Professional Documents
Culture Documents
Developing An Information Security Policy: A Case Study Approach
Developing An Information Security Policy: A Case Study Approach
1. What are your organization’s policies that explain information security requirements?
Privacy and data protection principles followed by Wipro Limited and its entities around the
world with regards to the personal information of its customers partners, employees (current or
former employees, trainees), applicants, contractors, prospects and vendors and current or
former members of the Board of Directors, whose personal information are processed by Wipro
Wipro does not share personal information about you with affiliates, partners, service
providers, group entities.
We may share information about you if Wipro is acquired by or merged with another
company.
Wipro will not be liable for any unsolicited information provided by you. You consent to
Wipro using such information as per Wipro’s Privacy Statement.
When you engage with us through social media sites, you may allow us to have access
to certain information from your social media profile based upon your privacy preference
settings on such platform
This policies have been developed by keeping into consideration that user data must be
protected from any attacks .These policies focus on the proper methods , rules and regulation
that need to be followed by each and every employee of an organization.
Wipro does not share personal information about you with affiliates, partners, service providers,
group entities.
4. How are users made aware of the existence and the importance of these policies?
The work of the IT dept of an organization is to maintain these policies and generally they are
responsible for maintaining these policies. They generally send Email’s to customers which
includes the ISP that might inform the user about the policies of the company.
Below are few steps which Wipro follow for letting their user know about the policies:-
The Information security policies of wipro is given on their website. '
Wipro mandates compliance to this code through periodical certification and company -wide
awareness and testing of the code every year. In addition to the section in Code of Conduct,
Wipro has also defined Privacy policy and this policy is published in the website
(URL: http://www.wipro.com/privacy-policy/ ).. There is an internal Data Protection and Privacy
policy defined under Information Security Management System (ISMS) with the objective – ‘to
define collection, protection and usage of personal data & company confidential information as
per applicable laws and regulations’. We have also established and implemented Security
Incident Management policy that covers procedures for reporting and handling policy violations
& data breaches.
5. What are the most important issues of information security and acceptable use of
network systems and information resources in your organization?
Issues of information security:-
Denial Of Service
Phishing
Malicious Program
Besides this ISP documents contain security issues for understanding rules and
regulation made by the organization.
4. No bugs – If you use a PC, your computer is extremely susceptible to online viruses,
commonly referred to as bugs.
5. Protects your customer – Having the proper internet security systems set in place not only will
help to protect you, but it will also keep your clienteles' data safe and secure.
6. Spyware protection – Spyware infects your computer and spy on you. It seeks and steals
your personal info, such as passwords, credit card numbers, addresses, and social security
numbers. Hackers use spyware in an effort to steal your identity, and your money.
7. What are the most important aspects that require further development in these
information security policy documents?
ISP documents should mention the purpose of the application and the steps for using it.
ISP documents should also explain the use of work portals.
The employees must regularly dispose sensitive data