Cybersecurity protects computer networks and information systems from unauthorized access, use, disclosure, or destruction. Cybersecurity concerns include attacks on networks and systems by malicious individuals or groups and accidental or unauthorized access.

The cybersecurity landscape constantly evolves as new threats are discovered, and new technologies are developed. As a result, it is essential for organizations to continuously update their cybersecurity strategies and practices to stay ahead of the curve.

There are various ways to protect your organization’s data from cyberattacks. Some include using antivirus software, firewalls, and data encryption schemes. Others rely on human resources – such as training employees on identifying potential cyber threats – or technology – such as monitoring system logs for patterns that could indicate an attack is underway.

No matter which approaches you choose, make sure you have a plan to update your security measures if needed to protect your organization from future cyberattacks.

Infyshine security policies:

Antivirus Policy:

1. Currently, the standard anti-virus software Sophos is used for Windows OS clients

2. Infyshine has deployed Sophos in client server model

3. All computers attached to the Sophos network will be run on this particular standard and supported anti-virus software. This anti-virus software is active at all times and is configured in such a way that it performs on-access real-time checks on all executed files. Also, scheduled virus checks are present at regular intervals. The virus definition files are kept up to date all the time. 

4. The anti-virus being used addresses all the following advantages:

– Detects all known types of malicious software

– Removes all known types of malicious software, and

– Protects against all known types of malicious software

5. Evolving malware threats are being monitored and evaluated for systems that are not currently considered to be commonly affected by malicious software. 

Disaster Plan @ Infyshine:

This policy defines the requirement for a baseline disaster recovery plan to be developed and implemented by Infyshine that will describe the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.

Email Security Policy

• Use of emails is consistent with Infyshine Technologies Pvt Ltd.’s policies and procedures of ethical conduct and safety and is in compliance with applicable laws and proper business practices

• Infyshine Technologies Pvt Ltd.’s email account is used primarily for Infyshine Technologies Pvt Ltd.’s business-related purposes. Personal communication is permitted on a limited basis. Commercial use of this email not related to Infyshine Technologies Pvt Ltd. is prohibited.

• All Infyshine technologies Pvt Ltd. data contained within an email message or an attachment is secured according to the Data Protection Standards of the company.

• Email will be retained only if it qualifies as a Infyshine technologies Pvt Ltd. business record. Email is a Cisco business record if there exists a legitimate and ongoing business reason to preserve the information contained in the email.

Hardening Guidelines

• System configuration and hardening procedures are documented for each type of system components. 

• Only one primary function is implemented per server, including virtual system components or devices. 

• System configuration standards are updated and new policies are applied in case of any new vulnerability issues. It also includes the verification of the configuration standards before being installed. Only necessary services or protocols are enabled and security features are implemented for any required services, protocols or daemons considered insecure. 

• System security parameters are also configured to prevent misuse. 

• All unnecessary functionalities (for example, scripts, drivers, features, subsystems, file systems, etc.) are removed. 

• Authorized functions can be enabled under the vigilance of the IT admin.

Hardening Standards Firewalls,  Routers and Network

The hardening guidelines of firewalls, routers and networks are clearly described in our policy. Our policy describes the minimal security configuration for all firewalls, routers, and switches connecting to the network. It also establishes the guidelines for secure wireless access in the network.

The following standards are achieved with our policy:

• Source and destination addresses at internal and external network control points are thoroughly validated.  

• All firewalls and their network components are operated, managed and maintained by the It Admin

• All firewalls perform a stately inspection. 

• All changes to the external network connections, the firewall, switches and router configurations are approved by management and tested prior to implementing the change.

• The following services/ports are necessary for business purposes and are currently allowed through our firewall:

– HTTP (TCP/80)

– HTTPS (TCP/443)

– SSH (TCP/22) 

– SMTP (TCP/25)

– VPN

• Justification for protocols besides HTTP, HTTPS, SSL, and VPN is documented in this standard.

• All the wireless connections use the Mac binding.

• Telnet and other remote login commands for internal use are  removed/deactivated. Also, justification for the use of risky services, such as FTP and Telnet are  documented in this standard

• Secure technologies like SSH, S-FTP, SSL or IPSec VPN are used to protect insecure services such as FTP and Telnet

• Infyshine Technologies is responsible for the bi-annual review of the firewall and router rule sets. 

Incident Response Plan Policy

• All computer and network security incidents are processed by Infyshine in coordination with the Human Resources and/or General Council.

• Designated specific personnel are available on a 24×7 basis to respond to the alerts.

• Infyshine will be notified of all computer and network security incidents that may affect the confidentiality, availability and/or integrity of the computer equipment.

• Incident Response plan will be modified as required based on

• Lessons learn from last year’s reported incidents.

• Industry Standards updates.

• All the research incidents will be investigated within 7 days of their occurrence.

• Maintains a list of previous Incidents or alert reports

• Annual testing of the incident plan is always conducted.

• Appropriate training is provided to staff with security breach response responsibilities and also is recorded periodically. 

• Infyshine monitors and responds to any alerts from security monitoring systems, including the detection of any unauthorized wireless access points.

Backup and Recovery Policy

Every user is ensured that the backup of critical / official data residing on his/her desktop/laptop is backed up onto the common central storage provided by the IT department. They may seek help from IT team for any support required for facilitating the same.

Password Policy 

Strong passwords have the characteristics contains at least three of the five following character classes:

o Lower case characters 

o Upper case characters

o Numbers

o Punctuation

o “Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:”;'<>/ etc) 

Physical Security Policy

• Facility entry controls like CCTV camera environment are provided. Door entry access is always monitored. Unauthorized access is purely restricted.

Remote Access Policy

Requests for remote access to Infyshine technologies private ltd.’s network are always submitted in writing /E-mailed to the Project manager and IT Head for review. Proper approvals are obtained before an employee is granted access to a remote connection.

Security Training Awareness Policy

All Infyshine employees with access to protected data and information assets have undergone appropriate information security awareness training. Appropriate information security training is provided to individuals whose job functions require specialized skill or knowledge in information security.

IT Support is responsible for managing and implementing the Infyshine program which includes, but is not limited to promoting the understanding and importance of Infyshine and individual responsibilities and accountability

• Conducting background checks and credit reports before hiring employees who will have access to non-public information. See Non-Public Information Security & Disposal Policy. 

• Requiring employees and independent contractors to sign an agreement to follow Infyshine policies

• eveloping policies governing the appropriate use of company technology

•Training employees on appropriate security measures and responses to attacks or suspected attacks