Scribd
Upload
131 views4 pages

Gabriel InfoSec Guidelines

Gabriel India Ltd relies on information systems to conduct business. It is critical these assets are protected from unauthorized access or use. All employees must abide by Gabriel's information security policies and procedures to ensure confidentiality, integrity and availability of information. Failure to comply may result in disciplinary action up to termination. It is every user's responsibility to use Gabriel resources responsibly, ethically and lawfully.

Uploaded by

Hemkesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
131 views4 pages

Gabriel InfoSec Guidelines

Gabriel India Ltd relies on information systems to conduct business. It is critical these assets are protected from unauthorized access or use. All employees must abide by Gabriel's information security policies and procedures to ensure confidentiality, integrity and availability of information. Failure to comply may result in disciplinary action up to termination. It is every user's responsibility to use Gabriel resources responsibly, ethically and lawfully.

Uploaded by

Hemkesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

INFORMATION SECURITY AWARENESS

Information Security Awareness


Gabriel India Ltd. (‘Gabriel’) relies on information and information processing systems to
conduct business operations. Information and Information processing systems are critical
assets for Gabriel.

In order to ensure that these assets are adequately protected from unauthorised access or
use, protected from any falsification or errors and timely available to authorised personnel,
all employees, contractors, temporary employees and business partners must abide by
Information Security policies, procedures, and associated guidelines.

Failure to do so may result in disciplinary action, including possible termination of


employment and legal action.

It is every user’s responsibility to use Gabriel resources and facilities responsibly, ethically,
lawfully, and professionally

Information Security Policy


At Gabriel India Limited (‘the Company’), we are committed to protect information and
information assets of the Company along with those mandated by our stakeholders’ inter-alia
shareholders, customers, business partners, technology partners & employees and to make
information security integral part of our strategy and operations.

We shall,
• Maintain an effective Information Security Management System.
• Create Security Awareness and security conscious culture.
• Leverage proper technology and operational level control mechanism.
• Maintain compliance with applicable legal and contractual requirements.
• Continually monitor and improve effectiveness of Information Security Management
System.

ISMS Induction version 1.1


Date:30/12/2020
Commitment towards Information Protection
Gabriel Management is committed to the establishment, Implementation, operation,
monitoring, review, maintenance and improvement of information security management
system.

Information protection is critical at Gabriel and it is protected to ensure its

Confidentiality Integrity Availability

All employees, contractors, temporary employees and business partners must go through
policies at regular intervals

Gabriel Policies and Procedures


Acceptable Use of Assets Policy
All employees, contractors, temporary employees and business partners of Gabriel are
responsible to use Gabriel information and information systems and other information assets
in an efficient, effective, ethical, and lawful manner consistent with other policies of Gabriel

Email Policy
Gabriel provided email should be used in ethical and lawful manner for business purpose only

Clear Desk and Clear Screen Policy


All employees, contractors, temporary employees and business partners using Gabriel facility
should take appropriate precaution to ensure confidential information and records are
protected when unattended.

Access Control Policy


Approval procedure outlining the data or system owner granting the access privileges is
implemented. These procedures apply for all users, including administrators (privileged
users), internal and external users, for normal and emergency cases.

Password Policy
All password activities are controlled through a formal process. Appropriate care must be
taken in allocation, distribution, reset and use of the passwords.

Physical Security Policy


Business information and information processing facilities are having level of physical
protection from security threats and environmental hazards commensurate with the
associated risks. Business information and information processing facilities supporting critical
or sensitive business activities are housed in secure areas with appropriate entry controls.

ISMS Induction version 1.1


Date:30/12/2020
Security Incident Response Procedure
Incident Detection:
Anyone can identify that there is a potential information security incident. Therefore, all
employees and affiliated third parties must be vigilant to ensure suspicious activities they
observe are escalated timely and appropriately. An incident may be caused by accidental or
intentional technical, process or people events or failures. An incident may occur because of
a possible breach or lack of appropriate policy or procedures result in the misuse, loss, denial
of access, or damage to information on any media. Such incidents include but are not limited
to actual, attempted or suspected:

• Misuse of systems ID’s and passwords,


• Stolen or lost confidential data (including Paper, Tapes and CDs containing customer
information).
• Virus attacks & infections on network PC’s
• Attempts at identity theft
• Social engineering (e.g. impersonating another individual to gain access or
information)
• Misuse of privileged systems access by technology or support staff or outright cases
of fraud.
• Unauthorized use of organisation’s resources.
• Misuse of corporate resources (Surfing of undesirable content, exchange of abusive
contents on email etc.)
Incident Reporting
In the event a possible incident or suspicious event is detected, it is the responsibility of all
employees and contractors / affiliated third parties to report the incident to their manager or
information security co-ordinator (IC). This manager / IC will report incident to the CISO. If the
manager / IC is suspected or unavailable, a report should be made to their next level
supervisor, or directly to the Business Unit Head. Related to IT incident, email should be send
to security team on:

itsupport@[Link] or Local IT support ID

Incident Reports should be reported immediately. The sooner the appropriate individuals are
notified of an incident, the easier it is to take action and contain the incident.

ISMS Induction version 1.1


Date:30/12/2020
User Role
• Maintain Confidentiality and availability of Information at all times
• Ensure awareness about the applicable Information security policies and procedures
that relate to their workplace
• Ensure awareness about access rights
• Ensure Confidentiality of Login IDs and passwords
• Ensure critical data is backed up always
• Take extra precaution while travelling with portable devices
• Reporting Information security incidents including suspected virus attacks to Security
Team

Monitoring
Gabriel monitors its IT systems. Abuse of Gabriel IT systems and information assets and failure
to comply with company policy is a disciplinary offence which may result in termination of
employment and/or legal action against the offender.

Storage of Personal Information on Gabriel Systems or Resources


Gabriel systems are for Gabriel business use and not for personal/non-business activities.

If employees store personal information on Gabriel systems then Gabriel cannot guarantee
that it will remain confidential.

Employees are advised not to store personal information on Gabriel systems or resources.

Disciplinary Process
Refer: HR Policy

IT Process
Refer: IT Policy

Signature of the Employee

ISMS Induction version 1.1


Date:30/12/2020

You might also like