[Audio] Welcome to the world of Information Security Management System. In today's digital age, data is one of the most valuable assets of any organization. Protecting it from unauthorized access, theft, or loss is of utmost importance. An Information Security Management System is a systematic approach to managing sensitive company information so that it remains secure. It encompasses policies, processes, procedures, and technology to manage risks and ensure confidentiality, integrity, and availability of information. In this day and age, where cyber-attacks are increasing in frequency and sophistication, implementing an Information Security Management System is critical for any organization that wants to safeguard its information assets. In this message, we will explore the basics of an I S M S within Flatworld Solutions Philippines, its benefits, and how it is being implemented here..
[Audio] Overview of Information Security Management System includes, HR Policies IT Policies Admin Policies InfoSec Management Policies.
[Audio] What is information? Information can be defined as facts provided or learned about something or someone Information can also be defined as data that is processed, stored, or transmitted by a computer.
[Audio] What is ISMS? An Information Security Management System / is a set of policies and procedures / for systematically managing an organization's sensitive data..
[Audio] The goal of IInformation Security Management System is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. I S M S, also protects the Intellectual Properties generated by the organization and its customers. The audit and certification is being done by the IOS, or the International Organization of Standardization. The ISO is an independent, non-governmental organization. Because 'International Organization for Standardization' would have different acronyms in different languages / the organization decided to adopt "ISO" / in reference to the Greek word "isos" / which means "equal"..
[Audio] I S M S, minimizes and avoids business threats / proactively revisits them and potential risks / and updates policies. I S M S, not only focuses on eliminating threats, but it to also prevents potential risks from occurring..
[Audio] I S M S, protects 3 key aspects of information, namely: Confidentiality Availability Integrity Confidentiality means Information is accessible only to those authorized to have access. Availability means Information is accessible and usable as and when authorized users require it. And Integrity means Information is complete, accurate and protected from corruption..
[Audio] I S M S, protects the following: Flatworld Philippines employees, client processes and data, and Physical assets and infrastructure..
[Audio] Documentation is imperative and mandatory. During the actual audit, the auditor might ask about existing processes and its implementation. Keep in mind that their primary basis whether a process is effective / is the presence of documentation / may it be via email or document..
[Audio] Positive Business Impacts of I S M S, I S M S, ensures that products and services satisfy customer requirements / while safeguarding the customer's, employee's and organization's data I S M S, also harmonizes policies and practices across all departments.
[Audio] Flatworld's primary focus is on Information Security. This is accomplished by focusing on information security from root level / by implementing appropriate mitigation controls / to securely monitor and control factors in each set of processes. I S M S, should not only have reactive plans to threats / but should have pre-emptive measures / and back up plans Aside from ensuring that our organization's information is protected / getting an ISO certification will increase the market value of the business..
[Audio] Clients who partner with us will ask: 1. Is my data going to be secured? 2. Can I trust them in running my business smoothly? 3. In case of disasters / do they have a back up plan to ensure I will not lose my business? This means that the departments involved in the implementation of I S M S, is not only responsible for laying out policies as pre-emptive measures, but to also assess potential risks that may affect the business –and to come up with mitigation controls for business continuity..
[Audio] Who is involved? You. You play a very important role in making sure that confidentiality, integrity and availability of information in the organization is protected..
[Audio] The following departments are involved in the implementation of I S M S, in Flatworld Philippines. IT, HR, Admin, Operations, Facilities, Finance, ISMG, and CISO..
[Audio] The following table shows the members, positions, roles and email addresses of the Information Security Management Group. Please take time to study the table before proceeding to the next screen..
[Audio] INFOSEC POLICIES An Information Security Policy is a set of rules and guidelines that outline the organization's approach to protecting its data and information assets. It defines the roles and responsibilities of employees, contractors, and vendors regarding information security. The policy also establishes procedures for data classification, access control, incident response, and disaster recovery. In this training, we will provide an overview of Information Security Policies, their importance, and the benefits of having a robust policy in place..
[Audio] Flatworld Philippines H.R. Policies. H.R. Policies.
[Audio] Employees are screened appropriately before onboarding..
[Audio] Employees are expected to agree to / and sign the Flatworld Philippines, confidentiality agreement..
[Audio] Employees are expected to read and agree to the Flatworld Philippines employment contract..
[Audio] Employees are expected to read through, understand and accept the Flatworld Philippines InfoSec policies at the time of joining All existing employees are expected to go through the Flatworld Philippines InfoSec training once a year, as the policies are bound to revision..
[Audio] Employees are expected to acknowledge and accept Flatworld Philippines regulations / regarding the assets assigned to them upon joining. Employees are expected to return all the assets assigned to them upon resignation, while being relieved from the company..
[Audio] Information Technology Policies. I.T. Policies.
[Audio] User Access Controls: Users should only have access to tools and data related to their department. Employees moved to a different campaign should not have access to their previous campaign folders or files. Network Access Controls: Users should not connect any new assets to the network. Folder Sniffing is prohibited and Be watchful of employees standing beside or behind you / to avoid Shoulder Surfing. Operating System Access Controls: Employees should use a unique User ID & password. User details should not be shared. Computers should not be left unattended & unlocked. Systems should have an idle time out..
[Audio] User Access Controls: Users should only have access to tools and data related to their department. Employees moved to a different campaign should not have access to their previous campaign folders or files. Network Access Controls: Users should not connect any new assets to the network. Folder Sniffing is prohibited. Be watchful of employees standing beside or behind you to avoid Shoulder Surfing. Operating System Access Controls: Employees should use a unique User ID and password. User details should not be shared. Computers should not be left unattended and unlocked. Systems should have an idle time out..
[Audio] E-mail Policy: Do not send emails with any libellous, defamatory, offensive, racist or obscene remarks. Do not unlawfully forward confidential information. Do not unlawfully forward or copy messages without permission. Do not send any attachment that contains a virus. Do not use BCC when sending official emails..
[Audio] Do not send an email without an approved email signature. Do not send any official email in all caps or with offensive font colors. Do not send any confidential files without password protecting them. Do not use office email to create threads representing any Ponzi schemes or a third party sales content. Do not use office emails for personal use. Do not share large attachments through mail. (Use Shared Drive)..
[Audio] Clear Desk or Clear Disk means that no confidential information should be saved in the computer's local drive D. The authorized user should not use any other screensaver or desktop display other than the ones authorized by the IT Team. The IT Team will conduct routine checks to verify compliance. The system will auto-lock if left idle for 5 minutes / and user access to change settings are disabled..
[Audio] The email password expiration is every 60 Days. The NT log in expiration is every 45 Days. Users should not re-use their last 5 passwords. Passwords are to follow Flatworld Philippines approved standards. Three incorrect attempts will lock the accounts..
[Audio] Non-Permissible Assets: Personal Laptop Pen Drive Personal Phones (based on roles) Camera/Handy Cam External Hard Disk Any kind of storage media Personal Networking Devices` Permissible Assets Company-issued laptops Customer-issued laptops Company-issued smartphones Customer-issued smartphones Company mobile phones/other communication devices Personal Mobile Phone (restricted based on roles) Company-issued external hard disks and/or any kind of storage media.
[Audio] The anti-virus policy is in place to ensure the safety of Flatworld's systems and networks / against the proliferation of malicious content and computer viruses. System Administrators / are responsible for ensuring the currency of anti-virus controls, adequacy of gateway controls, managing virus outbreaks, and reporting non-compliance and incidents to the ISMG. Users / are responsible for sensible handling of external content via any media, reporting virus alerts to the IT Team and ensuring compliance with this policy..
[Audio] If you suspect that your computer or laptop is infected, take immediate action! Disconnect from the internet (if possible), close all your files and programs, shut your system down, contact the IT Helpdesk immediately, and raise an Incident Report by documenting the symptoms observed..
[Audio] Admin Policies. Admin Policies. Flatworld Solutions (Philippines) Inc. | Learning and Development | ISMS | Internal.
[Audio] Employees should wear their company IDs when inside the company premises. New Hires should be wearing the Temporary IDs issued to them until they receive their company IDs. Employees should register their finger print at the biometric devices every time they enter or exit an access controlled area. No tailgating allowed. Employees should not lend their ID or use some one else's ID. Lost IDs should be reported to Admin and Facilities ASAP..
[Audio] Employees should refrain from trying to access areas where they do not operate from. Employees should return all keys or any company equipment issued before signing the exit clearance. Flatworld facilities are monitored by CCTV at all times. Frisking & bag checks can be done at the security post..
[Audio] Visitors should have an ID from the security post. Visitors' information should be logged in the visitors' register. All electronic devices should be surrendered at the security post / in the absence of authorization to carry these devices inside the premises. Visitors should always be escorted inside the production floor. Visitors should not attempt to connect to the networks, carry any printed matter, or use any device or equipment of Flatworld, unless authorized..
[Audio] The following diagram shows the Material Movement Policy for employees with media devices with approval. Please take time to study the diagram before proceeding to the next screen..
[Audio] Each employee must follow the steps listed below: Maintain a neat working environment. Refrain from cluttering the work area with post-its, or other notes displaying sensitive information Sensitive working papers are to be placed in drawers and locked. Ensure that customer and company information is treated with the highest degree of security and confidentiality. At the end of the working day, employees are expected to tidy their desk. Periodically identify documents with sensitive customer or internal information that are no longer needed, and hand over to Admin department for shredding..
[Audio] Vendor management is a set of best practices to ensure vendors alike are being evaluated / & follow a structured and systematic approach within an organization. This includes vendor evaluation, selection, and performance evaluation. Vendors with more than 3 successful transactions with Flatworld Philippines can be added to our preferred vendor list..
[Audio] Vendor Management Policy and Process Requisition Gathering of proposals Vendor selection and negotiation Prepare purchase order Delivery of products and services Vendor Payment Vendor performance evaluation.
[Audio] Information Security Management Policies.
[Audio] Do not store or use customer-provided information for non-business related reasons. Do not use Flatworld email to engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace policies. Do not browse unauthorized/non-business related websites via Citrix or any proxy servers..
[Audio] Avoid sending unsolicited emails, including 'Junk Mail' or other advertising material to individuals. Avoid posting offensive comments in online public portals, blogs or newsgroups which will affect the company's reputation. No personal belongings should be brought inside the production floor..
[Audio] Data should be obtained for specific and lawful purposes only. Data should be processed fairly and lawfully / only for the specific purpose for which it is intended. Data should be adequate, relevant and not excessive in relation to the purpose for which it is held. Data should be accurate and kept up to date. Data should be kept only for as long as necessary..
[Audio] Data should be processed in accordance with the rights of data subjects. Data should be securely maintained to avoid loss or destruction. Data should not be shared / transferred to a place where there is no / inadequate level of protection. Confidential documents shared via any method should always be password protected..
[Audio] Flatworld shall maintain a comprehensive and up-to-date database containing details of its information assets for the purposes of defining its value, criticality, sensitivity and legal implications. All information, data and documents shall be clearly labelled so that all users are aware of the ownership, classification and value of the information. All information, data and documents must be processed, stored and destroyed strictly in accordance with the classification levels assigned to that information..
[Audio] Restricted Highly sensitive corporate and customer data that, if compromised, could have a major impact on our company and its customers, potentially including legal or regulatory consequences. Flatworld Solutions Philippines proprietary and sensitive information is classified as restricted, with a high risk of information that requires strict compliance and control. Confidential Confidential information is personal communication relating to the business that is unknown to the public and only shared within the organization. This is information that is restricted to employees or departments on a "need to know" basis..
[Audio] Internal Information that can be used and shared within the company. Disclosure of the following information may cause loss of competitive disadvantage and embarrassment. Not as critical in terms of security but are still worth protecting to protect the integrity and to practice privacy. This data often relates to a company, business, or organization. Only employees who work for the company typically have access to the internal data. (i.e., company calendar, organizational telephone or e-mail directory, company internal activities, company news, and announcements, and internal job postings.) Disclosure is not expected to cause serious harm to Flatworld Solutions Philippines, and access is provided without strict approvals from management. Loss of this information could cause possible harm to the Flatworld Solutions Philippines's image, employees, or reputation but would not necessarily violate existing laws or regulations. Public Information that has been declared public knowledge by the information owner. Can freely be given to anyone without any possible damage to Flatworld Solutions Philippines. (i.e., marketing brochures, corporate website, press releases, external job postings). Information intended for public release but not yet approved by the information owner for release is often Confidential or Restricted..
[Audio] All documents and assets should be examined first before disposal. Managers should make sure that these information are no longer needed. All information or assets disposed should be logged. Documents should be shredded. IT Assets should be reformatted before disposal..
[Audio] What is an incident? An incident is any activity that is out of the ordinary and could disrupt business or risk Information Security..
[Audio] Incident Management defines the process of reporting and managing incidents related to Information Security Risk. Employees who witness any incident / should reach out to their immediate supervisor to report the incident. They are expected to report the incident directly to the concerned department / in case of absence of the supervisor..
[Audio] Internal audits will be conducted by the I S M G team at regular intervals / to ensure compliance to standards, guidelines and procedures stated according to the ISMS. This is applicable to all employees, contractors, and third-party services. Internal audit typically applies to, but is not limited to, the Information Security Management System and Quality Management System or elements thereof. This process will cover all the activities and functional areas at Flatworld..
[Audio] In just a few moments, you may now take the I S M S assessment and sign-off on the assessment page which is located below of the training site video..
[Audio] Thank you for completing the I S M S training..