ICT Security Policies
Candidates should understand:
The potential threats and consequences for data misuse and understand the need for backup procedures
Threats
Consequences
The factors to take into account when designing security policies
Operational procedures for preventing misuse
Factors determining how much a company spends to develop control, minimising risk
Risk Analysis
Prevention of accidental misuse
Prevention of deliberate crimes or misuse
The potential threats and consequences for data misuse and understand the need for backup procedures
Threats
- Terrorism
- Natural disasters
- Sabotage
- Fire
- Theft
Consequences
- Loss of business and income
- Loss of reputation
- Legal action
The factors to take into account when designing security policies
- Physical security
- Prevention of misuse
- Audit trails for detection
- Continuous investigation of irregularities
- System Access - establishing procedures for accessing data such as log on procedures, firewalls
- Personnel administration
- Operational procedures including disaster recovery planning and dealing with threats from viruses
- Staff code of conduct and responsibilities
- Disciplinary procedures.
Operational procedures for preventing misuse
- Screening potential employees
- Routines for distributing updated virus information and virus scanning procedures
- Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures
- Establish security rights for updating web pages
- Establish a disaster recovery programme
- Set up auditing procedures (Audit trails) to detect misuse.
Factors determining how much a company spends to develop control, minimising risk
Risk Analysis
- Identify potential risks
- Likelihood of risk occurring
- Short and long term consequences of threat
- How well equipped is the company to deal with threat
Prevention of accidental misuse
- Backup and recovery procedures
- Standard backups to floppy disc
- RAID systems – mirror discs (Redundant Array of Inexpensive Disc)
- Grandfather, Father, Son systems
- Backing up program files.
Prevention of deliberate crimes or misuse
- Methods for controlling access to computer rooms
- Methods of securing integrity of transmitted data e.g. encryption methods including private and public keys. Call back procedures for remote access
- Establish firewalls
- Proxy servers
- Methods to define security status and access rights for users
- Methods for physical protection of hardware and software
- Security of document filing systems.
factors_to_be_taken_into_account_when_designing_ict_security_policies.pptx |
operational_procedures_for_preventing_the_misuse_of_data.pptx |
developing_a_risk_analysis.pptx |
|
|