• Importance of Information

Security
• Know Why and What to Protect
• Safeguarding CIA
• Risk management
• Security vs Privacy
• Common security regulations
(such as ISO, GDPR, etc.)
• Threats & Vulnerabilities
• Reporting Security Incidents
• Security Fixes
Being leading security and privacy service
provider it’s crucial for us to ensure the same
for us.
Customers expect a company that specializes
in security to uphold high standards of data
protection.
The security of the company’s own systems
directly reflects the effectiveness of its
products.
Handling sensitive customer information
necessitates strong security practices to prevent
data breaches, which can lead to identity theft
and other issues for customers.
Strong information security measures protect
against theft or unauthorized access to
intellectual property.
protecting information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide
integrity, confidentiality, and availability.
Know Why and What to Protect
Embed information security in operations

Vulnerability Revenue Target Growth

A security weakness Attacks can be Customers and

left in operational extremely costly and employees expect and
tasks leads to threaten the viability trust you to keep their
vulnerable product of our business information secure
 Confidentiality Example:
Sensitive/internal
information
accessed by
Protecting unauthorized entity
information from
unauthorized
access and Controls:
disclosure Access Controls
Encryption
Authorization
Authentication
Physical Security
 Integrity Example:
Someone alters
payroll information
or a agreed
application design
Protecting
information from
unauthorized
modification
Controls:
Backups & Recovery
Procedures
Version Controls
Role Based Access
 Availability Example:
Your customers
are unable to
access your online
services
Preventing
disruption in
how
information is
accessed
Controls:
Redundancy
Backup
Alternate Routes
 Data Security ensures only Privacy governs how information is
authorized individuals have access. being collected, shared, and used.

It implements security protocols to It protects the rights of individuals

provide confidentiality, integrity, and with respect to processing of
availability of information assets. personal data.

Ensuring both privacy and security is the heartbeat of our business.

Elements of Risk
What are the threats?
What are the vulnerabilities?
What is the likelihood of a threat exploiting a
vulnerability?
What would be the impact of this to your business?
 What are you protecting?

To practice cybersecurity risk management, you

can start with these steps:
1. Identify your business’ assets
2. Identify the value of the business
requirement, asset valuation (that will define
its criticality)
3. Document the threats and vulnerabilities
against your assets and impact to your
business of loss or damage to the assets
4. Identify likelihood of loss or harm
5. Prioritize your mitigation activities
accordingly and implement relevant controls
 ISO 27001 GDPR

ISO 27001 is a global standard for The General Data Protection Regulation
information security management that (GDPR) is a legal framework that sets
helps organizations improve their guidelines for the collection and
information security performance, build processing of personal information
trust and demonstrate their compliance from individuals who live in and
to customers and clients. outside of the European Union (EU).

ISMS requires annual compliance audit Compliance with GDPR is mandatory

that is directly tagged with our B2B and in order to safeguard personal data in
B2C customers and uphold our reputation. order to build customer trust.
 Worms
Threats Rootkits
Unauthorized access Vulnerabilities
Man in the middle
Zero Day
Brute Force DDoS Unsecured APIs
EOL assets
SQL injection Risks
Trojans Unencrypted data

Unpatched security Misconfigurations

vulnerabilities Weak Passwords

Cloud Servers
Databases People
Laptops and PCs
Software Tools

Asset
 Vulnerability Assessment

Continuous Identification: We regularly scan for weaknesses and

vulnerabilities.

Patch Management: We recommend and apply security fixes.

International Best Practices: We assess and enforce system configurations

aligned with best practices.
 Reporting Information Security Incidents

• Role of Employees:
Everyone from the workforce plays a vital role in identifying unsafe practices, vulnerabilities, or
anomalies in the workplace.

• Staying Up-To-Date on Security Trends:

Keeping track of security alerts and advisories gives the necessary information for keeping your
products up-to-date and preventing you from easily falling victim to vulnerability exploits

• Being Responsible:
It’s very crucial to complete our security awareness trainings in order to know the identifiers of any
breaches and to stay well aware of all of our company policies and procedures.
WATCH OUT FOR…

A sense of urgency

Gmail labels as external

An illegitimate or
unfamiliar address

Suspicious URLs or links

Evident differences in the format

 Myth # 1

“ Compliance with industry regulations and standards

is sufficient to achieve data security
“
Fact:
Compliance with standards and regulations help organizations in building trust of
customers but to maintain the system built with these standards requires
continuous maintenance and compliance with policies and procedures from the
workforce to strengthen defenses against posed threats and vulnerabilities.
 Myth # 2

“ Only Business Security Department is responsible

for information security.
“
Fact:
Information Security is not a one time job, it’s a culture that requires to be embbed in
the organization and exercised and by all stakeholders in their respective
areas/domains.
 Myth # 3
“
“ Obscurity is also a method to achieve security

Fact:

Obscuring does not fulfill purpose of a security control. To achieve security

implementation is required of relevant security controls consisting of people, processes,
and technology as applicable.
 Myth # 4
“
“ Cyber threats come only from outside.

Fact:
The common myth that cyber attacks solely originate from external sources overlooks
the reality of insider threats and human error. (These internal threats can occur from
malicious software, disgruntled employees, or accidental actions).
 Myth # 5

“ Stopping Antivirus supports in secure and smooth

execution of task.
“
Fact:
Antivirus supports smooth and secure execution of tasks. In case of any hindrance or
delays, connect with the IT department for resolution.
 Myth # 6

“ We don’t need security controls because we use

Apple devices.
“
Fact:
Mac OS does not have some sort of secret software recipe that makes it invulnerable to
viruses and malicious files. Macs can–and regularly do–get viruses and so it needs
relevant control just as any other devices do.
 Myth # 7

“ Strong passwords are enough to prevent a

data breach
“
Fact:
Using strong and complex credentials are considered the first step, and multi-layered
security measures such as Two-Factor Authentication (2FA), access monitoring, user
best practices (keeping the credentials stored in a password manager, and avoiding to
share it with others) are also equally required.
 Myth # 8

“ I don't need to back up my data; it's safe

on my device
“
Fact:
Data loss can occur due to various factors, including hardware failure, malware
infections, or accidental deletion.
Without regular system backups, valuable data can be lost irreversibly, leading to
significant consequences for target individuals and businesses alike.
 Be careful of email attachments, web links and voice calls
from unknown numbers.
Do not click on a link or open an attachment that you
were not expecting.
Use separate personal and business computers, mobile

Everyday devices, and accounts.

Use multi-factor authentication where offered.

Tips
Do not download software from an unknown web page.
Never give out your sensitive information.
Consider using a password management application to
store your passwords for you.