Employee Information Security Awareness Training

[image] A close up of a building Description automatically generated.

09-01-2026. 2. REVISION HISTORY. S.No. Effective Date Page No. Version no. Revision Details Reviewed By Approved By 1 15-09-2023 2 1.1 Revision Sheet included Rajesh D Krishnaveni A M 2 06-07-2024 1 - 37 1.2 Reviewed and update with latest ISMS Induction topics Rajesh D Edwin Joseph 3 21-07-2025 11 1.3 Slide updated with ISO-ISMS latest Documented folder Rajesh D Edwin Joseph 4 5 6 7 8 9 10.

ISMS and its purpose:. noc "fit. Information security management system, often referred to as InfoSec, Which practice of protecting information by mitigating information risks. Primarily concerned with the confidentiality, integrity, and availability (CIA) of data, whether in storage, processing, or transit..

Importance of Information Security. A 3D pattern of ring shapes connected by lines.

Consequence of Security Breach. Magnifying glass showing decling performance.

Tools Helps Preventing Data Breach. Electronic circuit board.

Best Practice To Avoid Data Breach. CPU with binary numbers and blueprint.

What is ISMS (Information Security Management System)?.

Some Examples of CIA. 09-01-2026. 9. CONFIDENTIALITY: Confidentiality guarantees that data is available only to authorized users. It carefully controls, verifies, and restricts access. SSL Data encryption • Data classification and labeling • Access Controls • Multifactor Authentication • • Strong Password Policy.

Key Components of an ISMS. Padlock on computer motherboard.

ASE SOP’s. Diligently Designed perfection. \\projmgt\ISO-ISMS\01-INTERNAL\03-STANDARD_OPERATING_PROCEDURES.

Overview of Potential Risks and Threats. 09-01-2026.

Incidents & Its Examples. Different coloured organisers.

Handling Incident. 09-01-2026. 14. Graph on document with pen.

key responsibilities of employees:. Illuminated server room panel.

Objectives of ISMS. Person holding mouse. Help you to identify common information security risks. Help you develop good security practices. It will also help in dealing with following things: Passwords E-mail Risks & Phishing Viruses & Malware Ransomware & Public Wi-Fi General - Information Security Security Incidents Audits.

The one of way to protect yourself, and ASE, from cyber threats is by having a strong password. It’s simple – the longer and more complex your password, the more difficult it is to crack. Shorter and simpler passwords take less time and resources for hackers to compromise. Hence follow our ASE Password Security Policy..

Password Suggestion & Multifactor Authentication.

E-mail Risk & Phishing. 09-01-2026. 19. Colourful envelopes.

09-01-2026. 20. E-mail Tips.

Icon. 09-01-2026. 21. Phishing.

09-01-2026. 22. Virus & Malware. S. No. Category Virus Malware 1 Full form Vital Information Resources Under Seize Malicious Software 2 Description A Virus is a malicious executable code attached to another executable file which can be harmless or can modify or delete data. Malware is a program designed to gain access to computer systems, normally for the benefit of some third party, without the user’s permission. 3 Types Resident and non-resident viruses are two types of Viruses. Malware includes computer viruses, worms, Trojan horses, ransomware, spyware and other malicious programs. 4 Protection Antivirus software is used for protection against viruses. Antimalware software is used for protection against malware. 5 Relationship Virus is a type of Malware. Malware contains several programs; virus is one of them..

Common threats - Ransomware. Will either lock the screen or encrypt your data. Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data Wannacry attack 2017 - One of the biggest cyber-attacks to occur. Is said to have hit 300,000 computers in 150 countries. Companies affected include; NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways..

Ransomware. Wana DecryptOr 2.0 Payment will be raised on 1/4/1910 Tirne Left Your files will be lost on 1,'8/1970 00:00d) Tirne Left HOW to Contact Us Ooops, your files have been encrypted! not so enough time. You can decrypt some of your files for free. Try now by clicking But if you want to decrypt all your files, you need to pay. You only have 3 days to submit the payment After that the price will be doubled. Also, if you don't pay in 7 days, you won't be able to recover your files forever, We will have free events for users who are so poor that they couldn't pay in 6 months. How Do 1 Pay? Payment is accepted in Bitcoin only. For more infomation, click <About bitcoin>. Please check the current price of Bitcoin and buy some bitcoins. For more information, click <How to buy bitcoins>. And send the correct amount to the address specified in this window. After your payment, click <Check Payment>. Best time to check 9:00am - 11:00am GMT from Monday to Friday. Once the payment is checked, you can stan decrypting your files immediately. Contact I f you need our assistance, send a message by clicking <Contact Us>. "Ve strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets pdated and removes this softv.'are automatically, it will not be able to recover your even if vou oat" Send $600 worth of bitcoin to this address: bitcoin ACCEPTED HERE Check Payment Decrypt.

How to tackle Ransomware. TRAINING & EDUCATION Implement programs to provide employees with ways to exercise caution in order to avoid phishing attacks. CYBER HYGIENE Assess the computers & devices connected to your network to proactively identify potential exposure to malware, technical measures that can mitigate risk & keep security up-to-date. BACKUPS Establish regular routine backups of your business & personal data & keep backups disconnected from your business & personal networks so that you can rely on them in the event of an attack..

Public Wi-Fi. A poster of a wifi router Description automatically generated with medium confidence.

09-01-2026. 27. General – Information Security. Without IT knowledge IT assets should not be moved from one place to another place. Only approved software may be loaded on PC’s and Laptops which requires approval from reporting manager Never download unauthorized software from the Internet. Company employees are expected to use the Internet responsibly and productively. Internet access is limited to job-related activities only and personal use is not permitted Don’t Leave Sensitive information(printouts or portable media) containing confidential information on your desk. Do be aware of your surroundings when printing, copying or discussing sensitive information. Dispose unwanted hardcopy documents using Shredder Machine..

09-01-2026. 28. General – Information Security. Don’t Bring & plug in portable device without permission from our organization. Lock your computer when not in use. Verify antivirus protection on your workstation is up-To-date. Don’t keep any important files in Desktop & Save all files in Server. We can’t recover data if the system OS Crashes or HDD Failure happens. Always shutdown your workstation when you leave work for the day unless the workstation must remain powered on for business reasons. Always remind others all these risks. Use IT-Helpdesk Email based ticketing to report system-based issues. IT Support Extn : 111- IT Manager – 110 [email protected] / [email protected] [email protected].

SECURITY INCIDENT MANAGEMENT COVERAGE Cate or . Unauthorized Access 2. Malware Infection 3. Data Breach I Leakage 4. Phishing I Social Engineering 5. Denial of Service (DoS/DDoS) 6. Insider Threat 7. Policy Violation 8. System Misconfiguration 9. Physical Security Incident I O. Third-Party Security Incident T ical Exam les Compromised accounts, brute-force attacks, unauthorized VPN logins Ransomware, worms, trojans, spyware Sending confidential files externally, database exposure, lost storage devices Phishing emails, CEO fraud, fake support calls Website or application flooding, network saturation Data theft, sabotage, policy circumvention by employees Installing unapproved software, sharing passwords, unauthorized file sharing Exposed ports, weak encryption, unpatched software Theft of devices, tampering with servers, access to restricted zones Vendor system compromise, insecure API integrations, supply chain attacks Do your part to I«eep ASE secure! DO report all suspicious activity and cyber incidents to Chief Information Security Officer ( CISO ) : Mr. Edwin Joseph - [email protected] and Report Security Incidents! [email protected].

Following information should be provided to raise security incident.

ISSC- Committee. 09-01-2026. 31. Information Security Steering Committee Every three months once meeting will be conducted Meeting Agendas: 1.Risk Acceptance & RARTP 2.Incident Management Report Following are some of the committee members: Managing Director Quality Manager/CISO Delivery Manager, Technical/Training Manager HR-Manager IT-Manager Business Development Manager, Accounts/Finance Manager.

32. AUDIT…. primary objective is to evaluate the effectiveness of internal controls Provide management with objective view of the extent of implementation of systems Identifies areas of improvement. Helps businesses uncover problems and ensure efficiency. Audit Works with evidence-based approach Audit Classified into two types. Internal External.

Data Protection is in your Hands. Think twice before sharing the data..