Unit 7 Organisational Systems Security By Nabil Ahmed
Unit 7: Organisational Systems Security By Nabil Ahmed
P 4 - Explain the policies and guidelines for managing organisational IT security issues Countries affected by natural disasters will have a disaster recovery policy for businesses in that nation so that their software and facilities during the crisis are not dangerous. For example, if an earthquake happens, businesses will have anti-earthquake systems so that any machinery will not tip over and get destroyed. When businesses do not have a Disaster Recovery Plan, it will interfere when their records may be destroyed or as a consequence of downtime it may result in further harm to facilities. Since they have not had the treatment, it will harm their credibility as it will demonstrate that they are not trained for any issues.
Code of conduct Code of Conduct is a set of rules in a business. These are issued to discipline, justice and regulations in order to prevent harm to equipment / software or to prevent injury to any worker in the building of the business. Code of Conduct is provided mostly in places of work, in college and in the military. There are code of conduct to direct employees / students securely in day-to-day decision making. There will be a code of conduct for a fire in a college, for example, and they will do some fire drilling so that everyone can follow the correct fire safety guide. Code of conduct can also be used on the code used by the client to avoid any risks to the computer system.
Email usage Password use is when, for security reasons, an organisation restricts the uses of the user's password and also avoids any risks to the network and process. People will not be allowed to use their personal email for their use and for private use there will be a separate system. This is because if the user opens an email with a virus, the virus can spread through the computer, as well as the network that affects them, as well as the companies. For example, in a college you will receive an e-mail from the college that allows you to e-mail your teachers and you will have more access to things with a college e-mail than your personal e-mail.
Organisation security Safety of company is a safety process that takes place when hiring new employees. This procedure is in the company's place of safety as well as other employees ' safety. The company's employer will perform a number of checks on the person before permitting the hiring of the new staff. For anyone to join the company, a room will need to be open. Once you've got to hand in your cv for the role you want, some store might tell you to apply online. Once you've done it and the manger is happy with your cv / application, you'll be asked to enter an interview that's going to take place in the company building and they'll give you a date and time to get in.
Surveillence policy Surveillance Regulation is in a position where the organisation can control other places. Surveillance is not included in staff quarters or bathrooms or in any personal area. Monitoring will monitor administrative environments using CCTV, key logging technology records the keys that you click on the machine or control the device which controls the information which goes through the computer system. Both staff in the businesses need to be informed of the tracking policies and also have to sign the Monitoring Policies Agreement indicating that you are conscious that you are being monitored and observed. Of example, there will be a sign showing that there is CCTV in some public places such as a library.
Risk assesment This is the calculation and estimation of how probable a risk is to exist, what risks are there, and how they can be resolved.
Budget setting This is when an entity imposes a target as this hardware is not free to deal with security issues. There also has to be a contingency plan, as when disasters happen, more cash will be needed to make the issues that can exist. The college is going to have a plan for that.
P 5 - Explain how employment contracts can affect security
Separation of Duties It is essential in some organisations that the employers should distinguish the obligation of the worker. The organisation will have different departments of different job this is so that one employee is not liable for all the workers, as getting one person in charge of all positions would put a lot of pressure on the worker that will give them anxiety. Big companies like Microsoft are going to have different teams to help the company grow its goods.
Disciplinary process A Disciplinary process is when, in a company, the employer gives the employee a warm-up for doing something like breaking the Code of Ethics or not doing as well. The first warning that the worker will get will be a verbal warning that this punishment will clarify what you have done wrong and why you have been given this notice. Depending on the business you work for, the verbal warning can last up to 6 months. If a written warning has been given that will last up to 12 months. Written warning would explain in more detail what was wrong with the job. A last notice will be issued, as well as a briefing with the company's director or anyone in charge.
Training A compensation schedule is when one week of instruction is offered by the company to the worker. The learning is there to help the organization's employees work better and also to help them improve their skills. School teachers, for instance, will have training days that help them develop their skills.
P 6 - Review the laws related to security and privacy of data
Legislation Organisations systems need to be aware of the four laws as their computers have that improves which are Computer Misuse Act, Copyright, Design and Patents Act, Data Protection act and the Freedom of Information Act.
Computer misuse act The computer misuse act is a legislation that is used for dealing with the crime of accessing or changing data stored on a computer system without being allowed to do so. The Computer Misuse Act protects from unauthorised access and modification of personal data held by organisations). The act makes illegal the following: unauthorised access to computer material. . Making, supplying or obtaining anything that can be used in misuse of computers.
Copyright, design and patent act (1988) The current UK copyright law is the Copyright, Design and Patent Act. It gives literary, dramatic, musical and artistic works creators the right to control how their work can be used. The work would be protected if a user steals the pieces of work of the creator and says that when it is not, it is their work. The creator work would be protected against the user who attempts to copy their work by the creator taking legal action. If a user wants to use the work of a creator, there are two ways that the user can avoid using the work to commit a crime. Either they can quote the source stating who the work belongs to the creator. The creator will therefore receive the credit for the work that the user does not use.
Data protection act (1984, 1998, 2000) The Data Protection Act is personal information that companies, government and other companies must handle properly. It's also the right for people to know the person's information. It allows the person to control the information given about them. The 3 main rules of this Act are Personal data should be processed fairly and lawfully, it should be processed unless one condition is met in schedule 2 and if its sensitive personal data one condition from schedule 3 has to be met. Personal Data should only be obtained if it’s for a specified or lawful purpose if it doesn’t then it should be obtained if it’s for a specified Personal Data shall be relevant to the purposes for which it was processed
Data protection act (1984, 1998, 2000) The act prevents people from storing information about a person which ensures that the person whose information is stored can have access to that information so that they can control the information. This means people feel safer knowing that people have the right information about them and if they don't have the right to edit it.
Freedom of information act The act of freedom of information includes laws that provide the public with data that is help from the government. It is information that the government should share with others. It would come to the Data Protection Act to learn personal information. From 1 January 2005 came the Freedom of Information Act. The Ministry of Justice is responsible for the act and the legislation is at the national level in the United Kingdom, which in 2005 cost around 35. 5 million. 1. General right of access to information held by public authorities. 2. Effect of the exemptions in Part II. 3. Public authorities
M 3 Explain the role of ethical decision making in organisational IT security
Freedom of Information Versus Personal Privacy If data is available via the internet, this ensures that the freedom of the information legislation will have a positive impact as a consumer searches access data via the internet. This has become a negative impact on personal privacy as the data are now available to be seen by the public rather than concealed. Users can now visit UK services and use the location information to sign up for those sites that offer a lot of resources and knowledge. This data can be used to provide services such as if you are searching for a job and you are searching for it on Google, Google can automatically find the closest job to you using your location service that you can turn off at any time. Some users may not be aware that their location service is on and may result in some unwanted stuff.
Permission issues Consumers can use works such as images and videos if they are not copyrighted, but if they are the client who wishes to use the creator work, they will need the creator's permission to use the work without any legal action. When time goes by, the ways of sharing information and media through software will become simpler when years go by for applications that have led people to question the existence of technology. Organisations keep their values by saying what they allow and deny in order to maintain the same level of value.
Conclusion Security policies will benefit the business for example having CCTV will help a business for their own safety. If the business is already safe then the business will carry on to keep their data safe for couple of years. Many businesses really need to think about where natural disaster are common to happen they should think about adding the natural disaster policies which would save them a lot of money. I think the IT people should follow a lot of these procedures to keep their data safe also their workers.
- Slides: 23