Training on ISMS, QMS, ITSM

Training on ISMS, QMS, ITSM.

Quality Management System (4) Organization and its context (4) Customer requirements Needs and expectations of relevant interested parties (4) Plan Planning (6) Act Support Operation (8) Leadership (5) Improvement (10) Do Performance evaluation (9) Check Customer satisfaction Results of the QMS Products and services.

Customers (Intemal & External) SERVICE SERVICES SERVICE MANAGEMENT SYSTEM (SMS) CONTD(T OF THE ORGANIZATION • Organizatbn and its Context • Interested Parties • Scope Of the SMS • Establish the SMS LEADERSHIP • Leadership & Commitrnent • Pdty • Roles, Re»onsibiEties and Authoråies PLANNING • Risks and Opportunities •Objectives • Aan fre SMS SUPPORT OF THE SMS • Resources • Competence • Awareness • Cornmunication • Docurnented Inforrnation • Knowledge OPERAnON OF THE SMS OPERATIONAL PLANNING & CONTROL RELATIONSHIP & AGREEMENT SERVICE PORTFü10 • Service Delivery • Aan the Services • Contrd of Puties involved in the Semce Lifecyde • Service Catalogue Managernent • Asset Management • Ccy@uratjon Management • Business Relatimswp tv%nagement • Service Level Management • Supplier Management SUPPLY & DEMAND • Budgeting & Accounting for Services • Dernand Management • Capacity Managernent SERVICE DESIGN, BUILD & TRANSITIOq • Change Management • Service Design and Transition • Release & Depbyment Management RESOLUTION AND FULFILMENT • Incident Management • Service Request Managernent • Problern Management SERVICE ASSIRANCE • Service Availablity %nawnent • Service Continuity Management • Information Security Managernent IMPROVEMENT PERFORMANCE EVALUATION • Monitoring, Measurement. Analysis & Evaluation • Internal Audit • Management Review • Service Reporti • Nmcmformity and Corrective Action • Continual hprovement Figure I — Service management system.

Information Security Awareness Training.

Agenda. 5. Importance of security awareness Avoiding social engineering Using internet safely Securing your devices Data Protection Summary.

Importance of security awareness. 5.

Threats to information security come in all shapes and sizes.

Information security is everyone’s responsibility, not just IT.

Information Security Awareness. Information Security is the protection of Information and Information Assets, from a wide range of threats (Data Leakage, Spam mail , Phishing mail , Virus Attack , any new incident )in order to safeguard business, profits and intellectual property..

Acceptable IT Usage. Employee Responsibility Every Organization employee is responsible for keeping assets secure Organization hardware, software and services may only be used for business purposes Organization information must not be stored/processed/transmitted on external device which is not owned by Organization (Please refer to BYOD Policy). Organization has the rights to monitor your activity , every Action could be monitored on your Laptops whether its Social Media Usage , Data Copy , Data Transfer via mail and other such actions. Organization System should only be used for storing Organization and Business related data , storing personal data is not recommended.

Acceptable IT Usage ……... Sharing of business and client related data with friends and external parties is against the policy Organization IT Security has the rights to monitor your activities and actions Violatations ,if any will be escalated and may result in disciplinary policy leading up to termination..

Three domains of security awareness can help protect your personal and organizational data.

Avoiding social engineering. Organization | Information security awareness.

The impact of email phishing. Phishing is one of the top attack methods that firms and organizations currently face. Upwards to 90% of targeted attacks start with phishing. Phishing attacks can result in the compromising of internal & client data, loss of productivity, loss of client trust, and expensive response costs..

Consequences of successful phishing. All it takes is one employee to fall victim to a phishing attempt and allow hackers to successfully infiltrate cyber defenses..

Email phishing. How to help protect from phishing... Check for bad grammar. Poorly constructed sentences, spelling mistakes, and an unusual tone are all signs that an email is suspicious. Be wary of emails that play on your emotions. Phishing emails often trick recipients with financial reward, imply a sense of urgency, ask for personal information, or require immediate action. Also, if something seems too good to be true, it probably is. Do not click hyperlinks or download attachments from suspicious emails. Roll your mouse pointer over the link without clicking to check the web address. Be wary of any attachment you weren’t expecting or coming from someone you don’t know. Be cautious of file types such as .exe, .zip, .docm, .bat and .xlsm. For every email, verify the email address of the sender. Hover your mouse pointer over the email sender’s name to double check the sender’s email address. Make sure the domain is correct to check if an attacker is using the name of a person or organization you know..

Vishing. How to help protect from vishing... Use caution when answering unsolicited phone calls. If you were not expecting a call, especially if it is from an automated voice messaging system, it may be fraudulent. Be wary of phone calls that attempt to sell you something or demand payment. Selling extended warranties or demanding payment for tax owed are examples of different types of phone scams. Tell the caller you will call them back with their official number you have on hand. If you receive a call from someone claiming to be from your IT department, call them back with their official number you have on hand..

SMiShing. How to help protect from SMiShing... Use caution when reading unsolicited text messages. If you receive a text message from an unknown sender, do not tap on any hyperlinks or provide any personal information. Continue correspondence over official channels. If you receive a text alert from a sender that claims to be your bank, follow up with your bank by contacting their official phone number or email address. Be wary of text messages from phone numbers that contain “5000” or are not actual phone numbers. These are common strategies for attackers to conceal their location and identity..

Spear and whale phishing. How to help protect from spear and whale phishing... Minimize the amount of information publicly available about you. Attackers will leverage information they find over social media and craft their phishing messages to appear more trustworthy. Be cautious of strangers who attempt to connect with you via social media. These personas may be fake and a ploy for criminals to gain your trust. Be aware that spear and whale phishing attempts may utilize emailing, calling, and texting conjointly. Since spear and whale phishing is targeted to you, criminals may employ any means to extract information from you or get you to click a malicious hyperlink..

Using social media safely. risks.. Social media can be used by criminals to gain information about you to leverage for a targeted phishing attempt. Also, sharing information on social media can be a cause of a breach if you’re not careful. Few tips on using social media... Follow your company’s social media guidelines. Remember to never post company confidential information on social media sites without prior permission. Always keep business accounts and personal accounts separate. Help prevent criminals from associating your personal lifewith your work life. Define your privacy profile and settings to control the type of personal information you share. Controlling the information about you on the internet can reduce the amount of.

Phishing Awareness. How to protect yourself from viruses, Trojans, Phishing and the other email threats we have discussed: Be careful while opening attachments and reading any unwanted mail. Do not open emails from “un-trusted” or unknown sources. Check Senders Address , Domain , sender name , if required search it on google for review. Always remember that new viruses/variants may not be detected by your antivirus software. Any abnormal behavior in the system should be reported to Support Desk immediately or to your Location IT Advisor. Use junk email folders/block senders list or report to your location it helpdesk's. Enable anti-phishing features available on newer browsers with the help of IT Team..

Using internet safely. (ßDv;. Organization | Information security awareness.

Avoiding malicious sites. Reduce the opportunities for attackers to install malware or steal your information by avoiding websites that could potentially put you in danger. Few tips on how to avoid visiting potentially malicious websites... Avoid visiting websites that are known to be potentially dangerous. Adult-themed websites or websites that provide downloadable proprietary content for free are examples of websites that may try to install malware onto your device. Never ignore warning messages from your browser. Your browser may know if a website is flagged as unsafe, or uses a potentially fraudulent certificate. An example of how a risky webpage may look like. An example of how a risky webpage may look like..

Website security certificate error. Organization | Information security awareness.

Knowing when it’s safe. To help ensure that your information goes to the right places instead of into the hands of criminals, follow these steps to know when it’s safe..

Identifying secure websites. Web addresses that begin “https://” are considered secured. The “s” in “https” stands for “secure.” Be on the lookout next time you visit a website to see if it starts with “https” or “http” in the URL..

Risks with social media. Social media can be a tool for cyber criminals to gain more information about you, or a source of an information breach if you’re not careful of what you share. User information is available for anyone who knows where to look. Network of known or connected peers, family members, or friends can be identified. Attackers can impersonate a known point-of-contact to gain additional information. What you put on the internet is there forever and can be propagated quickly. If you realize you put sensitive information on social media you want to redact – it may already be too late..

Securing your devices. Organization Information security awareness.

Keeping devices secured. Organization | Information security awareness.

Keeping workspaces safe. Do you have passwords written on paper?.

Working from home securely. Organization | Information security awareness.

Protecting your data when working in public. Help protect confidential information by keeping your devices private and your data secure from unauthorized viewing. Shield yourself from ‘shoulder surfers’ – someone may see you type your password or see any sensitive information on your screen. Bring confidential documents on encrypted storage instead of an unencrypted USB drive you can easily lose. Avoid using a public Wi-Fi network.

Secure password. Securing your passwords. Following secure practices with passwords can help prevent criminals from compromising your accounts and accessing sensitive IT systems. Abide by your company’s password policy Make sure your password meets the length requirements, character requirements, and MFA – Multi Factor Authentication..

31. Data Protection. Organization | Information security awareness.

Limit Collect only what you need, use it for the purpose it was collected and don’t keep it longer than necessary..

Data Protection. Sharing of business and client related data with friends and external parties is against the policy and action will be taken as per Organization Information Security Policy. Business Includes client project related ppt’s , pdf's , word documents , mails and other details including but not limited to Source Code on which clients engagements data and information are processed. Copying of Client or project related data to a External HD or Pen drive is not allowed. Organization IT Security can monitor your activities; if any anomaly is found then action will be taken as per Disciplinary Process. Any anomaly found during data copy and data transfer, escalations to be sent to respective manager and CEO..

Summary. Organization | Information security awareness.

Organization | Information security. 36. For policies reference , Please visit the Corporate Intranet.

Incident Reporting and Alerts Notification. For Cyber Security / Phishing/ Spam email / Spyware /DLP Incident reporting please mail to [email protected].

Organization | Information security. Use sound business judgement at all time when using social media services..

39. Acknowledegment. I confirm that I have read and understood this information security training and will not engage in any act which is contrary to the policy of the information security management. Name of individual: Name of organization: Signature: Date:.

Organization | Information security awareness. Questions?.