4.3.5 - ICT Security Policies - Security Policies

  • Created by: Annie
  • Created on: 04-05-13 23:15
View mindmap
  • Security Policies
    • Physical Security
      • Swipe cards or code number access
      • Security guards and CCTV to track those who access the building
        • Visitor's book
      • Advanced methods  such as biometric scanners for access
      • Simple methods such as locking the door or a safe for backup tapes
      • Locks on computers or lock them to the desks
    • Software Security
      • Security checks within the software
        • Checking the user has permission to use the software
      • Some organisations has a forced password change after a certain amount of time
        • Makes it harder to work out someone's password
      • Look at 4.3.1
    • Personal Admin
      • Code of  Conduct: Employees know how they are expected to act
      • Recruitment: Employees need to be able to complete their jobs and references ensure responsibility
      • Managers: One responsibility is to ensure procedures are being effective
      • Training: Many errors are made due to inexperience
    • Audit Trails
      • Scanning the network to check history of who is accessing the system and what they did
        • Checking any irregularities
    • Staff Code of Conduct
      • The code will be used with disciplinary procedures to act as a deterrent to individuals
      • The British Computer Society (BCS) has a code of conduct that is often used by companies as it is kept updated by experts to account for the latest technology
      • Without such a code, employees may accidently do foolish things
      • See 4.3.4
      • An agreement between employees and the organisation for how the system is allowed to be used
    • Disaster Recovery
      • Includes backups, data storage and what to do in case of the disaster
      • Creating plans in case of a disaster
    • Investigation of Irregularities
      • Method refers to checking even the smaller unusual  occurrences
      • A network may track external access by authorised personnel and if the amount of data accessed or downloaded increases, they may contact the employee to confirm it is them
      • It could also refer to an email account appearing to receive a lot of messages as this may be spam that could contain viruses


No comments have yet been made

Similar ICT resources:

See all ICT resources »See all Policies, Security and Legislation resources »