1 / 11

Information (Data) Security & Risk Mitigation

Information (Data) Security & Risk Mitigation. IT Act 2000 Amendment (Sec 43 A). Corporate Bodies like Banks handling sensitive personal data to implement and practice reasonable security practices and procedures. Damages by way of compensation to person affected without any upper limit.

angelina
Download Presentation

Information (Data) Security & Risk Mitigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information (Data) Security & Risk Mitigation

  2. IT Act 2000 Amendment (Sec 43 A) • Corporate Bodies like Banks handling sensitive personal data to implement and practice reasonable security practices and procedures. • Damages by way of compensation to person affected without any upper limit.

  3. Information Security- Myths Our existing Security controls are adequate to prevent any information loss • Passwords are enough • to secure our • business Information Security is responsibility of IT… Data backups are enough Why plan for BCP ?

  4. Information Security- Reality • Critical data is accessible to others because I have left my PC/terminal unattended • Worm infecting my machine can bring down the entire network • My account is used to commit fraud because my password is weak /shared

  5. Why Information Security? Confidentiality, Integrity, Availability People are the weakest link in Information Security To know Security Responsibilities To know Information Security Risks associated with their job responsibilities Adherence to the Organizational security policies

  6. Information Security Risks Online Frauds Hacking Attacks Phishing / Vishing Attacks Spam Data Theft Insecure Business Applications Malware / Spyware Virus / Worm / Trojan Attacks Denial of Service (DOS) Attacks Lack of User Awareness

  7. Risk Mitigation Measures • Infrastructure Set up • DR Site • DR Drills • Updated BCP • Critical Applications • High Availability Clusters/Multiple Servers • Application Security Testing • Parameter Fine Tuning • Hardened Operating Systems • Strong Physical Security/Surveillance Camera/Biometric Access

  8. Risk Mitigation Measures • Delivery Channels • Secured Indirect Access to CBS • Independent Systems • Encrypted Data Exchange across systems • Multiple Authentication • Outsourced Services • Drafting and Monitoring of SLAs • Non Disclosure Clauses • Review and Monitoring of Reports and Outputs • Third Party Employee Background Checks

  9. Risk Mitigation Measures • Users • Need to know basis • Periodic Review of Access rights • Strong Authentications • Awareness Training • Networks • Intrusion Detection/Prevention Systems • Internal and External Firewalls • Periodic Penetration Testing • 24x7 Cyber Policing/Monitoring Attacks • Virus/Worm/Malware/Spyware Protection • Regular Security Updates – IPS/IDS, Anti-Virus

  10. Information Security Practices Information Security Management System Information Security Policy & Procedures Continuous Risk Assessment Information Security Incident Management Business Continuity/Disaster Recovery Plans Information Systems Audit Network Security Audit Application Security Testing Vulnerability Assessment/Penetration Testing Security Operations Centre (SOC)/Cyber Policing Control Room Awareness Trainings

  11. Thank You

More Related