Learning from the Isecurity session during

the induction
 INTRODUCTION

• In today’s business Environment, Information is

considered wealth.
• Information can exist in multiple forms like hard copies,
emails, media, files etc. Thus, Protection and Security of
this information is now a priority for every organisation.
• INFORMATION SECURITY is the only way that helps you
control and secure information from unauthorised access
and alterations.
• So let us study about the Need for isecurity and the
respective Policies And Principles to protect data.
 TYPES OF ATTACKS
Man-in-the-Middle (MitM):
• Man-in-the-Middle (MitM) attacks happen when traffic between two
parties is observed or manipulated by an unknown third party. 
• A MitM attack is a cybercrime method used to steal personal
information.
• A Man-in-the-Browser attack happens when malware installs itself on
a victim’s browser in order to record information sent between
targeted websites and the user.
• Online banking institutions are prone to this form of cybercrime. 
 BRUTE FORCE ATTACK

• Guessing a Password
• Cyber attack
• Motives Behind Brute Force Attacks
 Social Engineering
•What is Social Engineering
obtaining confidential information by manipulation of
legitimate user

•Types of Social Engineering

•Phishing
•Smishing
•Vishing

•How to avoid?
 Eavesdropping attack

• Eavesdropping attacks occur through the interception of

network traffic. By eavesdropping, an attacker can obtain
passwords, credit card numbers and other confidential
information that a user might be sending over the network.
TYPES OF EAVESDROPPING
• Passive eavesdropping :
A hacker detects the information by listening to the message
transmission in the network.
• Active eavesdropping :
A hacker actively grabs the information by disguising himself as
friendly unit and by sending queries to transmitters. 
 Information Protection
 Information Classification

1. Restricted: Very High sensitivity information, authorized access only.

Eg. Business plan, strategy documents, financial results yet to be declared
etc
2. Confidential: Business information of operational nature, authorized access.
Eg. business proposals, contracts, source code etc.
3. Private and confidential: Private information related to an individual such as
employee, contractor, associate.
Eg. salary slip of an employee.
4. Internal use: Disclosure of information outside the organization is against the
policy but not seriously hampers the business.
Eg. TCS policy, procedure documents
5. Public: Business information approved to be public.Only authorized group in
TCS can use this classification.
Eg. Press release of info. and launch of TCS website etc.
 Password Management?
• Accountability of transactions
• Authentication
• First line of defense against unauthorized
access
• Follow password protocols while setting
password
• Different passwords for different account Password
• Modify on regular basis

=
• Use virtual keyboards whenever possible
• Enable two-factor authentication
• Avoid entering passwords on unknown
networks

Identity
 Internet & Email Usage Protection
Do's and Don'ts while accessing :
Internet
1. Downloading from internet
2. Connecting to a Network
3. Use of Messaging tools
Email
4. Accessing attachments/links in Email
5. Forwarding Emails
 Conclusion
● Should not be taken lightly

● Ensure safety of information

● Main safety issues

● Training for employees