Njx

Question 1

Slide 1:

Introduction

Interactive Session

Answer 1

Good Morning Everyone, I am Chris Xavier working with ATCI Local Security Support which is a part of information security management Team. We perform security audits for all projects under ATCI Delivery Centers.

I will be talking about Information Security and security practices of Accenture, This would be an interactive session, I request your active participation throughout the session.

Question 2

Slide 3:

What is Information?

Answer 2

Information is that which gives a sense of understanding on something. Something that people can learn, know about.

For us Information is an asset and it is essential to an organization’s business.

Now Why do you think it needs Security?

Question 3

Slide 3:

Information Security

Answer 3

Information Security is protection of information assets from wide range of threats ensuring Confidentiality, Integrity, and Availability.

Question 4

Slide 3:

Core: Information Security Management System

Answer 4

Accenture has Information Security Management System at its Core created to define ways to identify and protect the company’s key information systems and data assets.

Question 5

Slide 3:

Information Security Achieved?

Answer 5

Information Security is achieved by implementing a suitable set of controls, defining policies, processes, procedures, software and hardware controls.

Question 6

Slide 4:

Aspects of Information Security

Answer 6

There are 3 Aspects of Information Security or the driving focus of information security?

Examples: UPI transactions,

Question 7

Slide 4:

Confidentiality

Answer 7

Confidentiality is ensuring that information is not made available or disclosed to unauthorized individuals, entities or processes.

Question 8

Slide 4:

Integrity

Answer 8

Protecting the accuracy of completeness of information/assets.

Question 9

Slide 4:

Availability

Answer 9

Information or property of being accessible and usable as needed by an authorized entity.

Question 10

Slide 4:

The idea is protecting data with management and technical controls from.

Answer 10

Unauthorized access, Unauthorized disclosure, Unauthorized modification, Destruction, Disruption

Question 11

Slide 5:
Impact of Information Security Breaches

Answer 11

Financial Loss, Reputational Damage, Operational Downtime, Legal and Regulatory Actions, Loss of Sensitive Data.

Question 12

Slide 5:

Example of Security Breach OKTA - Identity Management Services Provider Company called OKTA.

Answer 12

The Hackers have stolen an administrator credentials and have accessed to sensitive customer information on their Customer Support Platforms. The hackers tried to use those information to hack their clients.

Once this security breach got public, the company’s reputation got damaged, share prices fell down around 21%, lost market value of 2 Billion.

Here we can see for this company has faced Financial loss, Reputational damage, loss of sensitive information.

Question 13

Slide 7:
Protect your Password

Answer 13

1. Passwords Unique
2. Never reuse passwords
3. Never use Accenture credentials
4. Do not write passwords
5. Password Managers
   a. Dashlane, Lastpass, Keeper
6. Use Passphrase
7. Hello for Business

Question 14

Slide 8:
Let’s Classify?

What data needs to be protected?

Answer 14

Different types of Data
Not every information/data needs to protected

Multiple times
1. Restricted
2. Highly Confidential
3. Confidential
4. Unrestricted

Question: Example of any classification?

Question 15

Slide 9:
Let’s Use Permissions?

Answer 15

Classified information, tools to protect
1. Encrypt or Sensitivity Option
2. Levels of encryption
a. Do not forward
b. Internal use editable, read-only
3. Use of Permissions
a. Encrypts email, data file
b. Supports external sharing with permissions set
c. Control - read, forward, save, modify, print or copy etc.
d. Retains protection even after its downloaded.

Question 16

Slide 11: Keep Learning & Stay Ahead

Answer 16

1. Required Trainings
   a. IS Advocate Trainings
   b. Business Ethics (COBE) Trainings
   c. Awareness - Social Engineering trainings
   d. Client mandatory trainings
2. Fact of 50% less security incidents - Silver & Gold Advocates
3. Hacker Land.

Question 17

Slide 12: IS Advocate Curriculum for FY24

Answer 17

1. FY24 Advocate Curriculum
2. In Q2
3. New Role based Targeted Tracks
4. Two more will be released in ____
5. Mandatory Trainings for Everyone
6. Complete on Time

Question 18

Slide 13: Avoid getting Phished?

Are you all aware of what the term phishing means?

Answer 18

1. Phishing
2. One third of security incidents are

Question?

1. Social Engineering Technique
2. Sophisticated phishing - Targeted phishing.
3. Keep an eye for these indicators
   a. Do i Know the Sender
   b. Seem Legitimate
   c. Request Something
   d. Suspicious Links
4. Report Phishing
5. Forward to Spam
6. Note - PPP Program

Question 19

Slide 14: Working Securely From Home

Answer 19

1. Use Strong Password
2. Keep Softwares updated
3. Use WPA2 or WPA3 Encryption
4. In Public places, use Hotspot
5. Use Authorized devices for work
6. Use Company provided softwares
7. Raise NSSR for non standard softwares
8. Protect my tech tool to check compliance

Question 20

Slide 14: Working Securely From Home - Part 2

Answer 20

1. Best Practices using Zoom
2. Do not use personal accounts to conduct business.
3. Do not use work emails on personal business.
4. Assume that all information and video in Zoom is unprotected.
5. Protection of devices
6. Use Screen lock on laptops while away
7. Keep laptop out of sight if unattended.

Question 21

Slide 15: Security Incident Reporting

Answer 21

1. Any Security Incident contact ASOC
2. You can note down India Specific ASOC numbers
3. You can report online at asoc.accenture.com
4. Always contact your supervisors for queries.

Question 22

Slide 16: TOP Information Security Behaviors

Answer 22

These are top Information Security Behaviors that everyone needs to keep in Mind while you work.

There is Accenture Policy which calls out your obligation to protect Confidential Information. Policy 69 - Confidentiality. You can read about it at policies.accenture.com

Question 23

Slide 17: Three Actions to Take Now

Answer 23

1. Complete the mandatory IS Advocate Trainings on Time. Once they are available.
2. Check and ensure your Home Wi-Fi security settings (Wi-Fi encryption type, and password)
3. Save the ASOC Contact Information

Question 24

Slide 18: Useful Links

Answer 24

I’ll be sharing few links. These links could help you gain more understanding. Some of these links you can bookmark and check IS Advocate Dashboard, Check your Phishing results.