[Document Title]

NOTICE

 
The information contained in this document is not to be used for any purpose other than the purposes for which this document is furnished by Genpact, nor
is this document (in whole or in part) to be reproduced or furnished to third parties or made public without the prior express written permission of Genpact.

Version Control
Version No. Date Type of Changes Owner/Author Date of review / expiry
 2

Genpact Confidential
Information Security awareness training

Discussion with ABC

Date: July , 2009
 What is Security Awareness 4

•Security awareness is knowledge of knowing potential threats. security issues and

incidents that of our organization may face in the day-to-day routine functions.

•Technology alone cannot provide adequate information security. People, awareness

and personal responsibility are critical to the success of any information security
program

© 2009 Copyright Genpact. All Rights Reserved.

Top Security mistakes / voilations

• Passwords pasted on notes or cubicles

• Leaving your computer on, unattended
• Opening e-mail attachments from strangers
• Poor password Settings
• Laptops unattended
• Social Engineering
• Plug and play without protection
• Not reporting security violations
• Not knowing internal threats
Scenarios of Security Breach

• If an unauthorized user obtains your username and password, he/she can wreak havoc on
our system
• Denial of Service Situations
• Virus, worm, and Trojans could spread like wildfire across the networks, infecting large
numbers of PC’s

• As a employee, it is YOUR responsibility to actively insure the protection and proper use
of our information and technology assets.
• Each one of you plays a crucial role in security. Remember, it only takes one weak link to
break the chain
Your Role in protecting the Information Security

• System Owner responsible for operation and maintenance of the IT System

• Ensure that all employees are aware of and comply with the policies
• Ensure that all employees are required to undergo security trainings
• Maintain compliance with requirements specified by Data Owners, for handling of the
system data
•
Data Owner

• Data Owner –responsible for the policy and practice decisions regarding data

• Ensure that all data entered in the information system is valid and complies with data
standards
• Ensure that data classification is in place
• Ensure that all the users are aware of the data security guidelines in the organization
System Administrator

• System Administrator – engineer who implements, manages, and/or operates a

system at the direction of the System Owner and Data Owner

• Ensure that day to day operations are being carried out

• Ensure that all appropriate personnel are aware of and comply with all policies regarding
the information system
• Create appropriate system performance standards and controls
• Comply with standards of the CIA Triad of Data Protection, Integrity, Availability and
Confidentiality

• Establish preventative maintenance programs to maintain optimum performance and

reliability of the systems
• Establish and comply with Business Continuity and Disaster Recovery Policies
Custodian

• IT Custodians All users of IT systems, including employees and contractors

• Read and comply with all IT security program requirements defined in the organization
policies
• Report breaches of IT security, actual or suspected to the respective members
• Take reasonable steps to protect the security of IT systems and data to which they have
access
• Ensure that everyone has completed security awareness trainings

As you can see, everyone has a clearly defined and important role in security. We all have to
do our part. Know the policies! Know the standards! Know the risk!

We need to be successful in protecting our data 100% of the time. The hacker only needs to
succeed once!
Steps for securing the Infrastructure Assets

• Password construction and Management

• When selecting a password, you may naturally want to choose something easy to
remember. But, if it is easy for you, it may be easy for some one else to crack!
• A password should not be:
• Your name or any family members name, to include pets!
• Your street name, car type, favorite singer, etc.
• Any easily guessed or recognized name or word
• Your previous password with a sequentially increased number at the end.
• A password should be:
• A mixture of letters (both upper and lower case) and numbers and/or special
characters
• At least eight characters long, preferably longer
• – for example iH8TDieTs is a very good password. It has capitals, lower case, and
numbers. AND…. It isn’t too tough to remember. Just say: I hate diets.
• A password should never be:
• …Taped to a monitor or keyboard or desk or desk accessory or any where visible
• …Shared with ANY ONE
• Enforce “need-to-know”
• Authenticate confidential access
• Encrypt vulnerable data
Email Usage

• Email Usage

• Email is the fastest, most-effective method of spreading malicious code to the largest
number of users. It is also a large source of wasted technology resources.
• Examples of Waste:
• Electronic Greeting Cards
• Chain Letters
• Jokes and graphics
• Spam and junk email
• Ensure that only legitimate emails are only read and opened
• Never open any unsolicited or suspicious mails
• Ensure that only attachments are opened only from the known or reliable sources
• Ensure that all mails and attachments from unknown sources are quarantined or scanned
before reading them
• Never open any chain mails or spam mails and if found route them to the security team
Licensing

• Software Licensing

• Ensure that only approved software is loaded on the systems

• Ensure that only authorized software is loaded on the systems
• Ensure that unauthorized and unapproved software is not loaded on the systems
• Ensure that Software Loading rights are only restricted to selective people like
Administrators
• Monitor all the Software's loaded on the systems and if any unauthorized software is
detected then it needs to be removed and user needs to be informed regarding the threats
• Unless otherwise noted, software purchased for official purpose , cannot be copied,
shared, or installed on any other PC and used for personal purposes.
Backups

• Backup of System

• Backup of data needs to be carried out on a periodic basis

• Sore the copy of backup data in fire proof safe
• Ensure a copy of the backup data is sent to offsite location
• Ensure that backup data is tested prior to sending offsite to test the reliability

• Your PC, Your Data, Your Responsibility. If you don’t back it up, It’s your problem!

• If you don’t back it up, IT team can’t restore it!

Physical Security

• Physical Security

• Secure any software installation CD’s.

• Secure your backup tapes.
• Log off or lock your PC when unattended.
• Shutdown your PC when you leave for the day…EVERYDAY!
• Ensure everyone is aware of the access control policy.
• Secure your Password!!!!
• Ensure that all the systems are enabled with screen savers
• Ensure that all the visitors are escorted into the premises
• Ensure that separate Badges are implemented for employees, contractors and visitors
• Ensure that CCTV coverage is present for critical areas
• Ensure that physical access reviews are being carried out on periodic basis
• Ensure that User access is revoked or disabled on the last working day for the resigned
employees
• Ensure that Idle user accounts are disabled and enabled only after proper approvals
Shared File Storage

• Shared File Storage

• Common file storage can be provided on network storage devices so that users
can access the relevant data based on their permissions
• These devices must be protected and used prudently
• Only business or official data needs to be stored on the shared file storage
• Personal and un authorized data should not be stored in eh shared file storage
location
• Periodically shared file storage access reviews needs to be performed
• All the un approved data present if any should be deleted and employees needs
to be trained regarding the perils of storing the same
• Thank You
 CONTACT INFORMATION
IT Team
EMAIL of IT Team
telephone number

www.genpact.com
© 2009 Copyright Genpact. All trademarks appearing herein belong to their respective owners.