- Security policy is needed to protect the data that an organisation stores. If this is not done, it could result in financial costs, legal issues and loss of reputation.
- The prevention of misuse should be considered and methods to prevent this include physical security and system access controls.
- It is essential that the organisation is proactive in attempting to detect misuse of their system. The use of audit trail software can be used.
- When misuse has been detected, a full investigation should be carried out.
- Company procedures should include: physical security, system access, human resources issues, operational procedures, staff responsibility and sanctions.
- A security policy can only work if employees are aware of it and how it affects them. Employees can be made alert to security issues by: training, communication and legal obligations.
- A new business could purchase and adapt a pre-written security policy.
1 of 3
- Organisations should consider the suitability of training by developing a corporate training policy which should be based on the following:
- Skill requirements - the organisation has to identify the skills required for each role and level within a company.
- Course structure & availability - it is possible to organise attendance for employees at external training courses.
- Financial issues - a training policy will be linked to a training budget. The cost of an individual training course needs to be considered.
- Cost benefit - staff training is a necessary investment for an organisation.
2 of 3
- Hardware - including the procurement of servers, laptops. Various methods of procurement should be considered such as leading or purchasing. Key factors include a suitable delivery date and negotiated payment terms.
- Networking & communication technology - including hubs, switches. It is important to ensure that equipment is compatible and at the right price.
- Staff services & contract labour - contract labour can be used for large projects or expertise in certain fields.
- Software - systems software is usually bought off-the-shelf due to the standard nature of the product. Generic application software such as office software is also bought off-the-shelf.
- Office supplies & consumables - it is likely that the organisation will have an account with the supplier that can promise next day delivery.
- ICT procurement consultants - many large projects that operate on a long time scale will have to make sure budgets are complied with. Organisations may employ specialist consultants to maximise their purchasing efficiency.
- Disposal of equipment - many new companies have started up that can dispose equipment in line with current legislation.
3 of 3