information security and iso 27001 awareness

7/31/2019 Information Security and ISO 27001 Awareness

1/14

Information Security and ISO 27001 Awareness


2/14

Firstsource 2007 | confidential | June 24, 2012 | 2

Objective

What is ISO 27001?

Information Security

Data Classification

Physical Security

Clear Desk & Clear Screen Policy

Data Security

Acceptable use of email, internet resources

Incident Reporting


3/14


What is ISO 27001?

Controls-based policy

An Information standard

CertifiableInternationally recognizedRisk-management based

A comprehensive set of controls comprising bestpractices in information security.

Encompasses all types of information

Whatever form the information may take, or means

by which it is shared or stored, it should always beappropriately protected (ISO17799:2000)

Clauses 8, Control Groups 11, Controls -134


4/14


Information Security

Confidentiality

Protecting sensitiveinformation from

unauthorized disclosureor interception.

Integrity

Safeguarding theaccuracy and

completeness ofinformation

Availability

Ensuring that informationand vital services are

available to users whenrequired.

InformationSecurity

Information is an asset to all individuals and businesses. Information Security refers to the protection of theseassets in order to achieve:

i) Confidential ii) Integrity iii) Availability


5/14


Data Classification

Secret Contains highly sensitive, strategic Firstsource information that is material, non-public.

Examples Financial forecasting and planning information

Earnings estimates

Major litigation information

Information on acquisition or merger plans

Highly Confidential Contains personal data regarding Firstsource personnel or sensitive information about project/client data.

Examples Benefits, employee earnings, payroll data

Performance feedback forms

Social security numbers, home addresses and telephone numbers

Health information

Client lists and contact information

Preferences, opinions and intentions regarding any individual

Client billing information

Clients architecture diagrams

Business development tracking information


6/14


Data Classification

Confidential Contains Firstsource, client and some personal data which is marked confidential, known to beconfidential or is not generally available to the public.

Examples

Employee phone or voice mail directory Organization charts

Market offering information

Asset-based solutions

Internal meeting presentation materials

Project deliverables

Unrestricted Contains any data that is available to the public.

Examples Company advertising literature once it has been used

Data contained on http://www.Firstsource.com/
http://www.firstsource.com/http://www.firstsource.com/


7/14Firstsource 2007 | confidential | June 24, 2012 | 7

Physical Security

Physical controlsPhysical controls Physical controls

Display your badge atall times within

Firstsource India BPOpremises.

Do not be chivalrousand open doors forothers. It is mandatoryfor everyone to flash

their access cardswhenever you enter orleave a floor.

Disable access cards ofresigned employeesimmediately.

Display the danglers inyour cars for identifying

as Firstsource India BPOemployees Do Not recordinformation using state-of-the-art mobile phonesor other recordingequipment

Do not use personalcomputing device orequipment e.g. laptops,USB drives, CDs etc

Escort visitors at alltimes They do notbelong to FirstsourceIndia BPO and noinformation is Publichere

Report loss of accesscards immediately thiswill prevent unauthorized

access using your card. Handle ex-employees asvisitors

Ensure that all visitorssign-in their details at theentrance



Clear Desk &Clear Screen Policy

Dos Pick up confidential and proprietary items quickly off the printer

Shred any unwanted or old documents

Clear out voicemail before you leave for the day

Lock confidential and proprietary documents and computer media in drawers or filing cabinets

Physically secure laptops with company approved cable locks

Any documents marked Secret/Highly Confidential/Confidential should not be left on the desk unattended

Log out of Windows or invoke the password protected screen-saver by pressing Ctrl-Alt-Del on the Keyboard, and selecting Lock Workstation

prior to leaving the computer

Include disclaimers while sending confidential fax messages.

Exchange information with other Firstsource entities or third party organizations through approved courier agencies.

Verify your recipients identity before discussing confidential information over the phone.



Donts

Clear Desk &Clear Screen Policy

Pin-up any confidential information or client data in the workspace

Write or make notes on any piece of paper, which you might loose

Remove any Firstsource confidential Information Pin-up from the workspaces

Save client related documents on PC hard disks

Access Confidential information without business need

Change Screen Saver Settings



Data Security

All Documents should be labeled.

Clear boards and charts after any meeting.

Ensure all confidential, high confidential documents are shredded immediately after use.

Any loose paper left unattended on desk will be shredded without any warning.

User should ensure they have unique and identifiable ID and passwords for all applications they might use for their official work

Should promptly follow the password policies of Firstsource and where applicable those of client

In case of Login trouble to any application, user should always contact Helpdesk. Should not share others ID / Passwords

User is accountable to all activities done on Firstsource systems using his / her IDs

Avoid discussing sensitive and confidential information in open workspaces and public places like: Airports, Restrooms, Restaurants,Elevators.



Acceptable use of email,internet resources

Unacceptable use of Firstsource resources includes any activity which is:

- illegal

- inappropriate

- which take up excessive time or company resources.

Do not respond to spam e-mail or forward it to others.

Delete spam without opening.

Turn off the Microsoft Outlook preview pane before deleting spam messages.

Do not request removal from the spammer's distribution list, even if this option is offered.

Do not use Firstsource e-mail for non-business-related purposes.

Be judicious of the websites you access and never browse a site that contains inappropriate material.

use caution when creating rules to avoid discarding important messages.



Incident Reporting

What is a security incident? Any event that compromises CIA of information.

Event could be physical, IT related, Policy related etc.

Sometimes a security weakness precedes an incident

Some examples are:

Theft, Violence or Riots, Physical security access control failure, Unauthorizedphysical access, Misuse/tampering with information, Unauthorized distribution ofinformation, Virus outbreak, Hacking etc.

All physical Security Incident should be reported to Local F&S Helpdesk.

For BCP related Queries , contact your supervisors or India BPO BCP Team

All Information Security Incidents should be reported to Centralized TechnicalSupport Desk on 5555 & or Send email [email protected]

All HR related Incidents should be reported to HR Helpline on 6666
mailto:[email protected]:[email protected]



Important dates to remember

Pre-Assessment Audit June 1/2, 2006

Stage 1 Audit (Document Review) June 6/7,2006

Certification Audit June 13/14, 2006


14/14

THANK YOUFirstsource (NSE: FSL, BSE: 532809, Reuters: FISO.BO, Bloomberg: FSOL@IN) is a

global provider of BPO (business process outsourcing) services headquartered in

India. Firstsource provides customized business process management to global

leaders in the Banking & Financial Services, Telecom & Media and Healthcare

sectors. Its clients include Fortune 500 Financial Services, Telecommunications and

Healthcare companies. Firstsource has a global delivery model with operations in

India, US, UK, Argentina and Philippines. (www.firstsource.com)
http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/http://www.firstsource.com/