Professional Documents
Culture Documents
Non -availability
Used for SVES 1. Regular update of
of Anti Virus Procedure for
applications like AV Mcafee patches
N&S on Software, Information system
DLP,Druva Backup, Ensure that the Domain Servers are HOD-N&S 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
behalf of Older version of Acquisition,developme automatically through A.12.2.1
2 Servers other than domain servers 18 Restricted N&S Windchill 4 3 3 4 up and running. Also ensure that no nt and maintanance the TechMahindra epo
Senior threats and vulnerabilities are exists Virus Anti Virus
application,Backup server
Management attack/Malfunctio software.
servers,Project specific 2
servers,ERP servers ning/Server not Through TechM Patch
accessible. Procedure for updates server
Microsoft patches Information system (SCCM) Patches are A.14.2.9
HOD-N&S 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
not updated Acquisition,developme updated in the A11.2.9
nt and maintanance servers controlled
centrally by TechM
1. No disruptions or
Hardware Power Procedure for fluctuations in the
Failure(System 2 Fluctuations Information system 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
HOD-N&S Acquisition,developme power supply A.11.1.4
damage)
N&S on nt and maintanance 2. AMC to Vendor.
behalf of Used for SVES CAE Ensure that Linux Servers are up
3 64 CPU LINUX SERVER's 2 Restricted N&S 4 3 3 4
Senior Business need and running.
Management Malfunctioning/ Procedure for
2 Poor cable Information system Structured Cabling 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
Server not HOD-N&S Acquisition,developme A.11.2.4
connectivity with multiple ports
accessible nt and maintanance
1. No disruptions or
fluctuations in the
Hardware Procedure for
Power power supply
Failure(System 2 Information system 11.05.15 2 12 Retain NA NA NA NA NA NA NA Accept No
Fluctuations HOD-N&S Acquisition,developme 2. AMC to Vendor. A.11.2.4
N&S on damage)
Used for SVES CAE nt and maintanance 3. Shifting the
behalf of 3 3 3 3 Ensure that Linux Servers are up services to standby
4 LINUX workstations 34 Restricted N&S Licenses and and running.
Senior server
applications.
Management
Malfunctioning/ Procedure for
Poor cable Information system Structured Cabling
Server not 2 HOD-N&S A.11.2.3 11.05.15 2 12 Retain NA NA NA NA NA NA NA Accept No
connectivity Acquisition,developme with multiple ports
accessible. nt and maintanance
1. No disruptions or
fluctuations in the
Power Procedure for
Hardware power supply
Fluctuations Information system
Failure(System 2 HOD-N&S 2. AMC to Vendor. A.11.2.4, A.12.3.1 11.05.15 2 12 Retain NA NA NA NA NA NA NA Accept No
Acquisition,developme
damage) nt and maintanance 3. Shifting the
services to standby
server
1. Regular update of
. Non -availability Procedure for AV Mcafee patches
Ensure that the workstations are up Information system
of Anti Virus HOD-N&S A.12.2.1 11.05.15 1 6 Retain NA NA NA NA NA NA NA Accept No
N&S on
and running. Also ensure that no Acquisition,developme automatically through
behalf of Operations / Used for SVES users for Software nt and maintanance the TechMahindra epo
5 All /Work stations 350 Restricted 3 3 3 3 threats and vulnerabilities are exists Virus
Senior CS Team various applilcations . server
attack/Malfunctio 2
Management Follow the process on vendor visits. Through TechM Patch
ning/Server not
Procedure for updates server
accessible
Microsoft patches Information system (SCCM) Patches are 11.05.15 1 6 Retain NA NA NA NA NA NA NA Accept No
HOD-N&S Acquisition,developme A.14.2.9
not updated updated in the
nt and maintanance servers controlled
centrally by TechM
1. No disruptions or
fluctuations in the
Power Information systems A.13.1.1
power supply
Hardware Failure 2 Fluctuations HOD-N&S Acquisition, A.11.2.3 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
Development & 2. AMC to Vendor. A 9.1.2
Server crash
Maintenance - N&S 3. Shifting the
services to standby
server
Ensure that the license Servers are 1. Regular update of AV
12 Access to License as per 4 up and running. Also ensure that no Mcafee patches
License Servers 32 Restricted Project team N&S 2 3 4 Non -availability of Physical and
project requirement threats and vulnerabilities are exists HOD-N&S 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
Anti Virus Software Environmental Security automatically through
the TechMahindra epo
1.Virus server A 11.2.2
attack/Malfunctioni 2
ng/Server not Through TechM Patch
accessible. updates server (SCCM)
Microsoft patches not HOD-N&S Physical and 11.05.15 2 16 Retain NA NA NA NA NA NA NA Accept No
updated Environmental Security Patches are updated in
the servers controlled
centrally by TechM A 11.2.4
CIA OF Asset Risk After applying controls
Asset Likelihood of Present Risk Value (Asset Risk owners'
Treatment Recommended Residual Risk owners'
Category Acceptable use of the Value = ISO 27001:2013 Controls occurrence Value = Max. of CIA) x Level Risk treatment approval for Likelihood of Management Input for
S.No Asset Name Quantity Asset Owner Custodian Opportunity Threat Level of Threats Vulnerabilities Risk Owners Procedures Existing Controls Plan (for additional Controls Risk approval for
of Asset Asset Max of control References effective Date (Level of of Threat X Level of method Risk Treatment Level of occurrence Decision BCP
C I A Risk Value > ISO 27001:2013 Ref Value Residual Risk
CIA vulnarability) Vulnarability Plan Threats (Level of
18)
vulnarability)
1. Warrenty with
supplier/ Regular
maintenance
2. Data is backed up
using Druva.
3. Access to CD/DVD
1.Mal-functioning is restricted through
N&S on 2. Data Loss. Procedure for group policies and
1.Hardware
13 Laptops 145 behalf of Used for SVES users for 3 2 2 3 Ensure that no data loss and theft, 3. Unauthorised 2 Information system System Hardening 11.05.15 1 6 Retain NA NA NA NA NA NA NA Accept No
Restricted N&S Also un authorised access Failure HOD-N&S Acquisition,developme A.11.2.4
Senior various applilcations . data access, 4. Access to
2. Laptop is lost nt and maintanance
Management unauthorised USB/Flash drives is
changes restricted through
group policies and
System Hardening
5. Data Encryption
software installed
1. Warrenty with
supplier/ Regular
maintenance
2. Data is backed up
using Druva.
1.Mal-functioning
3. Access to CD/DVD
N&S on 2. Data Loss. 1.Hardware Procedure for is restricted through
behalf of Used for SVES users for Ensure that no data loss and theft, 3. Unauthorised Failure Information system
14 Desktops 95 Restricted N&S 2 2 2 2 2 HOD-N&S group policies and A.11.2.4 11.05.15 2 8 Retain NA NA NA NA NA NA NA Accept No
Senior various applilcations . Also un authorised access data access, 2.Data Loss due Acquisition,developme
nt and maintanance System Hardening
Management unauthorised to HDD failure
4. Access to
changes
USB/Flash drives is
restricted through
group policies and
System Hardening
Non -availability of
Anti Virus Software, Information systems UPS, Admin password
Older version of Anti restriction, Anti virus policy
System Crash / 2 Acquisition,
Virus software , Power HOD-N&S in place A12.2.1 11.05.15 2 12 Retain NA NA NA NA NA NA NA Accept No
Virus attacks fluctuations, Development & Centralised patch update
Maintenance - N&S
unauthorized software Backup in place.
Refer to list of installations
N&S Team Ensure that the license Servers are
15 Licenses from Access to License as per 3 up and running. Also ensure that no
CAD/CAE License Files Restricted Project Team Commerical 2 3 3
Asset project requirement threats and vulnerabilities are exists
Team
Management
Non -availability of
Anti Virus Software, Information systems UPS, Admin password
Older version of Anti restriction, Anti virus policy
System Crash / 2 Acquisition,
Refer to list of Virus software , Power HOD-N&S Development & in place A12.2.1 11.05.15 2 12 Retain NA NA NA NA NA NA NA Accept No
N&S Team Ensure that the license Servers are Virus attacks fluctuations, Centralised patch update
16 License Files - other than CAD/CAE software products Licenses from Access to License as per
3 up and running. Also ensure that no Maintenance - N&S
Restricted Project Team Commerical 2 3 3 unauthorized software Backup in place.
like Microsoft and Adobe Asset project requirement threats and vulnerabilities are exists installations
Team
Management
Procedure for
Information system Regular maintanance A11.2.4 11.05.15 1 9 Retain NA NA NA NA NA NA NA Accept No
Unable to connect Cabling Failure HOD-N&S Acquisition,developme
N&S on by N&S
To TechM servers nt and maintanance
behalf of Used for SVES users for Ensure that the network is up and
17 Server room Cabling for network 2 Restricted N&S 2 3 3 3 for 3
Senior various connectivities. running
authentication, e- Procedure for
Management connectivity Information system Regular maintanance
mail HOD-N&S A11.2.4 11.05.15 1 9 Retain NA NA NA NA NA NA NA Accept No
Issues Acquisition,developme by N&S
nt and maintanance
Password policy, Backup
sharing of passwords A9.4.3 11.05.15 Retain NA NA NA NA NA NA NA Accept No
Access Control of PST data through 1 4
A.12.3.1
Druva backup
Access Control,
Lack of Physical HOD-N&S Physical and Asscoiates were oriented A.11.2.4 1-Apr-20 Retain Retain NA Approved NA NA NA Approved Accept
Protection on WFH Dos & DON'Ts 1 9
Environmental
Security
Possibility of theft
/ Hacking - In 3
RDP Mode