4.3.5 - ICT Security Policies - Security Policies
- Created by: Annie
- Created on: 04-05-13 23:15
View mindmap
- Security Policies
- Physical Security
- Swipe cards or code number access
- Security guards and CCTV to track those who access the building
- Visitor's book
- Advanced methods such as biometric scanners for access
- Simple methods such as locking the door or a safe for backup tapes
- Locks on computers or lock them to the desks
- Software Security
- Security checks within the software
- Checking the user has permission to use the software
- Some organisations has a forced password change after a certain amount of time
- Makes it harder to work out someone's password
- Look at 4.3.1
- Security checks within the software
- Personal Admin
- Code of Conduct: Employees know how they are expected to act
- Recruitment: Employees need to be able to complete their jobs and references ensure responsibility
- Managers: One responsibility is to ensure procedures are being effective
- Training: Many errors are made due to inexperience
- Audit Trails
- Scanning the network to check history of who is accessing the system and what they did
- Checking any irregularities
- Scanning the network to check history of who is accessing the system and what they did
- Staff Code of Conduct
- The code will be used with disciplinary procedures to act as a deterrent to individuals
- The British Computer Society (BCS) has a code of conduct that is often used by companies as it is kept updated by experts to account for the latest technology
- Without such a code, employees may accidently do foolish things
- See 4.3.4
- An agreement between employees and the organisation for how the system is allowed to be used
- Disaster Recovery
- Includes backups, data storage and what to do in case of the disaster
- Creating plans in case of a disaster
- Investigation of Irregularities
- Method refers to checking even the smaller unusual occurrences
- A network may track external access by authorised personnel and if the amount of data accessed or downloaded increases, they may contact the employee to confirm it is them
- It could also refer to an email account appearing to receive a lot of messages as this may be spam that could contain viruses
- Physical Security
Similar ICT resources:
Teacher recommended
Comments
No comments have yet been made