Awareness

10/15/2019 1
What is Information Security?
 Ensuring
 Confidentiality Confidentiality

 Integrity
 Availability
 Of Information

Integrity Availability

10/15/2019 2
Information Classification
 Confidential (top confidentiality level)
 Restricted (medium confidentiality level)
 Internal use (lowest level of confidentiality)
 Public (everyone can see the information)
 Private/Personal (can be viewed by individual or the
authorised body)

10/15/2019 3
Why is Information Security
Required
 Information is an asset that has a value.
 Information needs protection from unauthorized
access, modification, deletion etc.
 Some information has legal protection requirements-
failure to comply has legal implications

10/15/2019 4
Motives behind information
security attacks
 Disrupting business continuity
 Performing information theft
 Manipulating data
 Disrupting critical infrastructures
 Bringing financial loss to the target
 Propagating religious or political beliefs
 Achieving state's military objectives
 Damaging reputation of the target
 Taking revenge
 Demanding ransom
 Sale of information

10/15/2019 5
Sources of Information
 Financial- eg. turnover, profit
 Employees- eg. attendance, salary, performance ...
 Customers- eg. name, address, contracts details ...
 Consumers- eg. name, address, use behaviour ...
 Suppliers- eg. name, purchase orders ...
 Regulatory- eg. notices, letters ...
 Society- eg. complaints...

10/15/2019 6
Safe Practices
 Paper based files
 Do not leave open
 Keep under lock and key
 Protect from damage
 Destroy (shred) unwanted
files
 Do not take unnecessary
photocopies

10/15/2019 7
Safe Practices
 Information
 “Need to know”
 Restrict

10/15/2019 8
Safe Practices
 Phone
 Verify caller identity
 Do not share confidential
information on phone
 Keep phone locked
 Keep track of use

10/15/2019 9
Safe Practices
 Smart Phone
 Keep locked
 Verify apps before use
 Minimize data storage
 Do not store sensitive
data
 Delete data if not used
 Use antivirus

10/15/2019 10
Safe Practices
 Email
 Do not respond to unknown
emails- Verify sender
 Do not click on attachments
from unknown emails
 Do not click on links in the
emails
 Scan attachments
 Classify the email
 Check the “send to” before
sending
 Use disclosure statements

10/15/2019 11
Safe Practices
 Internet Browsing
 Do not browse unsafe
sites
 Use firewall
 Do not download un
licensed software,
movies etc

10/15/2019 12
Safe Practices
 Wi-Fi
 While setting up Wi-Fi,
change username and
password
 Do not use if not
protected by password
 Avoid Wi-Fi at public
places

10/15/2019 13
Safe Practices
 Personal Computer
 Keep the screen
(desktop) clear
 Save files in folders
 Take regular back ups
 Lock the screen before
moving from the PC
 Delete files not required
 Encrypt files if possible

10/15/2019 14
Safe Practices
 Password
 Keep at least 8 characters
 Use alphabets, numeric and
special characters
 Mix capital and small case
letters
 Do not use birthday, names
of pets, persons etc as
password
 Change frequently
 Do not write down
password
 Have different password

10/15/2019 15
Safe Practices
 Removable media –
USB, Hard Disk etc
 Keep encrypted
 Scan before using
 Protect while handling

10/15/2019 16
Few types of Attack
 Data Leaks
 Ransomware
 Phone Locking
 Vishing
 Malware– virus, worm, trojans, adware, key logger
 USB Key Drop
 Social Engineering
 Brute force attack

10/15/2019 17
Few types of Attack
 Dumpster Diving
 Chain Letter
 CEO Scam
 Tailgating
 Phishing/Spear Phishing
 Shoulder Surfing
 Man-In-the-Middle attack
 Denial of service
 Dictionary attack
10/15/2019 18
What to do?
 Caution, Prevention, If in doubt ask
 If password has been leaked- change all passwords
 Report immediately any disclosure of data
 Supervisors/managers
 Bank helpline
 Police

10/15/2019 19
Personal Data
 “Personal data” means data about or relating to a
natural person who is directly or indirectly
identifiable, having regard to any characteristic, trait,
attribute or any other feature of the identity of such
natural person, or any combination of such features, or
any combination of such features with any other
information;

10/15/2019 20
Sensitive Personal Data
 passwords;  biometric data;
 financial data;  genetic data;
 health data;  transgender status;
 official identifier;  intersex status;
 sex life;  caste or tribe
 sexual orientation;  medical data

10/15/2019 21
Few websites for reference
 https://www.cert-in.org.in/ Cert-in is the national
nodal agency for responding to cyber security
incidents in India
 https://infosecawareness.in/home/index.php an
informative website under MeitY Government of India

10/15/2019 22
ISMS ISO 27001:2013
 ISO 27001:2013 is a management system to manage
information security.
 Having a ISMS ISO 27001:2013 shows that the
organisation is committed to information security.
 It has a system to protect information security.

10/15/2019 23
Questions?

10/15/2019 24