Unit 7 Organisational System Security Policies and Guidelines

Unit 7: Organisational System Security Policies and Guidelines. Disaster Recovery Policies – Studies have shown that many businesses fail after they experienced a significant loss in data but a disaster recovery plan can help. Recovery point objective and Recovery time object are two important measurements when it comes to disaster recovery and downtime. In a business RPO is the age of files that an organisation must recover from the back up storage. The RPO determines the frequency of backups. An example, if a business has an RPO for four hours then it means the business must backup every four hours. RTO is the maximum amount of time the business is allowed to backup any files from storage. In simpler terms RTO is the max amount of downtime the organisation can handle. If they can only be allowed a downtime of two hours then it can not be any longer than that.

Unit 7: Organisational System Security Policies and Guidelines. Updating of Security Procedures – It is very important for you to update your security procedures this is because everyday new threats are being created and they are becoming more dangerous. Viruses such as hacking, fraud, theft and many others. Even if one of these threats successfully infiltrate the company all personal information that is stored will be stolen. Hence having a updated security procedure it can also maintain IT security management inside the company.

Unit 7: Organisational System Security Policies and Guidelines. Scheduling Security Audits – In addition, to having an updated security procedure you may as well have an security audit. A security audit is a test, which will test the company computers and other components within the company to check if they are up to standard, if not then a replacement will be given. Having security audits will maintain the companies working environment as without security and audits running frequently; there may be a hidden problem within the computer which may be causing serious problems in the background.

CODE OF CONDUCT

Unit 7: Organisational System Security. Codes of Conduct. Email usage policy– A corporate email policy is a document that manages and outline how employees are able to use electronic communication tools. This outlines what is good and what is unacceptable in regards of how electronic communication is used. A company should have in place a guide which will warn employees about email threats e. g. phishing. The guide/ policy should limit what type of files employees are allowed to open, download or exchange between each other. In addition, the guide/ policy should also outline what steps must be done if a employee receives an offensive email, to protect against legal liability.

Unit 7: Organisational System Security. Codes of Conduct. Internet usage policy– This policy will provide employees with guidelines and rules about the appropriate use of company equipment, network and internet access. Having this policy, it will protect the business and employee; this is because the employee will be aware that certain websites will not be allowed to visit and certain files will not be allowed to be downloaded and if anyone does not follow these guidelines then there can be serious consequences that the organisation can put in place. Having an internet usage policy it will reduce the amount of security risks that can happen.

Unit 7: Organisational System Security. Codes of Conduct. Software Acquisition & Installation Policy – The main reason why organisations have software acquisition and a installation policy is because they want to prevent personal or unlicensed applications from being installed onto the companies systems. Having this policy means that it prevents threats from affecting the system, traffic and compatibility issues. Software acquisition in simpler terms is being able to manage what is being installed onto the companies system. An example of this can be, if a department of an organisation wishes to install a software that is already on the system it is completely futile for them to install a duplicate version.

Unit 7: Organisational System Security. Codes of Conduct. Surveillance Policy – The reason why there is a surveillance policy within a organisation is to ensure that a transparent working environment exists meaning that the company has regards to surveillance and that the company complies with the Workplace Surveillance Legislation requirements. There are many ways that an organisation can comply with the Legislation: • Camera Surveillance • Computer Surveillance • Tracking Surveillance • Workplace

Unit 7: Organisational System Security. Codes of Conduct. Risk Management – A risk management policy is document that includes all the risks involved when performing a specific action. This is because anything you do has a risk. Companies create these risk management policy documents to define and show all the possible risks when an employees is doing something. Risk management policy documents can be used for many actions ranging from physical, manufacturing environment, to the financial department highlighting all the risks when planning to invest in something. Risk management policy can create a safer environment by telling employees the risks that are associated to certain tasks and how you can minimize the risks.

Unit 7: Organisational System Security. Codes of Conduct. Budget Setting Policy – Budgeting for a business requires the company to set specific goals that you want to achieve and you will also need to produce a plan guiding you to achieve these goals. A good budget setting policy needs a lot of time and energy. By having a budget set, the company will not spend unesscesary amounts of money on things that are not needed. In addition, the budget will also help you distribute the money equally into different sectors of the business also helping you track how much you have spent in total.

EMPLOYMENT CONTRACTS & SECURITY

Unit 7: Organisational System Security. Employment Contracts and Security. Hiring Policies – A hiring policy is a document that tells how you hire employees. The document highlights the companies preferred hiring practice it also promotes consistency throughout the company when it comes to recruiting. A Hiring Policy document should include these 3 important questions: • Philosophy • Procedures • Standards These 3 question will guide you into finding the perfect employee that you’re looking for.

Unit 7: Organisational System Security. Employment contracts and security. Separation of Duties Policy – Inside an organisation, it is important that employers separate the responsibility. The organisation, will have many sectors within it and within the sectors there are many different jobs and they are all given to multiple people instead of one person. Having one person doing all the jobs will put pressure on them which will cause them to do problems. Organisations such as Microsoft will have different departments which will help the company develop their products. Separations of Duties will help the organisation keep their systems secure as there can be a third party audit running in the background.

Unit 7: Organisational System Security. Employment contracts and security. Disciplinary Procedures – A disciplinary process is when an organisation the employer gives a warning to the employee because they may have broken the rules or they are not performing to the organisation standards that were given to them when they given their induction. In addition, there may be strikes that the employee is given before he is fired and told to pack.

Unit 7: Organisational System Security. Employment contracts and security. Training and Communicating with staff as their responsibilities –In an organisation, teaching each employee about their own responsibilities is absolutely vital. For example, Having an employee confused about what they’re doing could impact the company itself and it may cause security breaches. Ensuring that each staff member gets enough training about their role can reduce the risk of this happening.

LAWS & LEGISLATION

Unit 7: Organisational System Security. Laws & Legislation. Computer Misuse Act - 1990 – The computer misuse act was created in 1990 and was made to prevent people from having access to computers which contain important information. By having this Act in use the chances for a company to have its personal information leaked. In addition, the computer misuse act 1990 – prevents illegal crimes from happening , these crimes can range from money laundering, identity theft and other crimes that are related to the computer misuse act – 1990. However organisations have better equipment to detect these illegal crimes but there are still crimes that go undetected.

Unit 7: Organisational System Security. Laws & Legislation. Copyright, Design and Patent Act - 1998 – The copyright, design and patent act was created to prevent people from stealing original content from the owner and taking credit for it. For example, music writer, artists, authors and other creators spend large amounts of time working on their content making it perfect and having someone easily steal their work is infuriating and unjust. By having this act in place it will get rid of unjustly people stealing work.

Unit 7: Organisational System Security. Laws & Legislation. Data Protection Act – 1998 – This act was created to keep personal information confidential from outsiders. The data protection act is used to prevent companies from sending personal information to people who pretend to be you. This will stop identity fraud from happening. However, in recent years, business have created steps to prevent personal information being handed out to the wrong person but there are still some flaws in the system.

COPYRIGHT

Unit 7: Organisational System Security. Copyright. Open Source – The definition is in the name, open source are files and documents that can be shared publically without worrying about copyright. Open source, can be related to many things but in computers open source is more commonly related to source code which is the code most people do not see. By allowing coders public access to this code they can easily manipulate the code in the way they want changing how the application or software works.

Unit 7: Organisational System Security. Copyright. Freeware – Freeware also has a clear meaning, freeware is software that allowed to be publically installed for free. However, freeware is slight different from software as freeware has the capabilities to allow the end user to change the source code and use other software with it. Freeware is just like a demo of the larger software that you can pay for. Freeware can be used on mobiles, tablets and desktops.

Unit 7: Organisational System Security. Copyright. Shareware – Shareware software is software that is distributed freely but is given with a trial. The reasons why they come with a trial is because, if the person tried the trial and liked the software they can buy the whole software or application based on the trial. During the trial there maybe adverts that push the customer to buy the full version.

Unit 7: Organisational System Security. Copyright. Commercial Software – commercial software is software or a programme that is used and designed to help with licensing and sales this also includes commercial purposes. Commercial software was once private and limited but now-a-days commercial software is becoming more and more public. Commercial software, can range from web hosting to advertising your service on their website.

ETHICAL DESCION MAKING

Unit 7: Organisational System Security. Ethical Descion Making. Freedom of Information Vs Personal Privacy – In everything you do there will be public information and then their will be personal information that you don’t want outsiders to gain access to. Free information is not restricted anyone is able to view it but personal information is restricted only allowing certain people to view it. For example, bank details, card details, hospital records and many other private information.

Unit 7: Organisational System Security. Ethical Descion Making. Permission for photography and videos – Videos and Photography should always have permission asked. Most people don’t want a video or photo taken of them and there are some who willingly volunteer to be in videos and photos. People who do take videos or photos of people either use it for a personal use or for a commercial use. For example a personal use can be for a project and a commercial use can be for a newspaper or an article that will be posted online.

Unit 7: Organisational System Security. Ethical Descion Making. Close Circuit Television – Close circuit television or known as CCTV is public surveillance without the public knowing. It may seem wrong but the intentions that come CCTV are all good. CCTV is used to ensure the safety of the public and to prevent illegal crimes from happening. In addition, to ensuring safety, CCTV cameras also privately record what it is in the view of the camera.

PROFESSIONAL BODIES

Unit 7: Organisational System Security. Professional Bodies. Business Software Alliance (BSA) –BSA is a trade group who is fighting to abolish piracy. The way that they are doing this is by educating campaigns, make sure that there is process to the legislation of technology.

Unit 7: Organisational System Security. Professional Bodies. Federation Against Software Theft – Federation Against Software Theft is a non-profit organisation that was created to stop copyright infringement of software in the UK. FAST was formed in 1984 and has not stopped to tackle copyright infringement in the UK.

Unit 7: Organisational System Security. Professional Bodies. British Computing Society – The British computing society or more known as the BCS is a professional body that ensure that IT industries in the UK follow legal, ethical and social issues.

Unit 7: Organisational System Security. Professional Bodies. Association of Computing– Association of Computing or known as the ACM is the oldest and largest scientific and industrial computer society in an international scale. Having being founded in 1947, ACM has many Interest groups within the company. In addition, ACM takes in research and communication through a broad range. ACM interest groups publish their very own articles and research.

Unit 7: Organisational System Security. Conclusion: Companies now-a-days should spend more time trying to better their system security. This can be done in many ways, having someone hack into your systems daily trying to break through it looking for weak points. In addition, to having someone hack your systems make sure that you take into note these weak points and upgrade them as you don’t want any classified information being leaked out. Furthermore, companies will need to keep an eye-out on who has access to what, as you don’t know the intentions that all the employees have. In addition, some companies have employee working from home, travelling or where ever they are and this may cause a concern. The reason why this will cause a concern is because some people may have their phone robbed or lost and within the phone there is important information that cannot be shared. Not only can people steal hardware which may have important information, they can hack into the employees hardware without them knowing and gain access. So by having the information in one stored location is better than having it all over the world. Overall, organisations should keep an all around check on how to prevent security breaches. This can be done by the techniques that I have mentioned or by other ways that can block hackers steallng important information.