Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Explain the policies and guidelines for managing organisational IT security issues(P4)
Disaster recovery Policies
This refers to a policy that businesses rely on that allows them to refunctioning faster in the event of a disaster
Updating of security procedures
Updating your security procedures ensure that a business stays up to date with all the latest threats surrounding them and evolve their security procedures to stay on top of those threats
Scheduling of security audits
This refers to a routine check up on a systems functionality They usually achieve this by hiring someone could be a hacker in order to try and override that specific security system in order to check its effectiveness and functionality
wwwtechrepubliccomblogfive-appsfive-free-disaster-recovery-tools
Codes of conduct
Email usage policy
This refers to a type of management document that specifically states the way employees should use electronic communication tools It simply tells them what they can and canrsquot do Therefore there is no room for confusion or incidents as a result of not knowing the rules
Internet usage policy
This refers to a set of rules or instructions in which employees are to use a specific organisations tool This is a document that any employee must sign before working at that specific organisation
Software acquisition
This refers to a computer aided system that allows for upgrades of an organizations software acquisition procedure as well as their capability and performance
httpsresourcesseicmuedulibraryasset-viewcfmassetid=13031
Installation policy
This refers to the policy that ensures all employees contractors temporary workers and volunteer follow a specific set of guidelines and rules for software program application installation as well as the use of computer belonging to an organizations systems and networks
httpswwwtechrepubliccomresource-librarywhitepaperssoftware-installation-policy
Surveillance policies
This states that workplace surveillance is allowed legally given that the company carrying out the surveillance abide by a set of policies that conform with any valid legislation ldquoOvertrdquo this refers to surveillance that isnrsquot out of site or hidden and its only allowed if all employee has been informed about the surveillance
httpslegalvisioncomaudocumentsworkplace-surveillance-policy
Risk management
This refers to the procedure of identifying reviewing and managing risks to an organizations capital and profits These risks could be a result of a large variety of causes some of them being financial uncertainty legal liabilities tactical management mistakes accidentsnatural disasters
httpssearchcompliancetechtargetcom rsaquo definition rsaquo risk-management
Budget setting
Setting a budget refers to an individual or organisation limiting their money output depending on what their salary is which allows them to save more money
Explain how employment contracts can affect security(P5)
Hiring policies
A hiring or recruitment poly refers to is a set of rules outline how someone should be hired depending on the specific organisation practices
httpsresourcesworkablecom rsaquo tutorial rsaquo recruitment-policy
Separation of duties
This simply refers to the assignment of different duties to all the employees This ensures that responsibilities are shared out equally and that everyone in responsible for their own tasks
Ensuring compliance including disciplinary procedures
The refers to some form of punishment that employees must receive for breaching the rules This is necessary as a single employee that doesnrsquot abide by the rules could bring an entire organisation crashing down
httpssitesgooglecomsitetj10434396p5---how-employment-contrasts-can-affect-securityensuring-compliance-including-disciplinary-procedures
Training and communicating with staff as to their responsibilities
This policy ensures that all staff receive proper training on how to fulfil their duties It also ensures that staff are clearly mad aware of all their responsibilities so they can fulfil them to the best of their ability
Review the laws related to security and privacy of data(P6)
Laws legislation eg
Computer Misuse Act 1990
This is an act of the UK parliament which simply states a set of computer misuse offenses such as unauthorised d access to a computer systems data I also state the scope of jurisdiction of this law
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
Scheduling of security audits
This refers to a routine check up on a systems functionality They usually achieve this by hiring someone could be a hacker in order to try and override that specific security system in order to check its effectiveness and functionality
wwwtechrepubliccomblogfive-appsfive-free-disaster-recovery-tools
Codes of conduct
Email usage policy
This refers to a type of management document that specifically states the way employees should use electronic communication tools It simply tells them what they can and canrsquot do Therefore there is no room for confusion or incidents as a result of not knowing the rules
Internet usage policy
This refers to a set of rules or instructions in which employees are to use a specific organisations tool This is a document that any employee must sign before working at that specific organisation
Software acquisition
This refers to a computer aided system that allows for upgrades of an organizations software acquisition procedure as well as their capability and performance
httpsresourcesseicmuedulibraryasset-viewcfmassetid=13031
Installation policy
This refers to the policy that ensures all employees contractors temporary workers and volunteer follow a specific set of guidelines and rules for software program application installation as well as the use of computer belonging to an organizations systems and networks
httpswwwtechrepubliccomresource-librarywhitepaperssoftware-installation-policy
Surveillance policies
This states that workplace surveillance is allowed legally given that the company carrying out the surveillance abide by a set of policies that conform with any valid legislation ldquoOvertrdquo this refers to surveillance that isnrsquot out of site or hidden and its only allowed if all employee has been informed about the surveillance
httpslegalvisioncomaudocumentsworkplace-surveillance-policy
Risk management
This refers to the procedure of identifying reviewing and managing risks to an organizations capital and profits These risks could be a result of a large variety of causes some of them being financial uncertainty legal liabilities tactical management mistakes accidentsnatural disasters
httpssearchcompliancetechtargetcom rsaquo definition rsaquo risk-management
Budget setting
Setting a budget refers to an individual or organisation limiting their money output depending on what their salary is which allows them to save more money
Explain how employment contracts can affect security(P5)
Hiring policies
A hiring or recruitment poly refers to is a set of rules outline how someone should be hired depending on the specific organisation practices
httpsresourcesworkablecom rsaquo tutorial rsaquo recruitment-policy
Separation of duties
This simply refers to the assignment of different duties to all the employees This ensures that responsibilities are shared out equally and that everyone in responsible for their own tasks
Ensuring compliance including disciplinary procedures
The refers to some form of punishment that employees must receive for breaching the rules This is necessary as a single employee that doesnrsquot abide by the rules could bring an entire organisation crashing down
httpssitesgooglecomsitetj10434396p5---how-employment-contrasts-can-affect-securityensuring-compliance-including-disciplinary-procedures
Training and communicating with staff as to their responsibilities
This policy ensures that all staff receive proper training on how to fulfil their duties It also ensures that staff are clearly mad aware of all their responsibilities so they can fulfil them to the best of their ability
Review the laws related to security and privacy of data(P6)
Laws legislation eg
Computer Misuse Act 1990
This is an act of the UK parliament which simply states a set of computer misuse offenses such as unauthorised d access to a computer systems data I also state the scope of jurisdiction of this law
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
Internet usage policy
This refers to a set of rules or instructions in which employees are to use a specific organisations tool This is a document that any employee must sign before working at that specific organisation
Software acquisition
This refers to a computer aided system that allows for upgrades of an organizations software acquisition procedure as well as their capability and performance
httpsresourcesseicmuedulibraryasset-viewcfmassetid=13031
Installation policy
This refers to the policy that ensures all employees contractors temporary workers and volunteer follow a specific set of guidelines and rules for software program application installation as well as the use of computer belonging to an organizations systems and networks
httpswwwtechrepubliccomresource-librarywhitepaperssoftware-installation-policy
Surveillance policies
This states that workplace surveillance is allowed legally given that the company carrying out the surveillance abide by a set of policies that conform with any valid legislation ldquoOvertrdquo this refers to surveillance that isnrsquot out of site or hidden and its only allowed if all employee has been informed about the surveillance
httpslegalvisioncomaudocumentsworkplace-surveillance-policy
Risk management
This refers to the procedure of identifying reviewing and managing risks to an organizations capital and profits These risks could be a result of a large variety of causes some of them being financial uncertainty legal liabilities tactical management mistakes accidentsnatural disasters
httpssearchcompliancetechtargetcom rsaquo definition rsaquo risk-management
Budget setting
Setting a budget refers to an individual or organisation limiting their money output depending on what their salary is which allows them to save more money
Explain how employment contracts can affect security(P5)
Hiring policies
A hiring or recruitment poly refers to is a set of rules outline how someone should be hired depending on the specific organisation practices
httpsresourcesworkablecom rsaquo tutorial rsaquo recruitment-policy
Separation of duties
This simply refers to the assignment of different duties to all the employees This ensures that responsibilities are shared out equally and that everyone in responsible for their own tasks
Ensuring compliance including disciplinary procedures
The refers to some form of punishment that employees must receive for breaching the rules This is necessary as a single employee that doesnrsquot abide by the rules could bring an entire organisation crashing down
httpssitesgooglecomsitetj10434396p5---how-employment-contrasts-can-affect-securityensuring-compliance-including-disciplinary-procedures
Training and communicating with staff as to their responsibilities
This policy ensures that all staff receive proper training on how to fulfil their duties It also ensures that staff are clearly mad aware of all their responsibilities so they can fulfil them to the best of their ability
Review the laws related to security and privacy of data(P6)
Laws legislation eg
Computer Misuse Act 1990
This is an act of the UK parliament which simply states a set of computer misuse offenses such as unauthorised d access to a computer systems data I also state the scope of jurisdiction of this law
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
Surveillance policies
This states that workplace surveillance is allowed legally given that the company carrying out the surveillance abide by a set of policies that conform with any valid legislation ldquoOvertrdquo this refers to surveillance that isnrsquot out of site or hidden and its only allowed if all employee has been informed about the surveillance
httpslegalvisioncomaudocumentsworkplace-surveillance-policy
Risk management
This refers to the procedure of identifying reviewing and managing risks to an organizations capital and profits These risks could be a result of a large variety of causes some of them being financial uncertainty legal liabilities tactical management mistakes accidentsnatural disasters
httpssearchcompliancetechtargetcom rsaquo definition rsaquo risk-management
Budget setting
Setting a budget refers to an individual or organisation limiting their money output depending on what their salary is which allows them to save more money
Explain how employment contracts can affect security(P5)
Hiring policies
A hiring or recruitment poly refers to is a set of rules outline how someone should be hired depending on the specific organisation practices
httpsresourcesworkablecom rsaquo tutorial rsaquo recruitment-policy
Separation of duties
This simply refers to the assignment of different duties to all the employees This ensures that responsibilities are shared out equally and that everyone in responsible for their own tasks
Ensuring compliance including disciplinary procedures
The refers to some form of punishment that employees must receive for breaching the rules This is necessary as a single employee that doesnrsquot abide by the rules could bring an entire organisation crashing down
httpssitesgooglecomsitetj10434396p5---how-employment-contrasts-can-affect-securityensuring-compliance-including-disciplinary-procedures
Training and communicating with staff as to their responsibilities
This policy ensures that all staff receive proper training on how to fulfil their duties It also ensures that staff are clearly mad aware of all their responsibilities so they can fulfil them to the best of their ability
Review the laws related to security and privacy of data(P6)
Laws legislation eg
Computer Misuse Act 1990
This is an act of the UK parliament which simply states a set of computer misuse offenses such as unauthorised d access to a computer systems data I also state the scope of jurisdiction of this law
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
httpsresourcesworkablecom rsaquo tutorial rsaquo recruitment-policy
Separation of duties
This simply refers to the assignment of different duties to all the employees This ensures that responsibilities are shared out equally and that everyone in responsible for their own tasks
Ensuring compliance including disciplinary procedures
The refers to some form of punishment that employees must receive for breaching the rules This is necessary as a single employee that doesnrsquot abide by the rules could bring an entire organisation crashing down
httpssitesgooglecomsitetj10434396p5---how-employment-contrasts-can-affect-securityensuring-compliance-including-disciplinary-procedures
Training and communicating with staff as to their responsibilities
This policy ensures that all staff receive proper training on how to fulfil their duties It also ensures that staff are clearly mad aware of all their responsibilities so they can fulfil them to the best of their ability
Review the laws related to security and privacy of data(P6)
Laws legislation eg
Computer Misuse Act 1990
This is an act of the UK parliament which simply states a set of computer misuse offenses such as unauthorised d access to a computer systems data I also state the scope of jurisdiction of this law
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
httpwwwlegislationgovukukpga199018contents
CopyrightDesigns and Patents Act 1988
The copyright law states that any unauthorised copying or usage of any content that isnrsquot yours is against the law This law was founded in 1988
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
Privacy and compensation requirements of Data Protection Act 1984 1998 2000
This act was set in place to ensure that anyone that has become a victim of data breaching has the legal right of compensation Which simply means theyrsquoll receive money to compensate for their data being breached
httpswwwashfordscouknews-and-mediageneralcompensation-for-distress-under-the-data-protection-act-1998
Open source
This refers to the fact that when you add source code to an open source project you are approving to have the code licensed beneath the terms of that project However the copyright remains In certain instances this is allowed
httpshaackedcomarchive20060126WhoOwnstheCopyrightforAnOpenSourceProjectaspx
Freeware
This refers to any computer software that has been made free but was copyrighted by its creator
Shareware
This refers to a proprietary software that has been made free of charge for the purpose of promotion
Commercial
This refers to the advertise of a object place or thing on the TV for the purpose of bringing a large amount of attention from people to whatever it is they are selling
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work
Software
This simply puts machine-readable software under the jurisdiction of the copy right law to prevent people mainly software developers from copying each other work