Outlines how the ICT strategy will be put into operation.
1 of 15
Name 3 policies that are usually covered
1. Training 2. Security 3. Procurement
2 of 15
How often should policies be reviewed
Regularly to ensure that they still meet the objectives of the organisation and follow the overall ICT strategy.
3 of 15
What does a training policy include
A statement of who needs to be trained, what training they need ad how this training will be delivered.
4 of 15
What should the policy cover
1. How the organisation aims to protect its assets 2. Procedures that employees must follow to protect equipment from theft, misuse and unauthorised access 3. Security and privacy of data
5 of 15
What should the policy include
1. Potential threats and how to manage them 2. Allocation of responsibilities for data security 3. Resources need to maintain security 4. Staff responsibilities in preventing misuse 5. Disciplinary procedures for misuse
6 of 15
What is a security policy
Definition of what it means to be secure for a system, organisation or other entity. Addresses the constraints on behaviour of its members as well as constraints imposed on adversaries by mechanisms i.e. doors, locks, keys and walls.
7 of 15
What are the three key security questions
1. Can I access the data when I need it? 2. Has the data been corrupted? 3. Who sees the data?
8 of 15
What are the three primary threats to data
1. External 2. Employee 3. Incompetence
9 of 15
Name 2 external threats
1. Viruses 2. Illegal access
10 of 15
Name 5 examples of incompetence
1. Failure to encrypt data before sent over a network 2. Poorly implemented solution 3. Simple passwords 4. Firewall that stops nothing 5. Never updated protection software
11 of 15
Give 2 examples of employee causes
1. Destruction of vital information 2. Intent to steal information
Comments
No comments have yet been made