Welcome to the ICT Department Unit 3_5 Security Policies.

Slides:



Advertisements
Similar presentations
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Advertisements

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Information Technology Control Day IV Afternoon Sessions.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Business Continuity Planning and Disaster Recovery Planning
9 - 1 Computer-Based Information Systems Control.
Security Controls – What Works
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice
Factors to be taken into account when designing ICT Security Policies
Session 3 – Information Security Policies
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Higher Administration
General Awareness Training
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
1.1 System Performance Security Module 1 Version 5.
David N. Wozei Systems Administrator, IT Auditor.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
MODULE 12 Control Audit And Security Of Information System 12.1 Controls in Information systems 12.2 Need and methods of auditing Information systems 12.3.
Information Systems Security Operations Security Domain #9.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Introduction to Computer Security PA Turnpike Commission.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Working with HIT Systems
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Information Systems Unit 3.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
IT-Secrurity Cookbook Enter your login: Enter your password:
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Security and Ethics Safeguards and Codes of Conduct.
? Moral principles of right and wrong Used by individuals/organisations To guide behaviour.
Welcome to the ICT Department Unit 3_4 Code of Conduct.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
Implementation of legislation (Chapter 47) By Haley Court.
Learning Intention Security of Information. Why protect files? To prevent unauthorised access to confidential information To prevent virus/corruption.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Information Security and Privacy in HRIS
Information Systems Security
Explaining strategies to ensure compliance with workplace legislation
Lecture 14: Business Information Systems - ICT Security
Unit 7 – Organisational Systems Security
Move this to online module slides 11-56
Unit 7 – Organisational Systems Security
INFORMATION SYSTEMS SECURITY and CONTROL
Operational procedures for preventing misuse
How it affects policies and procedures
Presentation transcript:

Welcome to the ICT Department Unit 3_5 Security Policies

What are we going to cover? The corporate security policy Risk analysis Handling risk Audit

What are we going to cover? Security Policy Risk Analysis Handling risks Legal requirements Audit

The corporate security policy Must be got right because of cost and user confidence. We have a security policy in order to: Prevent misuse (integrity, loss, privacy) Detection Investigation Procedures Responsibilities Disciplinary procedures Damage limitation Recovery

The corporate security policy The security policy must contain: Awareness / education Administrative controls Operational controls Physical protection Access controls to systems Disaster recovery plan

The corporate security policy In other words: Prevention Detection Recovery

Threat detection What are the threats to security? ACCIDENTS PhysicalLogical Hardware failure, network or power failures Human error “Acts of God”Bugs Configuration faults DELIBERATE PhysicalLogical Theft or damageFraud SabotageViruses and their kin Hackers Piracy

Performing a risk analysis The risk must be assessed. Can be conducted by: Looking at past records How much it will cost the company if… High / medium / low Here’s one to look at…..clickclick

Performing a risk analysis Consequences include: Interruption of processing Destruction of storage media Disclosure of sensitive information Delayed deliveries Loss of customer goodwill Bad information Corruption of records Slow network Theft of hardware or software Loss of production Loss of money Penalties from authorities Loss of competitive position System failure Business failure

Performing a risk analysis Consequences of disaster can include: Interruption of processing Destruction of storage media Disclosure of sensitive information Delayed deliveries Loss of customer goodwill Bad information Corruption of records Slow network Theft of hardware or software Loss of production Loss of money Penalties from authorities Loss of competitive position System failure Business failure

Contingency Plan Objectives Limit financial losses Minimise the extent of interruption Define service alternatives Controlled emergency recovery Regain total processing capability Training

Avoiding Disaster How do we avoid the disaster in the first place? Tighten Operational Standards Rationalise practises Making sure that hard and software is compatible and therefore transferable Data is inputted – processed – outputted to the right people at the right time Disaster recovery plans Identify users and their roles Identify areas of vulnerability

Contingency Plan Criteria used to select a plan Scale of the organisation Nature of the operation Relative costs Likelihood

Legislation You must be familiar with the legislation and its purpose before you go any further. Confidentiality and privacy (The DPA) Copyright and software protection (The Copyright and Patents Act Health and Safety (Doh!) ICT and crime (The Computer Misuse Act)

DPA Be able to recite the 8 principles Learn exceptions and offences Give as many examples of breaches and how you would prevent them. Relate them to data being held e.g. Putting terminals in non-public places Shredding documents Liability insurance Cost of registration

The Computer Misuse Act You must be able to recite the three levels. And have an idea of penalties. Give as many examples of breaches as you can and how you would try and prevent them. Use examples directly related to misuse e.g. Strong rules / codes of practice / procedures (what happens if inappropriate material is downloaded) Staff Training (no excuses) Constant checking Whistle – blowing procedures

The Copyright and Patents Act Give as many examples of breaches as you can and how you would try and prevent them. Use examples directly related to this act e.g. Prevention of installing any software Make employees aware of consequences Copyright of software developed on site is held by company (usually) Regular checks of stations Lock down floppies / CD drives etc

The Security Policy Remember. You are being tested not only on the prevention, but on the procedures, policies and guidelines that contain the who, where, when and how!

Disaster recovery plan Must minimise loss by ensuring safety, minimising damage and enabling recovery to work. Then to minimise the consequent effects. The plan should include: Step by step documentation A list of all critical resources A method for securing all necessary resources What hardware and software are essential Training Providing redundant servers etc Regular drills

Audits What is an audit? Essentially it’s a check or survey made by the company (or consultant) to see that all of the hardware and software that the company says its purchased is present and to check that there is no other hard or software present that has not been listed.

Audits Why audit? Identify errors or breaches of policy To monitor efficiency Legal requirement Allows better planning Allows standardisation Insurance assessment

Audits What are you checking? Software licenses Reconcile records (of hard and software) Data integrity (Which ones stop which security breaches?)

Audits How do they check data? Make sure all entries are correct No duplicates Additions (all calculations) are correct Documentation exists

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.