IT INFRASTRUCTURE AT JSPL

Jan, 2014
June 2011

IT Infrastructure

Agenda

Objective Scope IT Infrastructure Software, Hardware and Network Detail

IT Support
Information Security Policy

June 2011

IT Infrastructure

Objective

The objective of the session is to have an awareness and a better understanding of the IT Infrastructure and

Information Security Policy among Punj Lloyd users.

June 2011

IT Infrastructure

Scope
It applies to all employees, contractors, consultants

and temporary staff at JSPL Group.

All are expected to be familiar with Infrastructure setup

and comply with the Information Security Policies.

June 2011

IT Infrastructure

Infrastructure Setup at JSPL - History

LAN in 1982

WAN set-up in 1995.

ERP implementation in Jan, 1997

June 2011

IT Infrastructure

IT Infrastructure - Snapshot

June 2011

IT Infrastructure

WAN Connectivity

June 2011

IT Infrastructure

IT Infrastructure Controls

Well defined IT and Information Security Policy Enterprise Security Solution deployed for Anti Virus & Web Content filtering Highly secure encrypted connectivity between Project offices over VPN. VSAT connectivity for various project offices

Dedicated staff for regular monitoring and audit for IT Controls

June 2011

IT Infrastructure

Network Connectivity At Site Offices

VSAT links are used to connect out locations. There are 10 DAMA and 30 TDMA locations connected to HO.

Delhi Internal network

Head Quarters

Checkpoint Express

MIDDLE EAST INTERNATIONAL INTERNET

OFC Link between Corporate office at Gurgaon and Nehru Place

9 Mbps Internet link at Gurgaon corporate office All Mobile users can access their Mails and Oracle Apps. via Web.

WLL LINKS 1 MBPS

DLINK INTERNET SECURITY FIREWALL 48 PORT switch Network USERS

VOIP connectivity.

June 2011

IT Infrastructure

Software
Proxy
ISA

Office Automation
MS Office 2003 Open Office 3.0, 3.1 Lotus Smart Suite ver 9.6 Adobe Acrobat

Messaging
Lotus Notes R7 Server Lotus Notes R7 clients

Firewall
Checkpoint

Backup and Disaster Recovery

Arcserver V11

Anti Virus
McAfee 4.0.3 Trend Scan Mail ver 2.5

Project Management
Primavera Enterprise ver 2.0B and 3e

URL Filtering
Super Scout ver 3.0.3.1from Surf Control

Anti Spam Mail s/w

Ironport

June 2011

IT Infrastructure

Software Cont
ERP Oracle Apps 11.5.10.2 (11i)
Database Oracle 10g Oracle Forms Developer Oracle Reports Developer

Bandwidth Monitoring MRTG

June 2011

IT Infrastructure

Oracle ERP Module Financial Management

Accounts Payables, General Ledger, Fixed Asset, Account Receivables, Cash Management

Material Management
PO Module, Inventory Module

Equipment Management
Enterprise Asset Management

HR Management
Core HR, Self Service

Project Management
Oracle Project Accounting

June 2011

IT Infrastructure

Software Policy

Software Procurement would be through IT Department Only authorised and licensed software's are allowed JSPL has global contract for all the licenses Dedicated staff to monitor the s/w compliance

Usage of Software Assessment Tool.

All unauthorised software will be purged from the hardware. Encouraging usage of Openoffice

June 2011

IT Infrastructure

Engineering Software
AutoCAD 2002, 2005, 2006, 2007
STAAD Pro 2006 PDMS - Plant Design Software ver 11.5

Pipenet - Fire fighting system design Software

Tank ver 2.20 Tank Design Software as per API 650 PVElite Pressure Vessel Design software

ETAP Electrical Design Software

Ceaser II Off Pipe

I- Sketch
June 2011

IT Infrastructure

Hardware
Desktops (PIV of HP, IBM, Compaq) Laptops (Toshiba, HP, Sony)

Servers (IBM, Sun, HP)

Routers (Cisco 2500 and 2600 series) Plotters - ( HP A0 Size) Scanners - ( Bell & Howel, HP, Toshiba, Cannon ) Printers - ( HP, Canon, Toshiba, A3, A4, DTNs ) UPS - ( ranging from 3 KVa to 60 KVa )
June 2011

IT Infrastructure

Hardware Policy

All Hardware procured is standardised across JSPL Group. All DT / LT procured would be retained for the period of 4 Years. Global tie-up with HP for the hardware procurement.

June 2011

IT Infrastructure

Skilled IT professional at both JSPL and Site locations. ERP footprint deployed at all major sites. Central management of all software licenses. All Employees are provided access to Mailing System. Effective use of File Server for the department/ project team . Must check for mails issued from [email protected]

IT Support At JSPL & Project Sites

All JSPLs resources, information and data must be used for business purposes.
JSPL FTP Server available for sharing information across site locations. Logging a call with helpdesk ([email protected]) for any IT related issues. Established escalation matrices. Report Security Incident at [email protected] .

June 2011

IT Infrastructure

Information Security Policy

Why is it important to me ?

You are the critical link in protecting the JSPL information assets

You must understand the importance and criticality of protecting the

information

You determine how effective is the Information Security

June 2011

IT Infrastructure

The CIA Triad

Confidentiality

Availability

Integrity

Confidentiality : To prevent unauthorized disclosure of information stored or processed on JSPLs information systems Examples include: Protecting operational data

June 2011

IT Infrastructure

Confidentiality

Availability

Integrity

Integrity :

To prevent accidental or unauthorized/deliberate alteration of information. Examples include: Ensuring that the sensitive data isnt modified by an unauthorized party
June 2011

IT Infrastructure

Confidentiality

Availability

Integrity

Availability :

To prevent accidental or unauthorized/deliberate destruction or deletion of information necessary to JSPLs operations on a 24X7 basis. It relates to ensuring that data is accessible.

Examples include:
Ensuring that critical servers are available to customers

June 2011

IT Infrastructure

What could happen

Internal Incidents Survey Results Installation/use of unauthorized software Viruses/malicious code Infection

Improper Internet Usage

(porn surfing, e-mail harassment)

Abuse of computer access controls Installation/use of unauthorized hardware Illegal Use of company computing resources
(gambling, managing personal e-commerce site, online investing)

Physical theft/sabotage
(intentional destruction of computing equipment)

Electronic theft/sabotage
(intentional destruction/disclosure of proprietary data or information)

Fraud
June 2011

IT Infrastructure

What can you do ?

Must read IT & Information Security Policy hosted in Intranet Seek and clarify your contribution to JSPLs security standards

As an employee, respect JSPL's information assets, resources

Protect sensitive information Not accept norms that conflict with JSPL values and beliefs

June 2011

IT Infrastructure

What you cannot do ?

Actively study information one has gained access to by mistake. Spread information that can in some way hurt others/ business. Make private statements or publish private material in the name of JSPL Work in any way, non-compliant with the Values of the Organization.

June 2011

IT Infrastructure

Key areas to focus

User id & password
Email Usage Laptop/Desktop Security Computer Media Internet Usage Backup

Some other Best Practices

Management directives

June 2011

IT Infrastructure

User ID and Password

The User ids are unique to each employee and it will be the responsibility of every employee to maintain the confidentiality of his / her user id and password Shared user ids should be brought to the notice of HOD and have the same

recorded with ISD

Dos Change your passwords frequently Don'ts Share or disclose your passwords

(at least once in 45 days).

Change your password(s) promptly that has been compromised or suspected of being compromised.

Write down your passwords

Use any password saving features

Create complex log-in passwords

using both alphanumeric and special characters

June 2011

IT Infrastructure

Email Usage
Dos Use the e-mail for official purposes only Be careful what you say in an email. It can and will be forwarded. Be careful when replying to mailing Don'ts Transmit or store offensive maternal. Transmit information assets of JSPL to unofficial mails ids

Forward chain mails or any mails that are

non value add to the organization. Also reply mail with attachment received Use the email for sending attachments

list messages, or to messages sent

to many recipients.

larger than 5 MBs

Use secondary email engines (Yahoo Mail, AOL, Hotmail etc) for official purposes

June 2011

IT Infrastructure

June 2011

IT Infrastructure

Laptop/Desktop Security
Dos

Don'ts
Ensure that your machines have complex login' password Share folders or disk drives Download or install freeware, shareware or any other such software or application Leave your laptop unattended

Make sure that you install only legally licensed software on your PC or laptop issued by ISD

Data that needs to be shared should be transferred to the designated

shared folder's on the file server

June 2011

IT Infrastructure

Computer Media
Dos Store media that contains sensitive or confidential information in a safe and secure environment Erase the contents of any re-usable media by reformatting or deleting before handing over to the third party or vendor Don'ts Carry any media such as CDs, DVDs out of JSPL premises without clearance of ISD Carry and use any personal media like tapes, disks, CDs, USB pen drives in the office premise

June 2011

IT Infrastructure

June 2011

IT Infrastructure

Internet Usage
Dos
Use the Internet for official and authorised purposes only Adhere to JSPLs policies while accessing the Internet from an JSPL owned computer/ laptop

Don'ts
Access the Internet directly from office network using modems or other private connections unless specifically approved Install freeware, shareware / trial version software and obscene written or pornographic material available on the Internet

Upload official data on to mass storage sites and public FTP Servers

June 2011

IT Infrastructure

Backup of Information
Employees should ensure critical official data backup by effectively using the File Servers Comprehensive Back-up all the files that you own and don't forget to backup your email inbox in the

designated directories / folders.

Timely Back up all of your important files before your computer is repaired or has any major hardware or software upgrades.

Regular
Back up files according to a regular schedule.

June 2011

IT Infrastructure

OUR Responsibilities . . .
Ensuring that WE are aware of, and understand, the security
requirements of JSPL Complying with the do's and don'ts propagated by ISD. Check for mails issued from [email protected] Ensuring that JSPLs resources, information and data are used for business purposes. Using information systems only as appropriate for ones job

responsibilities Reporting security incidents immediately to [email protected]

June 2011

IT Infrastructure

Conclusion

Comply to JSPL Security Policies

Must Read IT & Information Security Policy

The SUCCESS of the JSPLs Security Program

DEPENDS ON YOU!
June 2011

Thank You

June 2011