© 2009 idbi intech, inc. all rights reserved.idbi intech confidential 1 information (data) security...
TRANSCRIPT
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 1
Information (Data) Security & Risk Mitigation
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 2
IT Act 2000 Amendment (Sec 43 A)
Corporate Bodies like Banks handling sensitive personal data to implement and practice reasonable security practices and procedures.
Damages by way of compensation to person affected without any upper limit.
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 3
Information Security- Myths
Passwords are enough
to secure our
business
Data backups are enough
Why plan for BCP ?Information Security
is
responsibility of IT…
Our existing Security controls are adequate
to prevent any information loss
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 4
Information Security- Reality
Critical data is accessible to others because I have left my PC/terminal unattended
Worm infecting my machine can bring down the entire network
My account is used to commit fraud because my password is weak /shared
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 5
Why Information Security?
Confidentiality, Integrity, Availability
People are the weakest link in Information Security
To know Security Responsibilities
To know Information Security Risks associated with their job responsibilities
Adherence to the Organizational security policies
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 6
Information Security Risks
Online Frauds Hacking Attacks Phishing / Vishing Attacks Spam Data Theft Insecure Business Applications Malware / Spyware Virus / Worm / Trojan Attacks Denial of Service (DOS) Attacks Lack of User Awareness
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 7
Risk Mitigation Measures
Infrastructure Set up• DR Site
• DR Drills
• Updated BCP
Critical Applications• High Availability Clusters/Multiple Servers
• Application Security Testing
• Parameter Fine Tuning
• Hardened Operating Systems
• Strong Physical Security/Surveillance Camera/Biometric Access
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 8
Risk Mitigation Measures
Delivery Channels• Secured Indirect Access to CBS
• Independent Systems
• Encrypted Data Exchange across systems
• Multiple Authentication
Outsourced Services• Drafting and Monitoring of SLAs
• Non Disclosure Clauses
• Review and Monitoring of Reports and Outputs
• Third Party Employee Background Checks
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 9
Risk Mitigation Measures
Users• Need to know basis
• Periodic Review of Access rights
• Strong Authentications
• Awareness Training
Networks• Intrusion Detection/Prevention Systems
• Internal and External Firewalls
• Periodic Penetration Testing
• 24x7 Cyber Policing/Monitoring Attacks
• Virus/Worm/Malware/Spyware Protection
• Regular Security Updates – IPS/IDS, Anti-Virus
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 10
Information Security Practices
Information Security Management System Information Security Policy & Procedures Continuous Risk Assessment Information Security Incident Management Business Continuity/Disaster Recovery Plans Information Systems Audit Network Security Audit Application Security Testing Vulnerability Assessment/Penetration Testing Security Operations Centre (SOC)/Cyber Policing Control Room Awareness Trainings
© 2009 IDBI Intech, Inc. All rights reserved. IDBI Intech Confidential 11
Thank You