Presentation on theme: "Factors to be taken into account when designing ICT Security Policies"— Presentation transcript:
1 Factors to be taken into account when designing ICT Security Policies
2 Lesson ObjectivesTo understand the factors to take into account when designing security policies
3 You are setting up a new business. Make a list of 5 things you think you will need to think about regarding your Security policy.
4 The factors to take into account when designing security policies
5 Physical securityThis involves protecting hardware and software using physical rather than software methods either to restrict access to the computer equipment or the storage medium, using physical methods (Locks, guards biometric methods)
6 Logical (software) methods User ids, passwords, levels of access ( e.g. who can update web pages) firewalls, encryption.
7 Auditing for detection Query any transactions that are out of the ordinary for customers, access logs
8 System AccessEstablishing procedures for accessing data such as log on procedures, firewalls.
9 Personnel administration Training (including prevention of accidental misuse) , fitting the employee to the task, ensuring that staff are controlled, staff screening.
10 A code of conductA list of roles and responsibilities that an employee should follow when using ICT equipment
11 Operational procedures Including disaster recovery planning and dealing with threats from viruses, backup, updating antivirus.
12 Disciplinary procedures Warnings / dismissal / prosecutions etc.
13 Exam QuestionA national bank wants to ensure that its financial systems are secure against attack. Other than code of conduct, describe four factors that should be included in the bank’s security policy. 
14 Just a MinuteOn a scrap piece of paper write down as many things covered today in a minute.