INFORMATION SECURITY

Members:
 Faisal Saleem
 Muhammad Zeeshan
 Rizwan Azmat
 Uzair Mamo

Human Resources Security:

HR security safeguards confidential employee data via strict
access controls and protocols to prevent unauthorized access,
ensuring compliance and confidentiality within an organization.
Data Protection

It involves safeguarding sensitive information related to

employees, such as personal details, salary, performance reviews,
and health records. This protection can include encryption, secure
databases, and restricted access.

Access Control:

Setting up systems and protocols to control who can access what

information. This includes user permissions, passwords, and multi-
factor authentication to prevent unauthorized access.
Employee Training:

Educating staff about the importance of HR security, teaching

them how to handle data securely, recognizing phishing attempts,
and understanding their role in maintaining a secure workplace.

2 SECURITY AWARENESS
Security aware means that you understand that there is the
potential for some people to deliberately or accidentally steal,
damage, or misuse the data that is stored within a company’s
computer system and throughout its organization.

Education and Training:

Providing information and training to employees about potential

security risks, including phishing, malware, social engineering,
and other cyber threats. This involves teaching them to recognize
warning signs and how to respond appropriately.

3 EMPLOYMENT PRATICES AND POLICIES

Employment practices and policies encompass the guidelines,
rules, and procedures that govern how employees are hired,
managed, evaluated, and treated within a company. These
policies cover areas such as recruitment, working hours,
compensation, benefits, performance reviews, promotions,
disciplinary actions, and termination procedures.

4 EMAIL AND INTERNET POLICIES

An acceptable use policy is a written document that sets out
practices and restrictions regarding the use of company
technology. It describes what employees can and can't do when
using corporate computers, networks, websites or systems.
Some issues:

 wasting time surfing the internet

 sending personal emails
 clogging up the system with large attachments
 exposing your IT systems to cyber threats, eg viruses, phishing
emails, etc
 sharing sensitive business information externally without
authorisation
 breaching data privacy laws and regulations

5 COMPUTER SECURITY INCIDENT

RESPONSE TEAMS

The Computer Security Incident Response Team (CSIRT) is a

team charged with incident response, handling all security
incidents affecting an organization in a timely and effective
manner. They are responsible for protecting the confidentiality,
integrity and availability (CIA) of business assets, mainly
computer systems and networks, as well as the organization’s
valuable data.

How Does a CSIRT Work?

At the heart of the CSIRT is incident management. The key to effective
incident management is to respond quickly to incidents, with the goal of
minimizing damage caused by attackers, eradicating the threat, and
rapidly restoring operational systems.

Types of CSIRT
Distributed CSIRT
A distributed CSIRT unit consists of several independent teams
collaborating and sharing incident response responsibilities. It is
typically managed by a coordinating team that distributes
responsibilities and resources according to the unique needs of
each project.

Coordinating CSIRT
A coordinating CSIRT manages other, typically subordinate
CSIRT units, coordinating incident response activities, workflows,
and information flow among distributed teams. Typically, a
coordinating CSIRT does not provide independent incident
response services. Rather, it ensures resources and activities are
effectively distributed between disparate teams.

Hybrid CSIRT
A hybrid CSIRT consists of a centralized full-time unit and
distributed units employing subject matter experts (SMEs).
Typically, SMEs participate in incident response activities ad-
hoc—as needed during specific events. This model employs a
central CSIRT unit to detect a potential event and analyze it to
determine the appropriate response. Next, the relevant distributed
CSIRT experts are asked to assist in incident response activities.

CSIRT/SOC Hybrid
A CSIRT/SOC Hybrid model puts the security operations center
(SOC) responsible for receiving all security alerts, reports, and
alarms that indicate potential incidents. The CSIRT is activated
only if the SOC requires help with additional analysis.

THANK YOU