Professional Documents
Culture Documents
Awareness
Information is not
Safeguarding the Asset being accessible
made available to
accuracy and and usable upon
unauthorized
completeness of demand by
individuals, entities or
assets authorized entity
processes;
Policies
Process
Security
Awareness
Information Procedures
and
People
Workshops Security Guidelines
PSPCL Executive
Management DGM-
Information Security Council (ISC) IT(SD&I), SE-IT (A&PM)
Sr.XEN/(ISM)
Reality ??
Secret
Highly Confidential
Confidential
Internal
Public
Information Asset Classification Baseline
Public
Non-Sensitive Information Available for external release..
Examples include periodicals, bulletins, financial statements, press releases, etc.
Internal
Information that is generally available to employees and approved non-employees such as contractors,
trainees. Examples include Staff memos, news letters, staff awareness program documentation or
bulletins, etc.
Confidential
Information that is less sensitive & related to business, is intended for use by employees, its other
business units, approved non-employees such as contractors, trainees and customer and can be printed in
hard copy format. Examples include departmental memos, work programs, schedules, plans, etc.
Highly Confidential
Information that is sensitive & related to project & personnel, is intended for use by employees, customer
and approved non-employees such as contractors, trainees can be printed in hard copy format only with the
approval of HODs. Examples include personal information, business plans, unpublished financial statements,
etc.
Secret
Information that is highly sensitive within and outside organization, Shall be applied to the documented information
Leakage of which can cause damage to National Security. Examples include Design documents , drawings,
contracts etc.
Password Security
Do’s Don'ts
• Keep your passwords secret • Don’t use passwords which are
• As per policy, password should be based on your personal info or
min 8 characters with alphabets, words found in dictionary
numbers, and special characters • Don’t write down or store
(#, @, *, $, &, %,) passwords
• Use passwords that are easy to • Don’t share your passwords with
remember but difficult to guess anyone
• Change passwords every 90 days • Don’t reveal passwords in email,
to avoid password expiry chat or other communication
How long it takes to crack a Password ?
Length Lowercase +Uppercase +No. & Symbols
6 Characters 10 Mins 10 hrs 18 days
7 Characters 4 hrs 23 days 4 years
8 Characters 4 days 3 years 463 years
9 Characters 4 months 178 years 44,530 years
Malware Protection
In case the antivirus is not present or not functional, report it immediately to IT service desk
Scan all files coming from external sources (such as email, internet, USB).
Do not open or download any executable files (.exe) from email attachment
Spam
Don't forward an email from someone you don't know to a list of people.
Email Security
Do’s Don'ts
• Use Email only for business • Transmitting offensive material like
political opinion, pornography and
purposes sexual harassment material;
• Use only official email ids for official • “Spamming” unsolicited messages,
purposes promotions, sending or forwarding
chain letters;
• Retain important emails for
• Creating, sending, receiving or
evidence/record purposes storing materials that infringe the
copyright or other intellectual
property right of any third parties;
Clear Desk & Clear Screen
Do’s Don'ts
• Lock your desktop while leaving • Don’t forget to collect your printouts
work place from printer
• Ensure your desk is clear and no • Don’t forget to clear white board
sensitive information lies around while leaving meeting rooms
• Be aware of shoulder surfers in • Don’t use / install any unauthorized
office or in public places software
• Be cautious while handling
sensitive information
• Shred unwanted documents
Mobile Usage – Best Practices
Take the time to learn and use the security settings on your mobile devices.
Use a strong password. Create passwords that are tough for hackers to
crack, but easy for you to remember
Social Media Usage – Best Practices
Take the time to learn and use the security settings on your
mobile devices.
Be aware that individuals online may not be who they claim to be.
A Security Incident means a real or potential security event which causes harmful
impact to business operations or users.
Do’s Don'ts
• Report security incidents on the • Don’t discuss security incidents
Security incident portal with anyone outside PSPCL
• Contact: IT department for all IT • Don’t attempt to prevent anyone
related security incidents from reporting the incident
• Contact the Security team for all • Never talk to media person unless
Physical Security related security authorized
incidents
Key Points for Take Away
• Safeguard company data – protect confidential files under lock & key
• Password Sharing
• SAP ID sharing
• Cabling hygiene