Professional Documents
Culture Documents
Basic concepts
LIC-ISMS-CO 2
Information is a form of knowledge that we acquire through education, communication,
experience, day-to-day activities, research, analysis etc. It consists if data, facts and conclusions.
For computer professionals, information is any data, expressed in terms of sequence of ‘ones’ &
‘zeros’.
LIC-ISMS-CO 4
You are the first and last line of defence for LIC.
SECURITY
LIC-ISMS-CO 5
Information Security is defense of information and information assets – including
but not limited to, Information Technology.
LIC-ISMS-CO 6
Physical Guards
CCTV
Elements Restricted Zone
Downloading access
Access rights
System Anti-virus
Detection of malicious software
Elements Disablement of USB ports, CD drives
LIC-ISMS-CO 7
LIC-ISMS-CO 8
Cyber Attacks - 2019
LIC-ISMS-CO 9
It is impossible to obtain perfect security – it is a process;
Security should be considered balance between protection and availability;
To achieve balance, the level of security must allow reasonable access, to protect against
various threats;
7 IS to 5
Confidentiality Application
Integrity Technology
Availability Data
Effectiveness Facilities
Efficiency Resources/people
Reliability
Compliance
LIC-ISMS-CO 10
WHY CARE NOW ???
LIC-ISMS-CO 11
WHY CARE NOW ???
Keep Sensitive
Information Intact
& Valid
Keep the
information
available &
Accessible to
Authorized Users
Technology
17
Critical Characteristics/attributes of IS
Confidentiality Keep secrets secret from unauthorized persons;
Quality or state of preventing disclosure or exposure to unauthorized individuals or systems;
Integrity Being whole, complete, accurate. Not being corrupted, damaged, distracted.
Availability Authorized people who need this information should have access to the information, whenever they
want without any interference or obstruction, also need it in a correct format.
Accuracy Free from mistakes/errors and having the value that the end user expects;
Intentional or unintentional modification;
Stored for the correct values or right value and must be represented in a consistent and
unambiguous form;
Authenticity Quality or state of the information being genuine or not corrupted or fabricated or produced
from somewhere;
Quality of being genuine or has not been corrupted from the original after its creation;
Utility Used for some meaningful purpose, available in a format to be helpful to the end user
Possession Authorized person should handle or possess the data as per roles and responsibilities.
LIC-ISMS-CO 18
18
Information System (IS) Assets
LIC-ISMS-CO 19
19
Information & its existence in various forms
Information Transmitted through
Information on local hard drives and
on networks phone lines or the Internet
displayed on screen
LIC-ISMS-CO 20
20
Information
Security Policies
LIC-ISMS-CO 21
Access to network
Policy Hierarchy resource will be
granted through a
Policies unique user ID and
password
High level statements that provide guidance
Passwords
to all who must take present and future
must be at
decisions for security of the organization least 8
Standards characters
long
Requirement statements that provide
specific technical specifications
Procedures
Mandatory actions
Guidelines
Recommended actions Passwords should include one non-alpha
and not found in dictionary
LIC-IS-Central Office 22
Security policies help us to set standards and identify our roles, responsibilities and governance to
ensure Information Security.
Acceptable Usage Policy Data Life Cycle Protection Policy Operational Level Agreement (OLA)
Access Management Policy Data Migration Policy Policy
Antivirus Policy Data privacy policy Password Policy
Application Security Policy Data retention Policy Patch Management Policy
Asset Management Database Security Policy Personnel Security Policy
Asset/Media Disposal Policy Email / Collaboration Policy Physical & Environmental Security
Backup Policy Endpoint Security Policy Policy
Bring your own device (BYOD) policy Incident Management Policy Remote Access Policy
Business Continuity Management IS Audit Policy Service Level Agreement (SLA) Policy
Policy IT Outsourcing Policy Social Media Policy
Capacity Management IT Procurement Policy Supplier Security policy
Change Management Policy IT Risk Management Policy Technology Refresh Policy
Cloud Computing Security Policy ITDR Policy Third Party Security Policy
Configuration Management Policy Legal and Regulatory Compliance User Life Cycle Management Policy
Cryptographic Control Policy Policy Virtualization Security Policy
Cyber Forensics Policy Logging & Monitoring Policy Vulnerability Management Policy
Cyber Security Policy Mobile Security Policy Website Development and Security
Data Center Policy Network Security Policy policy
Operating System Security Policy
LIC-ISMS-CO 24
LIC-IS-Central Office 24
Minor changes to Information Security Procedures
>Section 5.1 Asset Inventory and Ownership: Asset categories have been updated to Documents, People,
Physical, Service and Software.
LIC - Asset >Section 5.2. Asset Register based on CIA Values:
Management - CIA (Confidentiality, Integrity and Availability) values for each asset was not identified before and has been
Procedure added based as per the ISO 27001 requirement.
- Asset value which is the product of C, I and A values was also added to identify the important assets for each
department.
>Section 5.5 Offsite Backup Security: It was earlier mentioned in the procedure that backup media can be
LIC - Backup
stored at the residence of branch manager which is highly risky as the backup media is not encrypted and can
Procedure
be lost/stolen or damaged in transit.
- It has been updated to: Backup should be stored in a fire-resistant cabinet.
> Section 5.2 Applications: Initially passwords for newly joined employees were communicated directly in
LIC - Password person which carries the risk of password leakage.
Procedure - It has been updated to: Default password should be communicated in a sealed envelope to the new/
transferred employee user.
LIC-ISMS-CO 25
LIC-IS-Central Office 25
Practicing Information Security Policies
Asset
Email Data Management & its Software
Security Protection and secure disposal Usage
Privacy
Incident
Social System Cyber Security
Management
Engineering Security Policy
LIC-ISMS-CO 26
LIC-IS-Central Office 26
LIC-ISMS-Central Office 27
LIC-ISMS-Central Office 28
Don’t
Ignore
LIC-ISMS-Central Office 29
Mobile Security
-Trend Micro Mobile
Security client on
mobile devices
connected to LIC
network
LIC-ISMS-Central Office 30
Physical Security
Always ensure
that:
1.Doors to be closed after
anybody enters the restricted
area
2.Racks should be locked
3.Only authorised access
4.Escorted access for
outsiders
5.Documentation
LIC-ISMS-CO 31
31
Password Security
LIC-ISMS-CO 32
LIC-ISMS-Central Office 32
Bad Practices of using passwords
LIC-ISMS-CO 33
LIC-ISMS-Central Office 33
Tips for creating a strong password
LIC-ISMS-CO 34
LIC-ISMS-Central Office 34
Using & Remembering a Strong password
LIC-ISMS-CO 35
LIC-ISMS-Central Office 35
Password Security
LIC-ISMS-CO 36
36
Internet Security
LIC-ISMS-CO 37
37
Email Security
LIC-ISMS-CO 39
Email Security
LIC-ISMS-CO 40
40
‘Data/Information is a valuable asset which is of great value to LIC and
needs to be suitably protected’.
Protected Information:
Protected/Physical/
Personal Health
Information
Personally
Identifiable
Information (PII)
Financial Data
LIC-ISMS-CO 43
LIC-ISMS-Central Office 43
Data Protection & Privacy – Tips to follow
LIC-ISMS-CO 44
44
Asset Management & its secure disposal
LIC-ISMS-CO 45
45
Software Usage– Tips to follow
LIC-ISMS-CO 46
46
Q1 2020 –Corona virus-Related Phishing Email Attacks Up 600%
LIC-ISMS-CO 47
Social Engineering
Social Engineering is the art of prying Obtaining sensitive
information out of someone else to information
obtain access or gain important details
about a particular system through the
use of deception.
Telephone equivalent of
GREATEST PHISHING ATTACKS phishing
Free Dunkin Donuts Phishing
Free Amazon Gift Card
Obtaining sensitive information
From fake IT return/refund, gift by sending emails
vouchers, Buy 1 get 1 free, Privacy
related notices to large-scale social
engineering attacks, cyber adversaries
utilize every opportunity to plant Targeting high-profile
malware to steal data or money. employees
LIC-ISMS-CO 48
Social Engineering attacks – Tips to follow
LIC-ISMS-CO 49
49
Incident Management
LIC-ISMS-CO 50
LIC-ISMS-Central Office 50
Incident management – Tips to Follow
LIC-ISMS-CO 52
52
System Security – Tips to Follow
LIC-ISMS-CO 53
LIC-ISMS-Central Office 53
Cyber Security Policy
Function Category
Asset Management
Business Environment
What processes and assets need
Identify Governance
protection? Risk Assessment
Risk Management Strategy
Access Control
Awareness and Training
Data Security
What safeguards are available? Protect Information Protection Processes & Procedures
Maintenance
Protective Technology
Anomalies and Events
What techniques can identify
Detect Security Continuous Monitoring
incidents? Detection Processes
Response Planning
Communications
What techniques can contain impacts
Respond Analysis
of incidents? Mitigation
Improvements
Recovery Planning
What techniques can restore
Recover Improvements
capabilities? LIC-ISMS-CO
Communications 54
LIC-ISMS-Central Office 54
1
LIC-ISMS-CO 55
1
LIC-ISMS-CO 56
THE SECURITY COMMANDMENTS – ‘Hygiene’
LIC-ISMS-CO 57
To know IS policies, Not to download
procedures, guidelines software on your
official computer
58 LIC-ISMS-CO
Information Security Portal :
http://10.240.9.237:8080
Contact Us:
Co_ziso@licindia.com
Co_isms@licindia.com
Contact Details : 67090375/67090384
VOIP : 90234/90227
59 LIC-ISMS-CO