4.3.5 - ICT Security Policies - Procedures for Preventing Misuse

?
  • Created by: Annie
  • Created on: 05-05-13 16:29
View mindmap
  • Procedures for preventing misuse
    • Downloading
      • Blocking download sites which may be inappropriate (e.g. torrent)
      • Virus scanning downloads before they are opened
      • Most organisations accept images, data and documents to be downloaded but not programs
      • Copyright Designs and Patents ACt
      • Some files, such as Excel and Access files, may be considered a virus when they're not because of macro coding
      • Encrypt data before putting onto removable data so if it is lost, it is useless
      • Files worked on at home may not be included in the main system backup
    • Establishing a Disaster Recovery Programme
      • "A plan that restores ICT facilities in as short a time as possible in order to minimise the loss caused by the complete or partial loss of an organisation's ICT facilities"
        • Options for office relocation
        • Who should be contacted and their contact details?
        • Actions to contact suppliers and customers
        • Where are the backups stored?
        • Detailed information on the systems being run
      • Setting a budget
      • Training staff
      • Back up on a regular basis
      • Know how to reinstall software
      • Terms of Users
    • Viruses
      • Guidelines on not accessing inappropriate websites
      • Limitations on internet usage - "white list" filtering system
      • Checking all websites and download files
      • Do not open email  attachments  unless certain about origin
      • Limitations on external media
      • Code of Conduct may not allow downloads or USB sticks
      • Secure firewalls which don't interrupt the anti-virus
      • Installing anti-virus for prevention
      • Virus scanning on a regular basis
      • Detection of Viruses
        • Scanning of portable media (disks, USB sticks etc.)
        • Ensuring virus detection programs are supported by quick updates to meet new threats
        • Full system scans on a regular basis
    • Security Rights for Updating Web Pages
      • Rights can be given for sections of the websites, webpages or even a frame within the webpage
      • To update a webpage, users need access rights
        • Normally associated with usernames and passwords
      • Allowing only certain members of the organisation to update webpages
    • Screening Potential Employees
      • Training the employee to be able to use the computers properly
      • Checking the qualifications of the employee
        • Does the qualification and job history match the job they're applying for?
      • Possibly check Facebook
      • Take up references from past employees
      • Checking the history of the employees for any criminal records
    • Auditing Procedures
      • Checking that there are no irregularities within the system occurring
      • Checking on irregularities by investigating the computers and employees behind them
    • System Access
      • Login and Access rights are valuable methods used by all network operating systems
        • Effectiveness depends upon user's ability to choose an appropriate password and keep it secret
      • Firewalls are necessary to restrict access going in or out
      • In modern networks, data can be access from remote places through wireless ports
  • Auditing Procedures
    • Checking that there are no irregularities within the system occurring
    • Checking on irregularities by investigating the computers and employees behind them

Comments

Mr A Gibson

Report

Excellent coverage of the prevention of the misuse of computers. Covers direct and non-direct ICT related issues. Learn the mind map and redraw it if you can or use the "Test Yourself" feature to review what you know.

Print this out and stick it on your wall!

Similar ICT resources:

See all ICT resources »See all Policies, Security and Legislation resources »