information awareness program
Post on 30-Jun-2015
84 Views
Preview:
DESCRIPTION
TRANSCRIPT
Approach to Information Security
Rahul Khattar
Setting the Agenda
• Making Information available to all users, is essential for the enterprise to conduct its business
• Leakage of such information may impact the organization adversely
Five step approach to make information available and secure
Information Location Classification Protection Audit Training
Approach to Information Security
Where does Information Reside?On File-Servers (FTP)Within DMSEmailsBackup TapesExtracts from BI toolsPrinter hard disk
This Information is shared withEmployees/ Vendors/ Partners/ Consultants/ Contractors/ Auditors
Removable media
Content Management
Shared folders
Desktops
Mobile devices
Backup
Laptops
Approach to Information Security
Information Location Classification Protection Audit Training
Recognize where information exists
ClassificationWhat is Information Classification?
It is the science to describe principles that need to be followed to protect information
It guides you on how and to whom you can distribute information with a particular classification
Why Classify?
Classification of information is essential for every business because without classification everyone treats the same piece of information differently, which could have major consequences
Approach to Information Security
Information Location Classification Protection Audit Training
Classified data helps to better define and implement protection policies
ProtectionWhat is Protection?Ensure that only legit users have access to the dataControl data with internal/external usersDefine and apply policies based on Classification
Why Protect?Protection enables the enterprises to manage the usage and consumption of its valuable data
Approach to Information Security
Information Location Classification Protection Audit Training
AuditAuditing Information UsageTrack all end user actions on protected information Generate and analyze reportsKeep a close eye on all your data that resides within or outside the organization
Why Audit Information Usage?To understand the Information consumption patternTo showcase the shortcomings of existing policiesTo fine tune “Control-Policies” for your confidential data
Approach to Information Security
Information Location Classification Protection Audit Training
End User Training
Why Train Staff?Helps enterprise define better control-policies on dataMinimize accidental misuse of informationEnsure technology platform is well accepted
Information Location Classification Protection Audit Training
What is TrainingEducate employees on Information UsageEnsure participation, role play for usersUsing email, standees, flyers, KM portalas a medium of knowledge transfer
Approach to Information Security
Training ensures User participation and acceptance
Data Flow Analysis is an activity to understand what is valuable information and which department holds it
It also helps in tracking the information and the consumption pattern & risk
Importance of DFA in building better policies
DFA maps the information flow for a particular business process
DFA clearly points out the security issues attached with a piece of information at different stages of its lifecycle
Approach to Information Security
DFA sharpens classification and protection policies on information
9
More Info?
www.seclore.com+91-22-6130-4200
top related