information security and iso 27001 awareness
TRANSCRIPT
-
7/31/2019 Information Security and ISO 27001 Awareness
1/14
Information Security and ISO 27001 Awareness
-
7/31/2019 Information Security and ISO 27001 Awareness
2/14
Firstsource 2007 | confidential | June 24, 2012 | 2
Objective
What is ISO 27001?
Information Security
Data Classification
Physical Security
Clear Desk & Clear Screen Policy
Data Security
Acceptable use of email, internet resources
Incident Reporting
-
7/31/2019 Information Security and ISO 27001 Awareness
3/14
Firstsource 2007 | confidential | June 24, 2012 | 3
What is ISO 27001?
Controls-based policy
An Information standard
CertifiableInternationally recognizedRisk-management based
A comprehensive set of controls comprising bestpractices in information security.
Encompasses all types of information
Whatever form the information may take, or means
by which it is shared or stored, it should always beappropriately protected (ISO17799:2000)
Clauses 8, Control Groups 11, Controls -134
-
7/31/2019 Information Security and ISO 27001 Awareness
4/14
Firstsource 2007 | confidential | June 24, 2012 | 4
Information Security
Confidentiality
Protecting sensitiveinformation from
unauthorized disclosureor interception.
Integrity
Safeguarding theaccuracy and
completeness ofinformation
Availability
Ensuring that informationand vital services are
available to users whenrequired.
InformationSecurity
Information is an asset to all individuals and businesses. Information Security refers to the protection of theseassets in order to achieve:
i) Confidential ii) Integrity iii) Availability
-
7/31/2019 Information Security and ISO 27001 Awareness
5/14
Firstsource 2007 | confidential | June 24, 2012 | 5
Data Classification
Secret Contains highly sensitive, strategic Firstsource information that is material, non-public.
Examples Financial forecasting and planning information
Earnings estimates
Major litigation information
Information on acquisition or merger plans
Highly Confidential Contains personal data regarding Firstsource personnel or sensitive information about project/client data.
Examples Benefits, employee earnings, payroll data
Performance feedback forms
Social security numbers, home addresses and telephone numbers
Health information
Client lists and contact information
Preferences, opinions and intentions regarding any individual
Client billing information
Clients architecture diagrams
Business development tracking information
-
7/31/2019 Information Security and ISO 27001 Awareness
6/14
Firstsource 2007 | confidential | June 24, 2012 | 6
Data Classification
Confidential Contains Firstsource, client and some personal data which is marked confidential, known to beconfidential or is not generally available to the public.
Examples
Employee phone or voice mail directory Organization charts
Market offering information
Asset-based solutions
Internal meeting presentation materials
Project deliverables
Unrestricted Contains any data that is available to the public.
Examples Company advertising literature once it has been used
Data contained on http://www.Firstsource.com/
http://www.firstsource.com/http://www.firstsource.com/ -
7/31/2019 Information Security and ISO 27001 Awareness
7/14Firstsource 2007 | confidential | June 24, 2012 | 7
Physical Security
Physical controlsPhysical controls Physical controls
Display your badge atall times within
Firstsource India BPOpremises.
Do not be chivalrousand open doors forothers. It is mandatoryfor everyone to flash
their access cardswhenever you enter orleave a floor.
Disable access cards ofresigned employeesimmediately.
Display the danglers inyour cars for identifying
as Firstsource India BPOemployees Do Not recordinformation using state-of-the-art mobile phonesor other recordingequipment
Do not use personalcomputing device orequipment e.g. laptops,USB drives, CDs etc
Escort visitors at alltimes They do notbelong to FirstsourceIndia BPO and noinformation is Publichere
Report loss of accesscards immediately thiswill prevent unauthorized
access using your card. Handle ex-employees asvisitors
Ensure that all visitorssign-in their details at theentrance
-
7/31/2019 Information Security and ISO 27001 Awareness
8/14Firstsource 2007 | confidential | June 24, 2012 | 8
Clear Desk &Clear Screen Policy
Dos Pick up confidential and proprietary items quickly off the printer
Shred any unwanted or old documents
Clear out voicemail before you leave for the day
Lock confidential and proprietary documents and computer media in drawers or filing cabinets
Physically secure laptops with company approved cable locks
Any documents marked Secret/Highly Confidential/Confidential should not be left on the desk unattended
Log out of Windows or invoke the password protected screen-saver by pressing Ctrl-Alt-Del on the Keyboard, and selecting Lock Workstation
prior to leaving the computer
Include disclaimers while sending confidential fax messages.
Exchange information with other Firstsource entities or third party organizations through approved courier agencies.
Verify your recipients identity before discussing confidential information over the phone.
-
7/31/2019 Information Security and ISO 27001 Awareness
9/14Firstsource 2007 | confidential | June 24, 2012 | 9
Donts
Clear Desk &Clear Screen Policy
Pin-up any confidential information or client data in the workspace
Write or make notes on any piece of paper, which you might loose
Remove any Firstsource confidential Information Pin-up from the workspaces
Save client related documents on PC hard disks
Access Confidential information without business need
Change Screen Saver Settings
-
7/31/2019 Information Security and ISO 27001 Awareness
10/14Firstsource 2007 | confidential | June 24, 2012 | 10
Data Security
All Documents should be labeled.
Clear boards and charts after any meeting.
Ensure all confidential, high confidential documents are shredded immediately after use.
Any loose paper left unattended on desk will be shredded without any warning.
User should ensure they have unique and identifiable ID and passwords for all applications they might use for their official work
Should promptly follow the password policies of Firstsource and where applicable those of client
In case of Login trouble to any application, user should always contact Helpdesk. Should not share others ID / Passwords
User is accountable to all activities done on Firstsource systems using his / her IDs
Avoid discussing sensitive and confidential information in open workspaces and public places like: Airports, Restrooms, Restaurants,Elevators.
-
7/31/2019 Information Security and ISO 27001 Awareness
11/14Firstsource 2007 | confidential | June 24, 2012 | 11
Acceptable use of email,internet resources
Unacceptable use of Firstsource resources includes any activity which is:
- illegal
- inappropriate
- which take up excessive time or company resources.
Do not respond to spam e-mail or forward it to others.
Delete spam without opening.
Turn off the Microsoft Outlook preview pane before deleting spam messages.
Do not request removal from the spammer's distribution list, even if this option is offered.
Do not use Firstsource e-mail for non-business-related purposes.
Be judicious of the websites you access and never browse a site that contains inappropriate material.
use caution when creating rules to avoid discarding important messages.
-
7/31/2019 Information Security and ISO 27001 Awareness
12/14Firstsource 2007 | confidential | June 24, 2012 | 12
Incident Reporting
What is a security incident? Any event that compromises CIA of information.
Event could be physical, IT related, Policy related etc.
Sometimes a security weakness precedes an incident
Some examples are:
Theft, Violence or Riots, Physical security access control failure, Unauthorizedphysical access, Misuse/tampering with information, Unauthorized distribution ofinformation, Virus outbreak, Hacking etc.
All physical Security Incident should be reported to Local F&S Helpdesk.
For BCP related Queries , contact your supervisors or India BPO BCP Team
All Information Security Incidents should be reported to Centralized TechnicalSupport Desk on 5555 & or Send email [email protected]
All HR related Incidents should be reported to HR Helpline on 6666
mailto:[email protected]:[email protected] -
7/31/2019 Information Security and ISO 27001 Awareness
13/14Firstsource 2007 | confidential | June 24, 2012 | 13
Important dates to remember
Pre-Assessment Audit June 1/2, 2006
Stage 1 Audit (Document Review) June 6/7,2006
Certification Audit June 13/14, 2006
-
7/31/2019 Information Security and ISO 27001 Awareness
14/14
THANK YOUFirstsource (NSE: FSL, BSE: 532809, Reuters: FISO.BO, Bloomberg: FSOL@IN) is a
global provider of BPO (business process outsourcing) services headquartered in
India. Firstsource provides customized business process management to global
leaders in the Banking & Financial Services, Telecom & Media and Healthcare
sectors. Its clients include Fortune 500 Financial Services, Telecommunications and
Healthcare companies. Firstsource has a global delivery model with operations in
India, US, UK, Argentina and Philippines. (www.firstsource.com)
http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/