The Great Eastern Shipping Co. Ltd. - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

The Great Eastern Shipping Co. Ltd.

Description:

All Communications With Charter Parties, Brokers and Agents To Be Preserved for ... Communications and Agreements with our Suppliers and Service Providers ... – PowerPoint PPT presentation

Number of Views:380
Avg rating:3.0/5.0
Slides: 24
Provided by: rpdum
Category:

less

Transcript and Presenter's Notes

Title: The Great Eastern Shipping Co. Ltd.


1
The Great Eastern Shipping Co. Ltd.
  • Security and Accessibility
  • By
  • R. P. Dumasia
  • General Manager Information Technology

2
Topics Reviewed
  • Our Organization
  • Our Philosophy
  • Our Needs
  • Issues Facing Us
  • Implementation
  • Our Roadmap

3
A Word On Organization
  • We Are Ship Owners
  • We Charter Out Vessels
  • We Carry Cargo for Our Charter Parties
  • We Carry Out Service in Ports for Various Port
    Authorities
  • We Service Oil Rigs
  • We Undertake Marine Construction Projects and
    Drilling

4
A Few More Details
Our Ships
42 Vessels
31 Vessels
Cargo Ships
Service Vessels
Supply Vessels
Dry Bulk Cargo
Anchor Handling Tugs Supply Vessels
Wet Cargo
Products
2 Helicopters
Diving Support
Crude
Gas Cargo
Floating Rigs
5
Our Philosophy
  • Ability to Access Documents Information From
    Anywhere
  • We Believe 60 of Knowledge and 40 of
    Information Lies in Documents. Rest is in our
    Information Systems

6
What Is Security to Us?
  • Large Contract Documents Long Term
    Accessibility and Security
  • Fast Retrieval of Old Contracts for Similarities
    and Enquiries
  • All Communications With Charter Parties, Brokers
    and Agents To Be Preserved for Long Time,
    Multi-department Access
  • Communications and Agreements with our Suppliers
    and Service Providers ( Dry Docking)
  • Each Ship Has About 200 Drawings to be Made
    Accessible in Office and on Ships
  • Security Standards and Operating Instructions

7
Issues Facing Us
  • Operating Units Are Moving Targets
  • Operating Units Are Under Class Registration
    Multiple Certifications
  • Operating Units Need Processes, Standards and
    Reporting Forms
  • Operating Units Are Moving From One Regulation
    Environment to Another
  • Operating Units Face Changing Operating Laws and
    Regulations
  • Operating Units and Offices are covered by ISPS
    security Standards (International Ship and Port
    facility Security Code)

8
Issues With Operating Units
  • Restricted People Capacity To Handle Information
    Technology Complexity
  • Only Hardware Support On-Site when in port
  • Software Support From Office Is In-Direct
  • Costs Of Communications Satellite / Courier

9
Our Needs
  • Documentation For Operations, Technical, Safety,
    Quality Standards, Cargo Handling, Operating
    Instructions For Various Equipment must be
    secured with limited access
  • Email access is divided into personal mails and
    business mails
  • Huge amount of information on Internet is being
    used.
  • Supply chain requires access to Suppliers,
    Freight Forwarders into our Systems
  • Need for access to Paid sites like Reuters,
    Bloomberg
  • Information from Ships in form of Email, Cds,
    Floppies may be contaminated.
  • Normal Security Issues relating to Documents,
    Viruses, Systems, Internet Access

10
Email Issues
  • Long term storage of emails for Arbitration and
    legal issues.
  • Email boxes separated for personal use and
    Official mails
  • Access to Official mail boxes have limited
    deletion rights
  • Archiving of mails on Cds for fast retrieval
  • Limited Administration access for Email Account
    Creation, Deletion.
  • Only Remove rights for persons leaving. Emails
    always kept in-tact. Incoming mails blocked for
    the account
  • No cross access to Personal Mailbox given accept
    on written requests from HODs

11
Application Systems
  • Separate Database for Testing and Development
  • Database access on live servers at SQL level
    restricted
  • Daily Automated backups of Database
  • Periodic Backup of System OS
  • Source Programs on Separate Server with Limited
    access
  • Source Programs Backed up Daily

12
Applications Security
  • User Rights Decided by HOD but Monitored by IT
    for Maker Checker Controls
  • All Changes, Insertions are Logged.
  • Cross Departmental rights need both HOD Signoff
  • Password Control in Applications also.
  • Reports Restricted, Especially cross department
    information
  • All Change Requests Need HOD Signoff

13
Document Security
  • All Documents in Centralized Document Management
    Systems
  • Ensures Daily Backup of Documents, Rights, Logs
  • Strong Security in the System
  • Logs maintained for Access and Modification of
    Documents
  • Documents on Individual Pcs not Considered for
    Backup.

14
Pcs Notebooks
  • Strong Anti-Virus Stringent Action if disabled
  • Changing to Windows 2000 / XP to Control Changes
    to Setups and registry
  • NO Sharing from Peer-to-Peer

15
Servers Routers
  • Root access restricted to 2 Employees in the
    organization
  • Engineers given restricted access
  • System and Setups have Periodic Backups
  • NO System Level Access to Developers
  • Passwords changed Periodically and Available only
    to 2 persons
  • Physical Access is locked and all entry to Server
    room is recorded

16
Networks
  • Firewall and Proxy against the Outside World
  • Network Based IDS for Critical Segments and
    Outside Links
  • Host Based IDS for Critical Servers
  • We Looked at Costs and Benefits and Decided on
    Limited Implementation.

17
Disaster Recovery Current
  • Mail Replication Between offices in On-line Mode
  • Citrix used for Remote access if Office is not
    available
  • Offsite Disaster Site under Implementation at
    Hyderabad
  • Will Replicate Data Center at HO
  • All Systems to be made available to Limited Users

18
Policies in Force
  • Password Management
  • Program Change Control
  • Internet Access
  • Application Security
  • Email Usage
  • Server Security

19
Our Security Related Activities
  • Daily check on email Logs
  • Check Content Filtering Logs
  • Lotus Notes Email Logs
  • Daily check Firewall Logs
  • Daily check IDS logs for exceptions
  • Ensure Proxy Server Policies are operational
  • Server Logs
  • Network Management System Logs
  • Anti-Virus Status on Desktops and Servers for
    Engine and Database Updates

20
Outsourced Security Activities
  • Routers and Servers Logs Audit - Quarterly
  • Application Systems Audit Every 3 Years Or at
    Major Change
  • Transaction Integrity
  • Security Integrity
  • Firewall Audit
  • Sample PC Audits

21
Our Roadmap and Future Issues
  • Single Sign on (Citrix Password Manager)
  • Internet Access from Ships? A Security Nightmare?
  • On-Line access to applications from the Vessels?
    Nightmare No. 2?
  • IDS to IPS?

22
A View Of Indias Largest Ship
Over 10 Floors High
3 Half Football Fields Long
¾ Football Field Wide
Top Speed of 15 Nautical Miles Per Hour
Fully Loaded Ship Will Take 15 Miles to come To a
Standstill Position
23
Thank You
Write a Comment
User Comments (0)
About PowerShow.com