ICT Security Policies Topic 4.3.5
- Created by: megansaunders850
- Created on: 19-02-18 09:43
View mindmap
- ICT Security Policies
- Threats/Examples/Consequences
- Terrorism
- Natural Disasters
- Criminal/Sabotage
- Fire
- Theft
- CONSEQUENES - loss of business and income. Loss of reputation. Legal Action (DPA). Cost
- Need for Security Policies
- Legislation obliges orgs to keep data secure eg the DPA
- Data is vulnerable to misuse eg can be deleted/copied/corrupted either accidental or deliberately by internal or external individuals
- What should a security policy contain?
- Staff code of conduct and responsibilities
- Operational procedures including disaster recovery planning and dealing with threats from viruses, backup, updating antivirus
- Personnel Administration
- System Access
- Continuous investigation of irregularities
- Prevention of misuse using logical (SW) methods
- Physical Security
- Disciplinary Procedures
- Operational procedures for preventing misuse
- What can orgs do to try to prevent anything going wrong with their data in the first place?
- They establish procedures.
- NOT actually running a virus check or actually making a backup. so creating a routine for backup and security etc.
- Screening potential employees
- Routine for distributing updated virus info and virus scanning procedures
- Define procedures for downloading from the internet, use of removable media, personal backup procedures.
- Establish security rights for updating web pages
- Establish a disaster recovery programme
- Set up auditing procedures to detect misuse
- Log on procedures
- call backs procedures for remote access
- Establish procedures for training staff
- What can orgs do to try to prevent anything going wrong with their data in the first place?
- Disaster Recovery Plan. Should Contain;
- A DRP covers what the org will do to restore computer operations in the event of a disaster.
- Cost
- Risk
- Data
- Hardware/Software/Communications
- Personnel, responsibilities and training
- Procedures
- Auditing Procedures
- part of preventing misuse
- keeps a record of who has done what on that network
- Allows manager/system to manager user accounts by allocation of access levels to user
- used to identify abuses of the system by authorized staff
- Investigates instances of unauthorized access (hackers)
- Who/What/When
- Risk analysis
- Identify potential risks
- Likelihood of risk occurring
- Short term and long term consequences of threat
- How well equipped is the company to deal with the threat
- Methods to prevent deliberate destruction/misuse of data
- Methods of controlling access to computer rooma
- Methods of securing integrity of transmitted data eg encryption
- Methods including private and public keys
- Call back procedures for remote access
- Establish firewalls
- use virus scanner
- Proxy server
- Password system
- Methods to define security status and access rights for user
- Methods for physical protection of hardware and software
- Security of document filling system
- Methods used to prevent accidental misuse of data
- In the event that data is accidentally deleted/corrupted, an org must have methods in place to restore data.
- Standard backups to floppy disc/portable HDD
- RAID systems
- Grandfather, Father, Son systems
- Backing up program files
- Threats/Examples/Consequences
- What should a security policy contain?
- Staff code of conduct and responsibilities
- Operational procedures including disaster recovery planning and dealing with threats from viruses, backup, updating antivirus
- Personnel Administration
- System Access
- Continuous investigation of irregularities
- Prevention of misuse using logical (SW) methods
- Physical Security
- Disciplinary Procedures
Similar ICT resources:
Teacher recommended
Comments
No comments have yet been made