4.3.5 - ICT Security Policies - Procedures for Preventing Misuse
- Created by: Annie
- Created on: 05-05-13 16:29
View mindmap
- Procedures for preventing misuse
- Downloading
- Blocking download sites which may be inappropriate (e.g. torrent)
- Virus scanning downloads before they are opened
- Most organisations accept images, data and documents to be downloaded but not programs
- Copyright Designs and Patents ACt
- Some files, such as Excel and Access files, may be considered a virus when they're not because of macro coding
- Encrypt data before putting onto removable data so if it is lost, it is useless
- Files worked on at home may not be included in the main system backup
- Establishing a Disaster Recovery Programme
- "A plan that restores ICT facilities in as short a time as possible in order to minimise the loss caused by the complete or partial loss of an organisation's ICT facilities"
- Options for office relocation
- Who should be contacted and their contact details?
- Actions to contact suppliers and customers
- Where are the backups stored?
- Detailed information on the systems being run
- Setting a budget
- Training staff
- Back up on a regular basis
- Know how to reinstall software
- Terms of Users
- "A plan that restores ICT facilities in as short a time as possible in order to minimise the loss caused by the complete or partial loss of an organisation's ICT facilities"
- Viruses
- Guidelines on not accessing inappropriate websites
- Limitations on internet usage - "white list" filtering system
- Checking all websites and download files
- Do not open email attachments unless certain about origin
- Limitations on external media
- Code of Conduct may not allow downloads or USB sticks
- Secure firewalls which don't interrupt the anti-virus
- Installing anti-virus for prevention
- Virus scanning on a regular basis
- Detection of Viruses
- Scanning of portable media (disks, USB sticks etc.)
- Ensuring virus detection programs are supported by quick updates to meet new threats
- Full system scans on a regular basis
- Security Rights for Updating Web Pages
- Rights can be given for sections of the websites, webpages or even a frame within the webpage
- To update a webpage, users need access rights
- Normally associated with usernames and passwords
- Allowing only certain members of the organisation to update webpages
- Screening Potential Employees
- Training the employee to be able to use the computers properly
- Checking the qualifications of the employee
- Does the qualification and job history match the job they're applying for?
- Possibly check Facebook
- Take up references from past employees
- Checking the history of the employees for any criminal records
- Auditing Procedures
- Checking that there are no irregularities within the system occurring
- Checking on irregularities by investigating the computers and employees behind them
- System Access
- Login and Access rights are valuable methods used by all network operating systems
- Effectiveness depends upon user's ability to choose an appropriate password and keep it secret
- Firewalls are necessary to restrict access going in or out
- In modern networks, data can be access from remote places through wireless ports
- Login and Access rights are valuable methods used by all network operating systems
- Downloading
- Auditing Procedures
- Checking that there are no irregularities within the system occurring
- Checking on irregularities by investigating the computers and employees behind them
Similar ICT resources:
Teacher recommended
Comments
Report