Policies & GuidelinesIn this section I will be explaining and talking about thepolicies and guidelines that can be employed by an organisation to manage theirI.T security issues. These are some examples of a few guidelines & policiesorganisations can use to help better the security of their organisation. Disasterrecovery policiesDisaster recovery involves a set of policies, tools andprocedures to enable the recovery or continuation of an IT organisation andtheir systems following a natural or human-induced disaster that has destroyeda certain amount or all of the organisations data.
Usually an IT company willhave a backup of their data being transferred to an offsite location every weekor month or even every day to be extremely safe, this means that when adisaster occurs that wipes out the entire computer systems with all thecompany’s data inside they can just transfer the backup data from the offsitelocation back into their systems again. This is extremely beneficial as data isvery costly and losing it all will mean that the business has to start all overagain.Updatingof security proceduresUpdating security procedures makes sure that even the newestof threats such as viruses, hacking fraud, theft and more are being avoided anddispersed of at all costs and also to make sure that your server keeps runningproperly, every month you should download the latest update of your operatingsystems that is running on your computers. For example, Windows new updates areavailable to ensure the security of the server is up to date and working andthat firewalls are updated to maintain better security against viruses, hackersand other security threats.
Schedulingof security auditsA computer security audit is a manual or systematicmeasurable technical assessment of a system or application. Manual assessmentsinclude interviewing staff, performing security vulnerability scans, reviewingapplication and operating system access controls, and analysing physical accessto the systems. This helps to make sure that the employees inside theorganisation are not trying to steal data from the inside and it will make surethat the employees are doing what they are meant to do while they are working.Codesof conduct e.g.
email usage policy, internet usage policy, softwareacquisition, installation policy.Having codes of conduct in place in work places makes surethat employees don’t just go on any website they like to or use their personalemail to their use when they are working or even installing third partysoftware which could potentially harm the computer system of the organisationwhich can end up hurting the business. This is essential as it the codes ofconduct will be set as rules for the employees that they cannot do certainthings while they are on the computer and if they do execute such things thenthey will be called in for disciplinary action and even get fired depending onthe severity of their damage.SurveillancepoliciesSurveillance policies is having the users and employee’scomputer history being monitored in a place of work. Computer monitoring is themethod of gathering data and information from employees’ computer systems inorder to see what their online activity is. This is so the employers know thattheir employees are always at work and not on any other websites or doingsomething online that they are not meant to be doing that could potentiallyharm the business.
Surveillance policies also include real life cameras in theroom that holds a lot of data. This makes sure that no data is being stolen inreal life as the cameras will be able to catch whoever is trying to harm theorganisation.RiskmanagementRisk management is when a company or a group of peoplepredict the risks that could potentially occur depending on the place of work.Risk management in an IT business could be the electricity, fire hazards,computers exploding, also includes internal risks like viruses and othercomputer threats. These risks are predicted beforehand because they are seen asquite common to happen. This risk management is there to predict and instructon how to avoid these dangers and what to do if these dangers do occur. So thatthe employees and everyone in the building knows exactly what to do when one ofthese risks do occur.BudgetsettingSetting a Budget for your business is like setting aspecific goal to then develop plans according to your budget do achieve thatgoal, the goals usually being a certain amount of profit in an organisation.
Abusiness budget is an integrated plan of action for your business to achieve acertain figure result. This helps to let everyone in the company know that theyhave to work hard enough and do good business to be able to reach this budgetgoal.EmploymentContracts & SecurityIn thissection I will be talking about how employment contracts can affect security.Things like the hiring policies of organisations, separation of duties,training and communicating with staff to tell them about theirresponsibilities. HiringpoliciesIt’s the policies a company has on what skills andqualification a person needs to have to be able to be accepted into the job.
Acompany believes that having hiring policies will overall benefit the company’sbusiness as they will be hiring people that fit the job type. For example, anIT organisation would rather hire a person with a computing degree rather thana history degree. That’s not the only qualities organisations look at but it isone example, they could also look at your school attendance and punctuality andmore.
Separationof dutiesIt is the process of delegating different people to completedifferent tasks and duties in order to complete more tasks at the same time,which then in the end makes everything more efficient and therefore increasingthe profit of a company and or less time is wasted on everyone doing one tasktogether. It is also an internal control intended to preventfraud and error. It increases the profit of business as the time used to finishtasks is also lowered. Also, specific people with a specific skill set will beset do to tasks that they can do the best.Ensuringcompliance including disciplinary procedures Ensuring that the employees adhere to the company rules anddisciplinary procedures is key to the efficiency and growth of the organisationas if an employee just does what they want, this can affect the company in avery negative way and end up hurting the profits and growth of the company.This is because if the employees don’t have set rules to follow they will stopdoing work and start doing other stuff that they want to do, this will thenobviously mean less tasks are finished meaning less profit is then made in thebusiness. Trainingand communication with staff as to their responsibilitiesAs with any company or establishment, employees are expectedto have received training to be able to perform their role to a sufficient standard.
As the employer, it is your responsibility to provide this training, whether itcomes in form of a course, meeting, demonstration is purely circumstantial.This will in turn help benefit the company as the employees will know how toperform the procedures that are meant to be performed such as working at thetills and or fixing computers.Laws of Security & Privacy of DataThis section includes all the official laws of security andprivacy of data. I will be taking about 3 different laws and I will beexplaining what copyright is and what the different types of copyright lawsmean.Laws:Legislatione.g. Computer Misuse Act 1990Designed to protect computer users against attacks and thetheft of information or data. This includes hacking, unauthorised access tocomputer systems and purposely spreading malicious and damaging software.
Set in 1990 created three categories of offence:1) Unauthorisedaccess to computer material2) Unauthorisedaccess with intent to commit a further offence3) Unauthorisedmodification of programs or data on a computer.The law is made to protect people who use computers inorganisations or in their home, it protects the data and information inside thecomputer from being damaged, stolen or destroyed by hackers or virus softwares.thically, stealing or destroying someone else’s data orinformation is wrong as that data and information is for only them to see notanyone else and the information inside may be very confidential and the userwould not want it to be exposed of.Copyright,Designs and Patents Act 1988Copyright, Designs and Patents Act 1988 is the current UKcopy right law and it gives the creators of literary, dramatic, musical andartistic works the right to control who can use their materials and how theyare able to edit their creations.
Taking someone else’s work and manipulating it to make itlook like yours or having it as your own version is ethically wrong to do asthat is literally taking someone else’s hard work and adding a few of your ownthings into it and saying that it is yours. This law makes sure that everyone’swork is unique and no work is able to be copied off of once it has beenpublished and has the copyright logo.Privacyand compensation requirements of Data Protection Act 1984,1988,2000Data protection act 1988 is an act of parliament designed toprotect personal data store on computers or in an organised paper filingsystem. Follows the EU Data Protection Directive 1995 Protection.
It is theprotection against employers processing and moving the data of their employees.Individuals have legal rights to control information about themselves.Legal – An act ofparliament designed to protect personal data stored on computers or in asystem. Set in 1998. It monitors the processing and movement of data.
Individuals have legal rights to control information about themselves. Butpeople like employers having their employee’s details, they cannot leak or sendtheir details anywhere.Ethical – It iswrong to leak other people’s data and personal details. It is just a bad thingto do as their privacy is then disrupted and they may feel scared the rest oftheir life as their information and data has been exposed of.
They could alsoend up in danger if their personal information ends up in the wrong hands.Copyrights:OpensourceAn opensource license is a type of license for computer software and other productsthat allows the source code, design or the blue print to be used and or changedshared under defined terms and conditions. This means that companies can useand modify the source code, blue print or design for their own use andcustomize it to fit with their company’s theme and they won’t get a copyrightstrike for it. Open-sourcelicensed software is mostly available free of charge. Open source software is made by manypeople, and distributed under licenses that comply with the Open Source Definition.
FreewareFreeware issoftware distributed at no cost to the user. It is software or projects thatare made to be used free of charge, meaning that anybody can download thesoftware or project and use it for their own need or purpose. Copyright ownershave the right to distribute copies of their work. However, copyright law doesnot require that copies be sold for a price.
Meaning, the copyright lawprotects freeware, and its use is governed by a license. SharewareShareware iswhen the software developer allows the users to have the opportunity to trysoftware for free before deciding whether to buy it or not. The shareware maybe a more limited version of the software, meaning it won’t have all the featuresthat are intended and the license would stop the shareware from being modifiedor changed in any way otherwise the user may report it as piracy. CommercialSoftwareCommercialsoftware is any software or program that is designed for licensing or sale tousers or that serves a commercial purpose.
It is licensed to be sold for profitby the companies that create it and it is a very strict license where,protecting, copying or modifying the software will lead to legal action.