Professional Documents
Culture Documents
Information Security Policy Guideline 2302118 2302117 2302138
Information Security Policy Guideline 2302118 2302117 2302138
2 2/27/2024
Referenced Documents
➢ InformationSecurity Policy
Guideline, Dated 6th April 2014
3 2/27/2024
Preamble
Implementation of e-governance
4 2/27/2024
Current Situation
lack of information
protection procedure
5 2/27/2024
Guideline Governance and Enforcement
6 2/27/2024
Guideline Covers
Different Information
Objective Scope
Terminology Classification
Certification
Importance
Importance of
of Auditing for
auditing for Monitoring
Monitoringand Certification
as an Agency
Information
information security
security Improving
and improving as an agency
Procedures
Procedures for
for Backup && Sample
Incident Backup Business
Business Sample
Incident Handling
Handling Restore Continuity Information
Information
and Restore Continuity
and Disaster
Disaster Mechanism Security
Security Policy
Recovery Mechanism Plan
Plan
Recovery Policy
7 2/27/2024
Risk, Threats and Vulnerabilities
Risk Management
8 2/27/2024
Risk
The potential (merely “chance”) for loss, damage or destruction of an
information asset as a result of a threat exploiting a vulnerability.
9 2/27/2024
Reasons of Risk
lack of security awareness are
Operating procedures are not
there
documented
little support for security measures
Lack of fire prevention system
information is not classified
The building is in an earthquake zone,
no official policy and no where minor quakes are expected
monitoring/intrusion detection
or incident response weak access control mechanisms exists
team are in place The building is in an flooded
zone or can be affected by flood
inadequate information security
because of lack of proper water
policy operates
disposal system
10 2/27/2024
Threat
A threat is a potential cause of an unwanted incident, which may result in
harm to a system or organizations’ information assets.
11 2/27/2024
Typical Information Security Threats
12 2/27/2024
Vulnerability
13 2/27/2024
Classification of Vulnerability
Organizational
Spatial Personnel
Vulnerability
Hardware,
software Environmental
and
network
14 2/27/2024
Identification of Risk, Threats and
Vulnerabilities
Information
Threat Vulnerability Risk
Asset
• Information • Threat is • Vulnerability • Risk is
asset is something is the destruction
something against what weakness or (or chance of
what agency an agency gap in the destruction)
tries to tries to protection of an
protect. protect their efforts made information
information by an agency. asset as a
asset. result of
threat
exploiting
vulnerability.
15 2/27/2024
Risk Management
Establish the context
Identify Risk
Analyze Risk
Likelihood Consequence
Estimate Level of
Risk
Evaluate Risk
Treat Risk
16 2/27/2024
Risk Management Template
17 2/27/2024
Security Control
Security controls are safeguards or countermeasures to avoid, counteract or
minimize security risks.
18 2/27/2024
Security Control Criteria
Preventative Physical
Corrective Detective
Technical
19 2/27/2024
Example of Some Security Controls
20 2/27/2024
Digital Signature certificates ensures 4
goals of Information Security
Authenticity Confidentiality
Integrity Non-
repudiation
21 2/27/2024
Some Legal and Compliance Document
22 2/27/2024
Business Continuity Plan
Steps
Including information security in the
business continuity management process;
Incident Management
24 2/27/2024
Sample Outline of an IS Policy
Preamble
Definitions
Introduction
Scope
Policy Governance & Monitoring
Information Asset and Classification
Roles & Responsibilities
Risk management
Security Controls
Incident Management
8. EU -European
27 2/27/2024
THANK YOU