation  Processing availability and continuity of operations  Configuration information.  Data integrity  Confidentiality of information
  • 5.  Component failure  Misuse of software and hardware  Viruses, Trojan horses, or worms  Unauthorized deletion or modification  Unauthorized disclosure of information  Penetration ("hackers" getting into your machines)  Software bugs and flaws  Fires, floods, or earthquakes  Riots 5 The risks:
  • 6.  Sensitive :- This classification applies to information that needs protection from unauthorized modification or deletion to assure its integrity. It is information that requires a higher than normal assurance of accuracy and completeness. Examples of sensitive information include organizational financial transactions and regulatory actions. 6 Data Sensitivity Classification:
  • 7.  Confidential :- This classification applies to the most sensitive business information that is intended strictly for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization, its stockholders, its business partners, and/or its customers. Health care-related information should be considered at least confidential. 7 Data Sensitivity Classification:
  • 8.  Private :- This classification applies to personal information that is intended for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization and/or its employees.  Public :- This classification applies to all other information that does not clearly fit into any of the above three classifications. While its unauthorized disclosure is against policy, it is not expected to impact seriously or adversely affect the organization, its 8 Data Sensitivity Classification:
  • 9. Types of Security Policies:  Password policies  Administrative Responsibilities  User Responsibilities  E-mail policies  Internet policies 9  Backup and restore policies  Technologies to secure IT Infra:  Firewalls.  Auditing.  System Policies.  IT admin policies.
  • 10.  The use of e-mail to conduct official business ,which users should adhere to.  The use of e-mail for personal business is strictly prohibited.  Access control and confidential protection of messages.  The management and retention of e-mail messages.  Official email ids should not be subscribed on any sort of websites.  There should not be bulk emailing from any or all of the users within the Organization.  Spam emailing is against official policy and any email user doing any such would be held against criminal offence. 10 E-mail Policies :
  • 11.  Set of protocols and conventions used to traverse and find information over the Internet which should be followed by all the users.  Browsers also introduce vulnerabilities to an organization which should be strictly prohibited.  Web servers can be attacked directly, or used as jumping off points to attack an organization's internal networks so users should be very careful while surfing and browsing.  Firewalls and proper configuration of routers and the IP protocol can help to fend off denial of service attacks. 11 Internet Policies:
  • 12.  The backup polices should include plans for:  Regularly scheduled backups.  Types of backups. Most backup systems support, normal backups, incremental backups, and differential backups.  A schedule for backups. The schedule should normally be during the night when the company has the least amount of users.  The information to be backed up.  Type of media used for backups. Tapes, CD-ROMs, other hard drives, and so forth. 12 Backup Policies:
  • 13.  Firewall configuration.  Audits at regular intervals.  System Policies.  Administrator Policies. 13 Secure Network Connectivity :
  • 14.  Should block unwanted traffic.  Should direct incoming traffic to more trustworthy internal systems.  Should hide vulnerable systems that cannot easily be secured from the Internet.  Should can log traffic to and from the private network.  Should hide information such as system names, network topology, network device types, and internal user IDs from the Internet.  Should provide more robust authentication than standard applications might be able to do. 14 Firewalls:
  • 15.  Logon and logoff information  System shutdown and restart information  File and folder access  Password changes  Object access  Policy changes 15 Auditing :
  • 16.  All the systems should be configured with proper firewall gateway.  Systems should strictly have licensed and only as per use Soft wares installed.  Every system should be allowed to login with complex passwords and authenticated users.  A password must be initially assigned to a user when enrolled on the system.  Users must remember their passwords.  Users must enter their passwords into the system at authentication time. 16 System Policies:
  • 17.  A user's password must be changed periodically  The system must maintain a "password database.“  All the systems must have user and administrator user roles defined.  Scheduled audits to ensure the IT security policies.  Administrator passwords should not be shared .  No spam and network violating activities within the organization. 17 IT Admin Policies :
  • 18. PRESENTED BY Senseware IT Admin Responsibilities: Managed IT. 18 Thank you for the time devoted.