Njx Flashcards
Slide 1:
Introduction
Interactive Session
Good Morning Everyone, I am Chris Xavier working with ATCI Local Security Support which is a part of information security management Team. We perform security audits for all projects under ATCI Delivery Centers.
I will be talking about Information Security and security practices of Accenture, This would be an interactive session, I request your active participation throughout the session.
Slide 3:
What is Information?
Information is that which gives a sense of understanding on something. Something that people can learn, know about.
For us Information is an asset and it is essential to an organization’s business.
Now Why do you think it needs Security?
Slide 3:
Information Security
Information Security is protection of information assets from wide range of threats ensuring Confidentiality, Integrity, and Availability.
Slide 3:
Core: Information Security Management System
Accenture has Information Security Management System at its Core created to define ways to identify and protect the company’s key information systems and data assets.
Slide 3:
Information Security Achieved?
Information Security is achieved by implementing a suitable set of controls, defining policies, processes, procedures, software and hardware controls.
Slide 4:
Aspects of Information Security
There are 3 Aspects of Information Security or the driving focus of information security?
Examples: UPI transactions,
Slide 4:
Confidentiality
Confidentiality is ensuring that information is not made available or disclosed to unauthorized individuals, entities or processes.
Slide 4:
Integrity
Protecting the accuracy of completeness of information/assets.
Slide 4:
Availability
Information or property of being accessible and usable as needed by an authorized entity.
Slide 4:
The idea is protecting data with management and technical controls from.
Unauthorized access, Unauthorized disclosure, Unauthorized modification, Destruction, Disruption
Slide 5:
Impact of Information Security Breaches
Financial Loss, Reputational Damage, Operational Downtime, Legal and Regulatory Actions, Loss of Sensitive Data.
Slide 5:
Example of Security Breach OKTA - Identity Management Services Provider Company called OKTA.
The Hackers have stolen an administrator credentials and have accessed to sensitive customer information on their Customer Support Platforms. The hackers tried to use those information to hack their clients.
Once this security breach got public, the company’s reputation got damaged, share prices fell down around 21%, lost market value of 2 Billion.
Here we can see for this company has faced Financial loss, Reputational damage, loss of sensitive information.
Slide 7:
Protect your Password
- Passwords Unique
- Never reuse passwords
- Never use Accenture credentials
- Do not write passwords
- Password Managers
a. Dashlane, Lastpass, Keeper - Use Passphrase
- Hello for Business
Slide 8:
Let’s Classify?
What data needs to be protected?
Different types of Data
Not every information/data needs to protected
Multiple times
1. Restricted
2. Highly Confidential
3. Confidential
4. Unrestricted
Question: Example of any classification?
Slide 9:
Let’s Use Permissions?
Classified information, tools to protect
1. Encrypt or Sensitivity Option
2. Levels of encryption
a. Do not forward
b. Internal use editable, read-only
3. Use of Permissions
a. Encrypts email, data file
b. Supports external sharing with permissions set
c. Control - read, forward, save, modify, print or copy etc.
d. Retains protection even after its downloaded.
Slide 11: Keep Learning & Stay Ahead
- Required Trainings
a. IS Advocate Trainings
b. Business Ethics (COBE) Trainings
c. Awareness - Social Engineering trainings
d. Client mandatory trainings - Fact of 50% less security incidents - Silver & Gold Advocates
- Hacker Land.
Slide 12: IS Advocate Curriculum for FY24
- FY24 Advocate Curriculum
- In Q2
- New Role based Targeted Tracks
- Two more will be released in ____
- Mandatory Trainings for Everyone
- Complete on Time
Slide 13: Avoid getting Phished?
Are you all aware of what the term phishing means?
- Phishing
- One third of security incidents are
Question?
- Social Engineering Technique
- Sophisticated phishing - Targeted phishing.
- Keep an eye for these indicators
a. Do i Know the Sender
b. Seem Legitimate
c. Request Something
d. Suspicious Links - Report Phishing
- Forward to Spam
- Note - PPP Program
Slide 14: Working Securely From Home
- Use Strong Password
- Keep Softwares updated
- Use WPA2 or WPA3 Encryption
- In Public places, use Hotspot
- Use Authorized devices for work
- Use Company provided softwares
- Raise NSSR for non standard softwares
- Protect my tech tool to check compliance
Slide 14: Working Securely From Home - Part 2
- Best Practices using Zoom
- Do not use personal accounts to conduct business.
- Do not use work emails on personal business.
- Assume that all information and video in Zoom is unprotected.
- Protection of devices
- Use Screen lock on laptops while away
- Keep laptop out of sight if unattended.
Slide 15: Security Incident Reporting
- Any Security Incident contact ASOC
- You can note down India Specific ASOC numbers
- You can report online at asoc.accenture.com
- Always contact your supervisors for queries.
Slide 16: TOP Information Security Behaviors
These are top Information Security Behaviors that everyone needs to keep in Mind while you work.
There is Accenture Policy which calls out your obligation to protect Confidential Information. Policy 69 - Confidentiality. You can read about it at policies.accenture.com
Slide 17: Three Actions to Take Now
- Complete the mandatory IS Advocate Trainings on Time. Once they are available.
- Check and ensure your Home Wi-Fi security settings (Wi-Fi encryption type, and password)
- Save the ASOC Contact Information
Slide 18: Useful Links
I’ll be sharing few links. These links could help you gain more understanding. Some of these links you can bookmark and check IS Advocate Dashboard, Check your Phishing results.
