Scribd Logo
Carica

Benvenuto in Scribd!

  • Model Information Office

    Caricato da

    Mahesh Patwardhan
    25 visualizzazioni10 pagine

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    25 visualizzazioni10 pagine

    Model Information Office

    Caricato da

    Mahesh Patwardhan

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 10

    Compliance & Control, Systems & Partner Relationship

    Management

    Mahesh Patwardhan
    maheshpatwardhan@rediffmail.com
    Information
    Office

    Office of Technology
    Compliance Systems Partner
    and Control Relations

    Partner
    Change Policy Ops and Contract
    Information Access Build and Relationship
    Managemen Managemen Maintenanc Managemen
    Security Control Deploy Managemen
    t t e t
    t
    Compliance and Control: Information Security

     Information Security Office

     Chief Information Security Officer


     Implement the Information Security Policy
     Implement the Access Control Policy
     Implement the Backup/Restoration Policy
     Conduct Information Security Office Meetings
     All meetings to be recorded (MOM)

     Conduct Reviews
     Security, Access Control, AUP, B&R, DR Policy
     Record all Policy Reviews (MOM)
     Policies to be updated and approved
     Updates to policies to be logged
    Compliance and Control: Information Security

     Communication:
     Information Security Policy and Access Control Policy updates to all
    employees periodically.
     HR Training calendar for Security and Appropriate Usage sessions.
     Conduct Security Awareness and Appropriate Sessions for new
    joinees.

     Monitoring
     Review of System Exception Logs, Unauthorized Logins,
    Authorized Users lists
     All Reviews to be logged and the review reports with findings
    signed off on.
     Action taken report to be reviewed and signed off-on.
    Compliance and Control: Information Security

     Define
     Data Backup/Restoration Process
     Recovery Testing Process
     Data securing process (tape-to-bank)

     Review
     Data Backup/Restoration Process
     Recovery Testing Process
     Data securing process (tape-to-bank)
     Backup/Restoration/Recovery Testing Log Sheet
     Monthly Tape-To-Bank Log Sheet
     All reviews to be recorded (MOM)
    Access Control
    Creation/Deletion of User IDs /privilege grants process

    Request for user id Request for user id Authorized


    creation / deletion creation / deletion Request (email
    authorized by and hardcopy)
    raised by business
    business unit Head approved by
    unit mgr. Head - IO

    Request from HR
    for domain/email ID Hardcopy of
    Authorized Confirmation
    Request sent for granting
    Filed by Mgr – IS &
    App and Server
    requested
    Request for temporary Access Auth Matrix Privileges/access
    unprivileged access Updated
    To server raised by
    user

    Email/Domain Application User


    Request for privileged Login Login
    Access on server raised
    Request
    Created/Removed Created/Removed
    By NOC/Engineering Authorized By Manager - IT by Manager: IS
    team By CTO
    Access Control
    Authorizations Filing
    Authorization
    Filing
    Manager
    Process & Control

    Email / Domain Privileged Access


    Application Users Temporary Access
    Users Users
    Authorizations Authorizations
    Authorizations Authorizations

    Signed Signed Signed Signed


    Authorization Authorization Authorization Authorization
    Form Form Form Form

    User Creation / User Creation /


    Removal Removal
    Log Log

    Application
    Email / Domain
    Authorization
    Users List
    Matrix
    Office of Compliance and Control:
    Change Management

     Periodic Review of
     Change Management Process.
     Change Requests submitted.
     Change Request Approvals
     Pending deployments

     Review Meetings minutes to be recorded and the findings of the review


    documented

     Review Report with recommendations for re-mediation submitted,


    report approved.

     Approved recommendations carried out.

     Review of re-mediation carried out, approved and signed-off on.


    Office of Compliance and Control:
    Policy Management

     Information Steering Committee (ISC)


     Policy Reviews and Updates
     Schedule for ISC and Policy Reviews
     Conduct Reviews, report submission.
     Report Approvals, Policy updated and approved.
    Information Office Hierarchy
    Head – Information
    Office

    Chief
    Information Security Information Director
    Officer Office Information Systems

    Sr. Mgr Office of Sr. Mgr Sr. Mgr Technology


    Compliance & Info. Systems Vendor Partner
    Control
    Compliance Relations
    Systems Relations
    & (Engineering
    Control Office)

    Information Partner
    Access Change Policy Build and Ops & Contract
    Security Relationship
    Control Control Management Deploy Maintenance Management
    Management

    Potrebbero piacerti anche