IS Awareness

Question 1

Slide 1 - Information Security Awareness

What is Information Security?

What is Information?

Why do you think it needs Security?

Answer 1

What is Information?
Information is that which gives a sense of understanding on something. Something that people can learn, know about.

For us information is an asset and it is essential to an organization’s business.

Example: Newspaper contains information about world, politics, sports, media, science. etc.

Customer Records contains information of person, bank information, services purchased etc.

Now that we know what is Information. Why do you think it needs Security?

Question 2

Slide 2: Taking Responsibility and protecting Information and assets entrusted.

Answer 2

Now that we know what is Information. Why do you think it needs Security?

Any information that can lead to misuse or which can imply destruction or damage of persons or organization or technology etc. and it needs to be protected or secured.

We that is each of us should take responsibility and protect information and assets which are given to us against unauthorized use or access. Which ensures information security.

Question 3

Slide 3: Why should we know this?

Answer 3

Most security breach analysis data shows that 90% of all cases of identity theft have occurred due to poor password security or opening spam emails or phishing emails.

Over one third of all IT security Incidents are caused by Phishing attacks

48% of all IT security incidents are caused by Human Error

Average cost of data breach is 3.86 million dollars.

For example: there was recent security breach occurred with Identity Management services provider company called OKTA, The hackers have stolen an administrator credential and have accessed to sensitive information on their customer support platforms. the hackers tried to use those information to hack their clients.

Once they have announced the data breach to the public, the company’s reputation got damaged, share prices fell down around 21%, lost market value of 2 billion.

Therefore, We can say Security vulnerabilities are not just caused by machines or systems.
We play an important role of managing, operating these machines. Ultimately Machines just follow or do the set of instructions we give them.
So let us not be the weakest links and fail at Information Security.

Question 4

Slide 4: What needs to be Protected?

Answer 4

So what do you think we need to protect?
What do we at Accenture have to Protect ?

1. Accenture Data
   a. Examples: Pricing Information, Procurement data, financial data, Org strategic plans, trade secrets, Client presentations or information etc.
2. Client Data
   a. Client Business, customer information, clients internal information, sensitive data, formulas and trade secrets (software code, designs, unique business processes, etc.)
3. Information assets or technologies
   a. Laptop tokens, smartphones, tablets, documents etc. which could accenture owned or client owned.

Question 5

Slide 5: Pillars of Information Security

Answer 5

3 Pillars of Information Security or the driving focus of information security?
Can anybody guess? what the 3 pillars are?

1. Confidentiality
   Confidentiality is ensuring that information is not made available or disclosed to unauthorized individuals, entities or processes.
   a. Right Person
2. Integrity
   Protecting the accuracy of completeness of information/assets.
   a. Right information
3. Availability
   Information or property of being accessible and usable as needed by an authorized entity.
   a. Right time.

Question 6

Slide 6: Where do I START?

Answer 6

Where do you think is our First line of Security is Or What is our First Line of Security?

Passwords
Is the first line of Security, we protect all our assets with passwords - laptops, devices, bank accounts, lockers, emails etc.

Question 7

Slide 7: Protect your Password

Answer 7

How should we configure our password ?

1. Passwords unique
2. Never reuse passwords
3. Do not use Accenture credentials for personal websites
4. Do not write down passwords
5. Always change default passwords (especially for shared/admin accounts)

Question 8

Slide 8: What next?

Answer 8

Let’s say now that we have created a good strong passwords, what should we do Next or what should we use it for?
Protect the DATA.

What Data?

Now that we have different types of data, data can be non-business, non-sensitive or you may have data of no values or use-case, the data which is widely available in the internet. Does that require password protection?

Question 9

Slide 9: Let’s Classify?

Answer 9

Not every information/data needs to be protected. Certainly we need “Classify” or Categorize the Data.

In Accenture, we have four different classifications to protect data? Does anybody know that?
1. Restricted
2. Highly Confidential
3. Confidential
4. Unrestricted

Question 10

Slide 10: Let’s use Permissions?

Answer 10

We have classified information, we need to have proper tools to protect.

In Accenture we have Permissions tool enabled in mostly used Microsoft Applications such as Outlook and Office Applications.

Levels of Encryption
1. Do not forward
2. Internal use Editable
3. Internal use with Contractors
4. Internal use Read only
5. Everyone has full Control (unencrypted)

You can see the Encrypt/Sensitivity Option available in Draft Mail box and options to 4 different classifications we talked about earlier.

Why should we use Permissions?
1. When we use permissions it will encrypt the message, setting restrictions and controls.
2. Limit access
3. You can send external emails with permissions, so the message stays encrypted and only the recipient able to read it.
4. Control - read, forward, save, modify, print or copy etc.
5. Retains protection even after a document is downloaded.

Question 11

Slide 11: Avoid getting Phished?

Are you all aware of what the term phishing means?

Answer 11

1. Phishing
2. One third of security incidents are

Question?

1. Social Engineering Technique
2. Sophisticated phishing - Targeted phishing.
3. Keep an eye for these indicators
   a. Do i Know the Sender
   b. Seem Legitimate
   c. Request Something
   d. Suspicious Links
4. Report Phishing
5. Forward to Spam
6. Note - PPP Program

Question 12

Slide 12: Use Approved Software and storage

Answer 12

1. Only use Accenture or Client approved collabration tools
2. Do not put sensitive information on personal devices or personal emails
3. Do not store or transmit sensitive internal information via client systems

Question 13

Slide 13: Guidelines for Zoom Software

Answer 13

1. Policy 57 strictly prohibits use of personal accounts to conduct business.
2. Assume zoom is unprotected - no sensitive accenture information files or personal information
3. Only install zoom from trusted sources
4. Do not click links from unknown or untrusted sources, zoom lacks security controls to protect malicious links.

Question 14

Slide 15: Portect your devices

Answer 14

1. Follow CDP guidelines when using devices
2. Lock your screens
3. Perform reconciliation of client provided devices
4. Get client devices approved of TPRA

Question 15

Slide 16: Comply with workstation Requirements

Answer 15

1. Restart your system at least once a week.
2. Do not install any software without an appropriate NSSR
3. Use our tech support channels for any tech issues
   a. protect my Tech
   b. MyTech Chat bot
   c. Tech self- support.accenture.com

Question 16

Slide 17: Security Incident Reporting

Answer 16

1. Any Security Incident contact ASOC
2. You can note down the India Specific ASOC Numbers
3. You can report online at asoc.accenture.com
4. Always contact your supervisors for any queries.

Question 17

Slide 18: Keep Learning & Stay Ahead

Answer 17

1. Required Trainings
   a. IS Advocate Trainings
   b. Business Ethics (COBE) Trainings
   c. Awareness - Social Engineering trainings
   d. Client mandatory trainings
2. Fact of 50% less security incidents - Silver & Gold Advocates
3. Hacker Land.

Question 18

Slide 18: IS Advocate Curriculum for FY24

Answer 18

1. FY24 Advocate Curriculum
2. In Q2
3. New Role based Targeted Tracks
4. Two more will be released in ____
5. Mandatory Trainings for Everyone
6. Complete on Time

Question 19

Slide 19: To do when Roll off or Exit?

Answer 19

The idea is to delete and scrub your data on the project the network drives, files etc.

Question 20

Slide 20: During Roll Off or Exit?

Answer 20

1. Understand Accenture owns all work products created during your time.
2. Ensure that you will not email sensitive information to personal emails.
3. Delete or Scrub Sensitive Information on any device you used during your time.
4. Do not take any Knowledge resources when leaving Accenture.

Question 21

Slide 21: TOP Information Security Behaviors

Answer 21

These are top Information Security Behaviors that everyone needs to keep in Mind while you work.

There is Accenture Policy which calls out your obligation to protect Confidential Information. Policy 69 - Confidentiality. You can read about it at policies.accenture.com

Question 22

Slide 22: Working Securely From Home

Answer 22

1. Use Strong Password
2. Keep Softwares updated
3. Use WPA2 or WPA3 Encryption
4. In Public places, use Hotspot

Do NOT be a Target.
1. Peering over your shoulder - Use of Privacy Screen
2. Guard against eavesdropping - be cautious when discussing sensitive business work.
3. Lock your screens when unattended.

Question 23

Slide 23: Useful Links

Answer 23

I’ll be sharing few links. These links could help you gain more understanding. Some of these links you can bookmark and check IS Advocate Dashboard, Check your Phishing results.