ICT Policies

HideShow resource information
What does an ICT policy do?
Outlines how the ICT strategy will be put into operation.
1 of 15
Name 3 policies that are usually covered
1. Training 2. Security 3. Procurement
2 of 15
How often should policies be reviewed
Regularly to ensure that they still meet the objectives of the organisation and follow the overall ICT strategy.
3 of 15
What does a training policy include
A statement of who needs to be trained, what training they need ad how this training will be delivered.
4 of 15
What should the policy cover
1. How the organisation aims to protect its assets 2. Procedures that employees must follow to protect equipment from theft, misuse and unauthorised access 3. Security and privacy of data
5 of 15
What should the policy include
1. Potential threats and how to manage them 2. Allocation of responsibilities for data security 3. Resources need to maintain security 4. Staff responsibilities in preventing misuse 5. Disciplinary procedures for misuse
6 of 15
What is a security policy
Definition of what it means to be secure for a system, organisation or other entity. Addresses the constraints on behaviour of its members as well as constraints imposed on adversaries by mechanisms i.e. doors, locks, keys and walls.
7 of 15
What are the three key security questions
1. Can I access the data when I need it? 2. Has the data been corrupted? 3. Who sees the data?
8 of 15
What are the three primary threats to data
1. External 2. Employee 3. Incompetence
9 of 15
Name 2 external threats
1. Viruses 2. Illegal access
10 of 15
Name 5 examples of incompetence
1. Failure to encrypt data before sent over a network 2. Poorly implemented solution 3. Simple passwords 4. Firewall that stops nothing 5. Never updated protection software
11 of 15
Give 2 examples of employee causes
1. Destruction of vital information 2. Intent to steal information
12 of 15
Name 5 ways of improving awareness of a olicy
1. CD/DVD 2. Internal training 3. Posters 4. Induction 5. Tests
13 of 15
Name 6 disciplinary measures
1. Sanctions 2 Monitoring network usage 3. Restriction of access rights 4. Written/verbal warning 5. Suspension/termination 6. Legal action
14 of 15
What is a procurement policy
Procuring means acquiring so a procurement policy is about the ways in which ICT hardware and software is obtained for the organisation.
15 of 15

Other cards in this set

Card 2

Front

Name 3 policies that are usually covered

Back

1. Training 2. Security 3. Procurement

Card 3

Front

How often should policies be reviewed

Back

Preview of the front of card 3

Card 4

Front

What does a training policy include

Back

Preview of the front of card 4

Card 5

Front

What should the policy cover

Back

Preview of the front of card 5
View more cards

Comments

No comments have yet been made

Similar ICT resources:

See all ICT resources »See all ICT Policies resources »