INFORMATION SECURITY MANAGEMENT SYSTEM

Get Started. It's Free
or sign up with your email address
Rocket clouds
INFORMATION SECURITY MANAGEMENT SYSTEM by Mind Map: INFORMATION SECURITY MANAGEMENT SYSTEM

1. Social Engineering Exploitation Of Personnel

1.1. DEFINITION OF SOCIAL ENGINEERING

1.1.1. Social engineering is the art of manipulating people into doing things, particularly security-related—such as giving away computer access or revealing confidential information. Rather than breaking into computer networks or systems, social engineers use psychological tricks on humans.

1.2. HOW TO PROTECT OURSELF FROM SOCIAL ENGINEERING ATTACKS

1.2.1. Be aware of the information you're releasing.

1.2.2. Stop revealing facts about your life to strangers

1.2.2.1. That information can be used to impersonate you. Many people base their passwords on their hobbies, answer security questions about where they live, or reveal their closest friends to anyone who views their online profiles.

1.2.3. Randomly generate answers to security questions

1.2.4. stop reusing your passwords

1.2.5. Never share your password over the phone

1.3. SOCIAL ENGINEERING CAN HAPPENED AT

1.3.1. ON CALL

1.3.2. ONLINE

1.3.3. IN THE OFFICE

2. POOR PASSWORD SECURITY

2.1. Ways to improve

2.1.1. Make sure you use different passwords for each of your accounts.

2.1.2. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.

2.1.3. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.

2.1.4. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password

2.1.5. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password

2.1.6. Be sure no one watches when you enter your password.

3. Ways to increase security awareness to staff

3.1. Create a culture of trust.

3.2. Teach employees the critical info that is sensitive and confidential to the business.

3.3. Build security training into everyday life.

3.4. Keep updating our staff about recent security threat that happened in our society.

3.5. make a campaign about security awareness

4. Weak Information Security Management System

4.1. what is Information Security Management System?

4.1.1. An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

4.2. classified as a vulnerability

4.2.1. a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

4.3. Why do I need to have ISMS?

4.3.1. ISMS makes your investments into information security more efficient,

4.3.2. ISMS changes the culture in your company (brings responsibility and accountability)

4.3.3. Information and data sources are utilized more efficiently,