Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1
PART 4
Security of people, property and information
♦ the key organisational responsibilities in terms of security of people, property and information: — understanding organisational responsibilities in relation to identification and secure entry systems — understanding organisational procedures to protect property, eg security marking, cables and blinds ♦ understanding organisational procedures to protect paper and electronic information, eg usernames, passwords, encryption, access rights, lockable storage
Security Measures It is not only important to make ensure employees are working in a healthy environment, they should also feel safe and secure. Security measures are things which an employer or employee should put in place to make sure staff are safe while at work. Security
In this topic area we will learn about:
Organisational procedures used to protect people
Organisational procedures used to protect property.
Organisational procedures used to protect both paper-based and
electronic information.
The Data Protection Act 1998 and The Computer Misuse Act 1990.
You should already know:
From your own experience and knowledge, measures used to protect
people. For example, staff wearing ID badges, buzzers to enter school,
etc.
From your own experience and knowledge, measures used to protect
property, for example burglar alarms.
2
measures should be taken for various reasons: to protect and reassure staff, to prevent theft of stock and equipment and to maintain confidentiality of information. Security of Staff To ensure that only authorised personnel have access to the premises an organisation can use a combination of the following methods:
intercom and/or security doors
identification badges to be carried (if not displayed) at all times – passes will display name, title, department, picture; may contain an electronic activating device such as an electronic strip which needs to be swiped for entry; will be re-issued regularly
careful handling and issue of keys
Security Guards
Staff In/Out Book
CCTV systems Security of Visitors To ensure that only genuine visitors enter the premises an organisation can use a combination of the following methods:
visitors should report to reception on arrival and have their reason for visiting verified
the reception should be located at the main entrance and constantly staffed
other entrances should be minimised
visitors’ passes to be issued and displayed
visitors should not be left unsupervised
the receptionist should ensure that all visitors leave the building and that passes are returned.
KEYWORDS
Intercom
ID Badge
Security Guard
CCTV
3
Log on to https://bubbl.us/ and create 2 summary mind maps. Or use Microsoft Word. One mind map should show security measures for staff, the other security measures for visitors. USE THE NOTES ABOVE TO HELP!
Security of Property To ensure property is not stolen or damaged in any way, the organisation can:
use security marks eg chips or UV lighter pens
use cable management systems to avoid staff tripping over cables and damaging them.
keep a record of all equipment
install security blinds to minimise burglary, theft and vandalism Security of Information In accordance with the Data Protection Act an organisation should use a combination of the following methods to ensure the security of information:
use of passwords – these should not be obvious and changed
use of read-only files – some files can be read but not amended (changed)
anti-virus or virus-screening software should be used to ensure that files are not lost
use of locked rooms, filing cabinets and computers
confidential documents should be discarded appropriately.
KEYWORDS
Visitor Pass
Security Marks
Cable management system
4
Using the notes above and information from your mindmaps, answer the following questions:
1. Identify 3 ways in which organisations can ensure staff are safe when at work.
2. Define the following terms:
Security mark
Cable management system
3. Mr O’Neill is the manager of SMT Ltd. He is aware that there is no system in place to ensure information which shouldn’t be seen by others is kept confidential. Suggest 2 courses of action Mr O’Neill could take.
STOP HERE
Data Protection Act This Act governs how personal information is collected, used, stored and destroyed. Before we consider the details of this Act, it is first necessary to explain two pieces of important terminology: Data subject Individual to whom the personal data refers Data user The person or organisation that controls the way in which the data is used Under this Act, the Data Protection Registrar supervises data users. Data users must register the following details with the Registrar:
the nature of data held
why it is held
how it was collected
who it will be disclosed to. Anyone processing personal data must comply with the following eight principles of good practice. 1. The personal data shall be obtained fairly and
lawfully.
KEYWORDS
Visitor Pass
Security Marks
Cable management system
5
2. Personal data shall be used only for the registered purpose. 3. The personal data shall not be disclosed for purposes other than those registered. 4. Personal data held shall be adequate, relevant and not excessive for its purpose. 5. Personal data held shall be accurate and kept up-to-date. 6. Personal data shall not be kept for longer than necessary. 7. Data subjects shall be entitled to: be informed of any personal data held by the data
user; access any personal data held; have data corrected or deleted where appropriate. 8. Appropriate security measures shall be taken against unauthorised access to personal data, disclosure of personal data and accidental loss of personal data.
KEYWORDS
Data Protection Act
Data Subject
Data User
8 Principles
6
Go to: http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev1.shtml
Read the information about the Data Protection Act and try the test bite at the end! Print out your answers.
.
1. Update the extract from the staff handbook with relevant information on employee and organisational responsibilities with regard to security within the organisation. (National 4 do not need to fill out the grey columns) USE THE NOTES ON PREVIOUS PAGES TO HELP! 2. Print one copy of the updated staff handbook.
Test Your Learning! - Summary Questions (Use Leckie Leckie notes to help too)
1. Explain WHY a reception area plays a crucial role in the security of an organisation.
2. Describe three security measures taken by the receptionist.
3. State how keypads/combination locks/swipecards can restict unauthorised access.
4. Describe three securtiy meausres taken by an organisation to protect property.
5. List two ways usernames and passwords can restrict access to information.
6. List three wother methods of protecting information held on computer.
7. State what is meant bu the term ‘back-up’.
7
8. Outline the main principles of the Data Protection Act 1998.
FINISHED? Log on to http://www.teach-ict.com/gcse_new/gcse_ict_quizzes.htm and try the Data Protection Act quizzes in order to check your learning
8
FILL OUT THE CHECKLIST TO SEE HOW CONFIDENT YOU ARE IN YOUR LEARNING
AP Part 4: Security of people, property and information
Se
curi
ty o
f p
eop
le, p
rop
ert
y an
d in
form
atio
n
Skills, Knowledge and Understanding
Strength
Weakness
Next Steps
I understand the organisational procedures used to protect people.
I understand the organisational procedures used to protect property
I understand organisational procedures used to protect both paper-based and electronic information
I understand the Data Protection Act 1998
WELL DONE!
You have completed Part 4 of the Administrative
Practices unit.
You are now ready for your assessment!
9
Task 19
Answer the following questions in your jotter.
1. In your position as a receptionist of a large computer firm, you are the first point of call for all visitors to the organisation. Describe some of the procedures you will follow to ensure a high level of security is maintained.
2. Recently a member of the public was found wandering in a private part of the building. What steps could an organisation take to ensure this does not happen again?
3. Give 2 reasons why it is important that staff complete the Staff
In/Out Book.
4. Because of the highly sensitive nature of the work your organisation carries out; suggest some measures your organisation could take to protect information stored on a computer.
5. Which Act of parliament controls the security of information within your
organisation?
6 Why is it important that an organisation uses consistent methods of presenting information?
7. You have been appointed security officer at Huntstar Electronics Ltd.
One of your first duties is to improve the existing security systems within the organisation. In order to do this you should be able to answer the following questions.
(a) What are the 3 main reasons for installing security systems in
organisations.
(b) List, using the headings given below, the security measures an organisation should take for:
Staff entry and movement
10
Visitors to the organisation
Security of information
Securing property
8. TRUE OR FALSE? Justify your answer.
(a) A person who empties the fire bucket for a joke is committing an
offence under the Health and Safety at Work Act 1974.
(b) A VDU operator whose eyesight is failing must pay for his or her own
eye test. (c) An employee is within his or her rights to refuse to wear protective clothing which is not comfortable. (d) All types of fire extinguishers can be used on electrical fires. (e) After an emergency evacuation, all staff and visitors should proceed
immediately to the assembly point.
11
15 A trainee receptionist has recently been employed by Scotia Enterprises. You have been asked to provide a set of written instructions on how to deal with the following situations.
a A caller who appears to be under the influence of alcohol has
become verbally abusive.
b A stranger enters the building at night when you are working
on your own at the reception desk.
c The receptionist often discusses confidential information over the
phone which can be overheard by visitors.
d Staff often ask for the receptionist’s password to access computer files.
12
4PS
16 The receptionist at Scotia Enterprises deals with confidential information both paper and ICT-based. To assist with the problems of such information being accessed freely suggest ways by which the receptionist can ensure confidentiality.
Paper-based
a
b
c
ICT-based
a
b
c 6KU
17 A trainee receptionist has recently been employed by Scotia Enterprises. You have been asked to provide a set of written instructions on how to deal with the following situations.
a A caller who appears to be under the influence of alcohol has
become verbally abusive.
13
Calm visitor down, politely ask the caller to leave
Call security for additional support
b A stranger enters the building at night when you are working
on your own at the reception desk.
Change staff rotas so no one has to work alone
Improve communication systems – e.g. hidden panic buttons
c The receptionist often discusses confidential information over the
phone which can be overheard by visitors.
Direct visitors who cannot be seen immediately to the waiting area
away from the reception desk and deal with calls discreetly
d Staff often ask for the receptionist’s password to access computer files.
Change staff passwords regularly
Regular training to remind staff of importance of confidentiality
4PS
18 The receptionist at Scotia Enterprises deals with confidential information both paper and ICT-based. To assist with the problems of such information being accessed freely, suggest ways by which the receptionist can ensure confidentiality.
Paper-based
14
a keep all papers in a lockable filing cabinet
b ensure that old papers are shredded
c train staff not to leave papers etc carelessly lying around
ICT-based
a issue passwords to all staff – train staff to keep them confidential
b change staff passwords regularly
c keep all floppy discs in a lockable box and have named keyholders 6KU
2010 Credit Question 1
You are a relief receptionist for Kanudoit Ltd. The following problems arose yesterday.
(i) You did nothing about a suspicious parcel which had been left at the reception
desk.
(ii) You sent a visitor without an appointment through to see the Sales Manager who
had left the office for the day.
(iii) You were unable to answer a telephone enquiry about who is in charge of the
Finance Department.
Suggest the action you should have taken in each of these situations. Give reasons for
your answers. A different answer/reason must be given for each. PS6
2009 Credit Question 8
(a) Explain how the Reception area within an organisation contributes to the security
of that organisation.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
15
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________ KU4
2008 Credit Question 8
You are a receptionist at Grace Brothers. Suggest and justify an efficient way of dealing
with the following situations.
(i) A car has been left in the company car park for the last 3 days.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________ PS2
(ii) A visitor arrives at reception demanding to see the Human Resources Manager
who is interviewing all day and has asked not to be disturbed.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________ PS2
2008 Credit Question 12
At a recent meeting between Ian Murray, the owner of Murray Motors, and Fiona
Anderson, the Admin Manager, the following points were raised.
What must Ian advise Fiona to do to solve these problems? Give reasons for your
answers.
(ii) The customer waiting area is unwelcoming.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
16
________________________________________________________________________ PS2
2006 Credit Question 3
(a) Polly Pann has recently been employed as a Receptionist within Hilltops Leisure and
Fitness Club. Polly recently encountered the following problems and was unsure of the
procedures to be followed.
(i) Staff have been arriving at reception without ID badges, insisting they are allowed
through.
(ii) A suspicious parcel was received at reception.
(iii) Polly could not answer a customer enquiry on the times and prices of fitness
classes.
Advise Polly on how to deal with the above situations in future. Give reasons for
your answers. PS6
(b) CCTV is the only method of security used by Hilltops Leisure and Fitness Club.
Suggest and justify another security feature which could be introduced in the
reception area. KU2
(c) An electronic diary can be used to make appointments and to avoid double-
bookings. Describe 2 other benefits of an electronic diary. KU2
2005 Credit Question 9
(a) Mai Chu is Head Receptionist of Lochview Hotel, Kinross. During a recent
training session Mai was asked how she would deal with the following security
problems, if they occurred at the hotel.
(i) A suspicious parcel left at reception
(ii) An aggressive visitor
Suggest how Mai could deal with each of the above problems. Give reasons for
your answers. PS4
(b) Suggest and justify 2 methods of record-keeping which could be used by a
receptionist. KU4
2004 Credit Question 4
(a) High Tech plc sells computers and accessories throughout Europe. The company
has been experiencing the following problems.
17
(ii) There have been a number of complaints, as staff are often not available
when customers telephone the office.
Suggest a solution for the above problem and justify your answer. PS2
2004 Credit Question 9
(a) Fiona Lang is General Manager of Smart Look Ltd. The following complaints
have been received from customers regarding the reception area.
(i) Bobby Black, the receptionist, despite recent training, was rude and
unhelpful.
(ii) The reception area is uncomfortable and unwelcoming.
Advise Fiona how she could overcome these problems and justify your
answers. PS4
(b) Smart Look Ltd currently employs a security guard at the main entrance.
Suggest and justify one other way security could be improved within the
reception area. KU2
(c) Describe 2 features of an electronic diary which would not be available when
using a paper based diary. KU2
2003 Credit Question 9
(c) Describe 2 features of an electronic diary which would not be available when
using a paper based diary. KU2
Lesson 3
Dealing with unauthorised visitors G
Contribution of reception to the safety and security of the organisation G
Security systems and procedures (swipecards, CCTV, locked doors,
keypad/combination locks, entryphone, security/ID badges, security personnel,
etc) G
Potential security risks and organisational security policy and reporting
procedures C
Reporting incidents C
Dealing with unauthorised visitors
Try to find the location of the unauthorised person
Call security personnel
18
Call police
Enter the information in the Incident Book.
Contribution of reception to the safety and security of the organisation
To prevent unauthorised access
◦ to the building
◦ to confidential files
To prevent theft
◦ of hardware
◦ of confidential information
For safety reasons
Security systems and procedures
Location of Reception
Safeguard other entrances
Visitor records and passes
Limited or supervised access
Monitor staff
Companies and schools are aware that they must stop unwelcome visitors from entering
the building. This is to protect the people in the building and also to prevent theft.
There are many ways a company could do this.
Card Readers/Swipe Cards
These are machines on doors which operate using a card. The card
is run through a machine which opens the lock allowing entry.
Each member of staff will have a card to allow them into their
part of the building, but may exclude them from other parts of
the company.
Security Cameras/CCTV (Closed Circuit Television)
Some companies and schools have security cameras watching
everyone entering and leaving the building (they may also
cover the car park). Pictures may also appear on a television
screen showing any activity. The receptionist may be asked
to watch the screen and
report anything
suspicious to a security guard or the police.
19
Locked Doors
Keypad/Coded Door Entry System
A coded door entry system uses a keypad
on the door. A code must be keyed in
before the door lock will release allowing
you to enter. You may only have the code
for the part of the company you work in.
This allows companies to control who is in
each area. These are very common in
Building Societies and Banks.
Entry Phone/Intercom
Security/ID (Identification) Badges
Many companies and schools operate a system whereby all
members of staff have ID (identification badges) they must
wear, clearly displayed, every day. These cards will give their
position (job) in the company and will also have a photograph on it.
The photograph makes sure that no one else can steal it and use
it. If someone forgets their ID badge, the receptionist may have
photos on file or on the organisation chart that can be checked to
verify the identity of the member of staff. All visitors must also
be issued with badges or security tags.
Security Guards/Personnel
Many firms have security guards at reception to deal with
unwelcome visitors immediately.
20
Potential security risks
Organisational security policy and reporting procedures
Risk Action Justification
A suspicious parcel
arrives at reception
Do not touch it
Inform security personnel
May be a safety risk, and only
trained personnel should deal
with serious situations
Abandoned car in car
park
Call security
Inform police if unable to
trace owner
Aggressive Visitor Try to calm visitor down –
do not attempt to restrain
him/her
If still aggressive, call
security to escort visitor
from the premises
The visitor’s organisation
may be informed about the
visitor’s behaviour
Reporting incidents
For all security problems you would have to enter the information in the Incident
Book/Security Breach Report Form.
INCIDENT/SECURITY BREACH REPORT FORM
Name of Person
Reporting Incident Jenny Kerr
Position in Organisation Receptionist
Date and Time of
Incident 12 May 2010, 2.35 pm
Place Where Incident
Occurred Reception
Name of Other
Witnesses Sam Ryan
21
Description of Incident
Mr Fairgrieve, a sale rep from
Qwerty Designs became very angry
when informed that there was no one
available to see him. I called Sam
Ryan for assistance.
Action Taken at the
Time
Sam talked to Mr F and managed
to calm him down. He apologised
for his behaviour.
Further Action Required
Sam is to inform the Sales
Manager of Qwerty Designs of the
incident
Signature of Line
Manager Sam Ryan
Date 13 May 2010
22