P7 produce a personal development plan + P8 follow a personal development plan.
We just did some random thing in September when we joined the college that counted towards this criteria
Tuesday, January 20, 2015
Unit 1 Communication and Employability P6
P6 communicate technical information to a specified audience
For this criteria i made a word document and a power point, both of these are below.
Unit 1 Communication and Employability P4
P4 Demonstrate a range of effective interpersonal skills
Throughout the next slides there are quite a few formatting
errors, for example 2 of the slides have a bullet point at the beginning and 2
of them do not. Again there is quite a lot of information on all of the slides
which is good because they contain a lot of information however it could be hard
to read while presenting which is why it should probably be formatted into all
bullet points.
Besides the bullet point starting issue, the rest of the presentation is
consistent with design the whole way through.Unit 1 Communication and Employability P2
P2 explain the principles of effective communication
General
Communication Skills
general communication skills can include being able to adapt to different audiences, this can include changing the type of language you use, depending on the age group of the people you're talking to and also the formality of the situation. you also have to take into account cultural differences, not only different languages but different regional accents can also be a problem.
general communication skills can include being able to adapt to different audiences, this can include changing the type of language you use, depending on the age group of the people you're talking to and also the formality of the situation. you also have to take into account cultural differences, not only different languages but different regional accents can also be a problem.
Interpersonal
skills
Interpersonal communication is communicating face to face, using both verbal and non verbal commutation, for example the tone of you voice, hand gestures, signing, body language, and allows you to take into account the reaction of the person you’re talking to through eye contact, facial expressions and body language
Interpersonal communication is communicating face to face, using both verbal and non verbal commutation, for example the tone of you voice, hand gestures, signing, body language, and allows you to take into account the reaction of the person you’re talking to through eye contact, facial expressions and body language
Potential
barriers to communication
Some potential barriers to communication can be as serious as disabilities such as hearing impairments or as simple as a loud noise such as air conditioning distracting people. A way to overcome something like a hearing impairment is to use sign language or if someone speaks a different language all together then a translator may be extremely useful.
Some potential barriers to communication can be as serious as disabilities such as hearing impairments or as simple as a loud noise such as air conditioning distracting people. A way to overcome something like a hearing impairment is to use sign language or if someone speaks a different language all together then a translator may be extremely useful.
Communication
in writingspelling and grammar is incredibly important in today's society, especially when it comes to things like emails when maintaining an air of professionalism is vital and it's very important that you don't use slag or abbreviations like you would when you talk to your friends.
Tuesday, January 13, 2015
Unit 7 Organisational Systems Security M3
M3 Explain the role of ethical decision making in organisational IT security.
Just because something is legal does not mean
that it is ethical. It may not be legally wrong to do something however it may
be morally and therefore ethically wrong. Ethics are different from person to
person as they are based on what you believe is right and wrong and what is
acceptable, this makes it very had to write down a set of ethical rules that
people should follow.
Organisations have to make ethical decisions about a lot of things but mainly about personal information.
Freedom of information is how government information can be available to the public on request. Before the internet examples of this where things like phone books, but now you can request all sorts of information about government spending etc. which is good because it means the public isn’t always kept in the dark about everything.
Freedom of information can also be a very bad thing. Using a website like yell.com you can very easily find someone’s name address and telephone number, and then use something like google street view to then see what the outside of their house looks like, and you could even look them up on Facebook to see if the posts the times that they’re working or if they’re going on holiday etc. this could make it extremely easy to burgle a house.
Organisations have to make ethical decisions about a lot of things but mainly about personal information.
Freedom of information is how government information can be available to the public on request. Before the internet examples of this where things like phone books, but now you can request all sorts of information about government spending etc. which is good because it means the public isn’t always kept in the dark about everything.
Freedom of information can also be a very bad thing. Using a website like yell.com you can very easily find someone’s name address and telephone number, and then use something like google street view to then see what the outside of their house looks like, and you could even look them up on Facebook to see if the posts the times that they’re working or if they’re going on holiday etc. this could make it extremely easy to burgle a house.
Permission is a major thing when it comes to
ethical decisions. If you go to a school or college they will usually give you
a permission slip to sign to say that they can take and use photos of you for
things like their website or prospectus. This is not a legal requirement
however it is ethically right.
Google maps, for example, have recently started blurring out faces on street view. This again is not a legal requirement however they have decided that it is ethically right to do this. If they didn’t do this it might also cause a lot of complaints if people were in an incriminating position when the photo was taken. They can’t ask everyone that they took photos of for permission for the images to be online so instead they just blur out EVERYONE.
Google maps, for example, have recently started blurring out faces on street view. This again is not a legal requirement however they have decided that it is ethically right to do this. If they didn’t do this it might also cause a lot of complaints if people were in an incriminating position when the photo was taken. They can’t ask everyone that they took photos of for permission for the images to be online so instead they just blur out EVERYONE.
Personally I think that in quite a few companies
a lot of ethical decisions may be overlooked because they be extremely time
consuming or expensive (for example handing out permission slips or going through
and blurring every single person’s face on street view) and since they don’t
have a legal obligation to do these things they do not.
Unit 7 Organisational Systems Security M2
M2 how data transmitted over a network can be protected by encryption.
Encryption is a method of
converting normal information such as text, images and media into a format
which is unintelligible unless you are in possession of the key that is the
basis of the conversion. Public/private keys are keys that are mathematically
related. The public key can be widely distributed, among employees for example,
and is used to encrypt data. The private key can decrypt the data only a few
authorised people have access to the private key.
For example, one user wanted to send some sensitive information to another user, the sender of the information would encrypt the data with the receiver’s public key, and once they have received the data they can decrypt it using their private key.
Encryption should be used for sensitive information, things like emails etc. and helps keeps things confidential.
For example, one user wanted to send some sensitive information to another user, the sender of the information would encrypt the data with the receiver’s public key, and once they have received the data they can decrypt it using their private key.
Encryption should be used for sensitive information, things like emails etc. and helps keeps things confidential.
An advantage of encryption is that once the data has been encrypted it
is secure so not as much security is needed on the system, however this can
also be a disadvantage as a lot of people’s jobs will then revolve around
making sure that the key for the encryption is secure
Handshaking is a process where two communication devices continuously
agree a method of data communication.
Virus checking software will often run in the background of any system. It will scan each file as it is being opened for any fingerprints which match the virus definitions. It will also attempt to identify any suspicious activity from a program. If a virus is detected then the antivirus software should take care of it before it can cause any problems. Software to detect and get rid of viruses is of massive importance as a virus can gain access to important information and could corrupt it.
One of the ways to make sure the system is safe is to have passwords on everything, and very hard to guess passwords that have a mixture of upper and lower case, numbers, letters and punctuation. An incredibly insecure password would be 'password' or 'password1' however having 'pA$sw0Rd7' would be much more secure. It is a lot harder to remember however and having such difficult to remember passwords have led to employees writing their passwords down and leaving them on sticky notes right next to their computer, and if the building gets broken into then they automatically have access to everything. this is why it is vital that people remember their passwords and not write them down.
Encryption is a method of converting normal information such as text, images and media into a format which is unintelligible unless you are in possession of the key that is the basis of the conversion. Public/private keys are keys that are mathematically related. The public key can be widely distributed, among employees for example, and is used to encrypt data. The private key can decrypt the data and is kept secret.
Virus checking software will often run in the background of any system. It will scan each file as it is being opened for any fingerprints which match the virus definitions. It will also attempt to identify any suspicious activity from a program. If a virus is detected then the antivirus software should take care of it before it can cause any problems. Software to detect and get rid of viruses is of massive importance as a virus can gain access to important information and could corrupt it.
One of the ways to make sure the system is safe is to have passwords on everything, and very hard to guess passwords that have a mixture of upper and lower case, numbers, letters and punctuation. An incredibly insecure password would be 'password' or 'password1' however having 'pA$sw0Rd7' would be much more secure. It is a lot harder to remember however and having such difficult to remember passwords have led to employees writing their passwords down and leaving them on sticky notes right next to their computer, and if the building gets broken into then they automatically have access to everything. this is why it is vital that people remember their passwords and not write them down.
Encryption is a method of converting normal information such as text, images and media into a format which is unintelligible unless you are in possession of the key that is the basis of the conversion. Public/private keys are keys that are mathematically related. The public key can be widely distributed, among employees for example, and is used to encrypt data. The private key can decrypt the data and is kept secret.
Handshaking is
process where two communication devices continuously agree a method of data
communication.
Use of backups is also extremely important in case the information gets corrupted or accidentally deleted. 2 copies of the backup should be taken, one to leave on the premises for easy access if information is needed quickly and one to be kept off the premises in case there is a fire or something similar which would mean both the original and the backup data would be destroyed. there are different types of backup and these are as follows;
Incremental Backups: Involves storing only changed data since the last backup of any type.
Differential Backups: Involves storing only changed data since the last full backup.
Redundancy: A term in meaning duplication of information.
RIAD: Stands for redundant array of independent disks. It is used as a live backup mechanism with multiple hard disks maintaining multiple images of the data.
Mirroring: A backup server that ‘mirrors’ the processes and actions of the primary server fails. If the primary server fails, the backup server can take over without any downtime because it has mirrored the content of the primary server.
The tiers of recovery show what how prepared a company would be if all their information was wiped, these as follows;
Use of backups is also extremely important in case the information gets corrupted or accidentally deleted. 2 copies of the backup should be taken, one to leave on the premises for easy access if information is needed quickly and one to be kept off the premises in case there is a fire or something similar which would mean both the original and the backup data would be destroyed. there are different types of backup and these are as follows;
Incremental Backups: Involves storing only changed data since the last backup of any type.
Differential Backups: Involves storing only changed data since the last full backup.
Redundancy: A term in meaning duplication of information.
RIAD: Stands for redundant array of independent disks. It is used as a live backup mechanism with multiple hard disks maintaining multiple images of the data.
Mirroring: A backup server that ‘mirrors’ the processes and actions of the primary server fails. If the primary server fails, the backup server can take over without any downtime because it has mirrored the content of the primary server.
The tiers of recovery show what how prepared a company would be if all their information was wiped, these as follows;
Tier 0 – No off site data.
Possibly no recovery. One power cut and all data is unsafe.
Tier 1 – Data backup with a no
dark site. Backups are taken but no replacement location if system fails.
Tier 2 – Data backup with a
dark site. Copies of data are taken and there is a centre available to transfer
data.
Tier 3 – Electronic vaulting.
Mirrored copies of the system state are continuously maintained.
Tier 4 - Point-In-Time copies.
Remote copies of the data are the same as local data.
Tier 5 – Transaction
integrity. The system ensures both copies are in tune with each other.
Tier 6 – Zero data loss. For
fast systems, where a sudden fault, could result in some minor transactional
data loss.
Tier
7 – Highly automated, business integrated solution. The system will do all the
thinking for you.
Call Backs are used on dial up systems where network administrators can dial into a network and the network device will call them back. Carries a username and password to ensure that the channel is secure. It uses CHAP which stands for Challenge handshake authentication protocol.
A diskless network is very useful as it does not have a CD/DVD drive, USB
ports or floppy disk drive. It stops users adding new devices such as USB sticks or CDs so data is not being stolen and
it also stops data being easily transferred from a computer to a mobile storage
device.
A firewall acts as a barrier between the computer and the internet, having a firewall makes it extremely hard for hackers and viruses to get onto the system. Firewalls are usually meant to stop malicious things from coming in but they can also be set up to prevent employees accessing dangerous sites or sending out information over email.
Call Backs are used on dial up systems where network administrators can dial into a network and the network device will call them back. Carries a username and password to ensure that the channel is secure. It uses CHAP which stands for Challenge handshake authentication protocol.
A diskless network is very useful as it does not have a CD/
A firewall acts as a barrier between the computer and the internet, having a firewall makes it extremely hard for hackers and viruses to get onto the system. Firewalls are usually meant to stop malicious things from coming in but they can also be set up to prevent employees accessing dangerous sites or sending out information over email.
Unit 7 Organisational Systems Security M1
M1 Discuss Information Security
Confidentiality
Confidentiality is making sure that private information remains private, especially if it is things like addresses, dates of birth or medical histories of employees or customers. This information must be kept with the employer and can’t be distributed around.
Different employees in a company may have different levels of access to confidential information, and before they start work they should be made to sign a confidentiality agreement to make sure that they don’t share any confidential information.
Making sure that the data is stored in a safe place is also very important, if it’s stored on paper it should be kept in locked filing cabinets in locked rooms for example, and depending on how sensitive the information is it might have security guards as well.
If it is stored digitally then it should have a very complicated password that is changed often as well as a very secure system (very good antivirus etc).
Data integrity and completeness
This is making sure that any information that may be stored by a company is all correct and not missing anything. It is very important to regularly check that all the data stored is correct as if it is incorrect then this can lose money for the company if they have to spend ages sorting it out if one day they realise that all of their data is wrong, compared with doing it a little at a time.
This could even lead to people being hospitalised or even dying if for example a company that keeps medical records gets mixed up and people get the wrong prescriptions, or if the information isn’t complete and doesn’t mention a penicillin allergy for example.
Validation routines and input masking are ways to help make sure that all data is complete at the point that it is entered, for example if data is being entered into a database it will make sure that no letters are input into the ‘telephone number’ field, and that all necessary fields are filled.
A way to check if anything has changed with the data after it has been entered is for example with a dentists, every time you go they give you the option to change your address if you have moved or your mobile phone number if you have a new phone etc. so that it will be correct in their records.
Access to data
It is important to make sure that only people who really need to use certain data have access to it. Employees within an organisation will have different levels of access to data and this is usually determined by what job they do and how high up in the company they are.
A reason why people may request data that they do not normally get access to is if they are a bank or loans company wanting to check a credit report, this can only be requested when someone applies for credit.
It is important to keep track of who within an organisation has access to what data, for example if data is stolen then the company can see all the people who had access to it which will narrow it down.
it is also important to make sure that who has access to what data is reviewed often to make sure that no one has access to any information that they do not need and this will make sure that the information is more secure.
Confidentiality is making sure that private information remains private, especially if it is things like addresses, dates of birth or medical histories of employees or customers. This information must be kept with the employer and can’t be distributed around.
Different employees in a company may have different levels of access to confidential information, and before they start work they should be made to sign a confidentiality agreement to make sure that they don’t share any confidential information.
Making sure that the data is stored in a safe place is also very important, if it’s stored on paper it should be kept in locked filing cabinets in locked rooms for example, and depending on how sensitive the information is it might have security guards as well.
If it is stored digitally then it should have a very complicated password that is changed often as well as a very secure system (very good antivirus etc).
Data integrity and completeness
This is making sure that any information that may be stored by a company is all correct and not missing anything. It is very important to regularly check that all the data stored is correct as if it is incorrect then this can lose money for the company if they have to spend ages sorting it out if one day they realise that all of their data is wrong, compared with doing it a little at a time.
This could even lead to people being hospitalised or even dying if for example a company that keeps medical records gets mixed up and people get the wrong prescriptions, or if the information isn’t complete and doesn’t mention a penicillin allergy for example.
Validation routines and input masking are ways to help make sure that all data is complete at the point that it is entered, for example if data is being entered into a database it will make sure that no letters are input into the ‘telephone number’ field, and that all necessary fields are filled.
A way to check if anything has changed with the data after it has been entered is for example with a dentists, every time you go they give you the option to change your address if you have moved or your mobile phone number if you have a new phone etc. so that it will be correct in their records.
Access to data
It is important to make sure that only people who really need to use certain data have access to it. Employees within an organisation will have different levels of access to data and this is usually determined by what job they do and how high up in the company they are.
A reason why people may request data that they do not normally get access to is if they are a bank or loans company wanting to check a credit report, this can only be requested when someone applies for credit.
It is important to keep track of who within an organisation has access to what data, for example if data is stolen then the company can see all the people who had access to it which will narrow it down.
it is also important to make sure that who has access to what data is reviewed often to make sure that no one has access to any information that they do not need and this will make sure that the information is more secure.
Unit 7 Organisational Systems SecurityP6
P6 Review the laws related to security and privacy of data.
Computer
Misuse Act (1990)
The computer misuse act covers 3 different aspects;
Unauthorised access to computer material, this is things like using another person’s password and username without their permission (or using a trap to find out their password) editing, deleting or moving any data without permission all fall under the unauthorised access to computer material.
It also covers unauthorised access to computer systems, which is when a computer system is used without permission for anything malicious, like creating a Trojan, creating a backdoor for hackers, or giving people administration rights when they’re not supposed to have them.
Finally it covers unauthorised modification of computer material, and this includes offences such as editing data for personal gain, for example bank account details or modifying when you were clocked into work to avoid getting disciplined for being late. It also includes the distribution of viruses.
Copyright, Designs and Patents Act (1998)
This covers things such as media, music, videos, podcasts, pictures and images, written material, a design of a unique hardware product or software program.
When something has been copyrighted or patented, this means that no one can use the music, video, image etc, without the permission of the creator. If someone is found using the copyrighted material without consent, then the holder of the copyright has the right to sue them under the copyright, design and patents act. In order to avoid this is it always important to ask permission before using images.
Data Protection Acts (1984, 1998 and 2000)
The Data Protection Acts are, as the name suggests, acts which cover how personal information can be accessed and used. It doesn’t cover data from computers; it also covers paper based information. There are 8 basic principles to the act
The computer misuse act covers 3 different aspects;
Unauthorised access to computer material, this is things like using another person’s password and username without their permission (or using a trap to find out their password) editing, deleting or moving any data without permission all fall under the unauthorised access to computer material.
It also covers unauthorised access to computer systems, which is when a computer system is used without permission for anything malicious, like creating a Trojan, creating a backdoor for hackers, or giving people administration rights when they’re not supposed to have them.
Finally it covers unauthorised modification of computer material, and this includes offences such as editing data for personal gain, for example bank account details or modifying when you were clocked into work to avoid getting disciplined for being late. It also includes the distribution of viruses.
Copyright, Designs and Patents Act (1998)
This covers things such as media, music, videos, podcasts, pictures and images, written material, a design of a unique hardware product or software program.
When something has been copyrighted or patented, this means that no one can use the music, video, image etc, without the permission of the creator. If someone is found using the copyrighted material without consent, then the holder of the copyright has the right to sue them under the copyright, design and patents act. In order to avoid this is it always important to ask permission before using images.
Data Protection Acts (1984, 1998 and 2000)
The Data Protection Acts are, as the name suggests, acts which cover how personal information can be accessed and used. It doesn’t cover data from computers; it also covers paper based information. There are 8 basic principles to the act
1. It must be
collected and used fairly and inside the law.
2. It must only
be held and used for the reasons given to the Information Commissioner.
3. It can only
be used for those registered purposes and only be disclosed to those people
mentioned in the register entry. You cannot give it away or sell it unless you
said you would to begin with.
4. The information held
must be adequate, relevant and not excessive when compared with the purpose
stated in the register. So you must have enough detail but not too much for the
job that you are doing with the data.
5. It must be
accurate and be kept up to date. There is a duty to keep it up to date, for
example to change an address when people move.
6. It must not
be kept longer than is necessary for the registered purpose. It is alright to
keep information for certain lengths of time but not indefinitely. This rule
means that it would be wrong to keep information about past customers longer
than a few years at most.
7. The
information must be kept safe and secure. This includes keeping the information
backed up and away from any unauthorised access. It would be wrong to leave
personal data open to be viewed by just anyone.
8. The files
may not be transferred outside of the European Economic Area (that's the EU
plus some small European countries) unless the country that the data is being
sent to has a suitable data protection law. This part of the DPA has led
to some countries passing similar laws to allow computer data centres to be
located in their area.
(ref for 8 principals:
http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev5.shtml)
Freedom of Information Act (2000)
The freedom of information act means that anyone can request any
official government information with regards to the government, public
authorities, the NHS, schools and universities, public services such as the
police etc. personal information may not be realised as this would breach the
data protection act. There are a few different circumstances in which you
wouldn’t be able to receive the information, some of these include, if the
information applies to an organisation’s security, is related to a current
ongoing investigation by police or other public authorities or if it is covered
by the official secrets act.
Unit 7 Organisational Systems Security P5
P5 How staff employment contracts can make IT systems more secure.
Hiring Policies
When a person gets hired by a company, there are numerous things included in the hiring policy which help keep the company secure. Background checks will be done to make sure that the person doesn’t have a criminal record, and they also check the references that the person gives. Most companies have a probation period where a new employee can be fired straight away, without being disciplined or given warnings. This makes sure that the person that they’re hiring is trustworthy and won’t steal from the company or commit other crimes, and this helps keep the systems more secure.
When a person gets hired by a company, there are numerous things included in the hiring policy which help keep the company secure. Background checks will be done to make sure that the person doesn’t have a criminal record, and they also check the references that the person gives. Most companies have a probation period where a new employee can be fired straight away, without being disciplined or given warnings. This makes sure that the person that they’re hiring is trustworthy and won’t steal from the company or commit other crimes, and this helps keep the systems more secure.
Separation of
duties
separation of duties involves delegation of tasks. When an employee is hired they will be told in their employment contract what jobs and tasks they are expected to do. Some really important duties are shared between a small number of people, this way if someone with a really important job is off sick, then there are still people within the company who can be trusted to do it, otherwise, the job would either not get done which could results in big costs for the company, or someone who is not trusted to do the job might have to do it and this could breech security.
separation of duties involves delegation of tasks. When an employee is hired they will be told in their employment contract what jobs and tasks they are expected to do. Some really important duties are shared between a small number of people, this way if someone with a really important job is off sick, then there are still people within the company who can be trusted to do it, otherwise, the job would either not get done which could results in big costs for the company, or someone who is not trusted to do the job might have to do it and this could breech security.
Ensuring Compliance
Including Disciplinary Procedures
If an employee is found doing something punishable, like stealing from the company for example, this has to be dealt with fairly and also confidentially. There are many ways that an incident could be dealt with and they all depend on the severity of the incident. Something small may only require a meeting with a supervisor to discuss what happened; this may be record for future reference. Something bigger may require the employee being suspended with pay while an investigation is ongoing to make sure that they are actually guilty of what they are accused of, as if they are not guilty and get fired, and then there could be legal issues at great cost to the company. Something such as stealing information from the company may lead to instant firing. This is done in order to try and deter people from stealing information and preventing security breaches.
If an employee is found doing something punishable, like stealing from the company for example, this has to be dealt with fairly and also confidentially. There are many ways that an incident could be dealt with and they all depend on the severity of the incident. Something small may only require a meeting with a supervisor to discuss what happened; this may be record for future reference. Something bigger may require the employee being suspended with pay while an investigation is ongoing to make sure that they are actually guilty of what they are accused of, as if they are not guilty and get fired, and then there could be legal issues at great cost to the company. Something such as stealing information from the company may lead to instant firing. This is done in order to try and deter people from stealing information and preventing security breaches.
Training and
communication with staff as their responsibilities
Making sure that each employee is aware of their responsibilities is really vital to a company, for example if someone wasn't sure what they were supposed to be doing it could impact on the company itself as it could cause a lot of confusion and also security breaches. It is extremely important that all members of staff get appropriate training as it could also impact on health and safety aspects as well as security.
Making sure that each employee is aware of their responsibilities is really vital to a company, for example if someone wasn't sure what they were supposed to be doing it could impact on the company itself as it could cause a lot of confusion and also security breaches. It is extremely important that all members of staff get appropriate training as it could also impact on health and safety aspects as well as security.
Unit 7 Organisational Systems Security P4
P4 explain the policies and guidelines for managing organisational IT security issues.
Disaster recovery
this policy is to help a company get back on their feet if a disaster occurs, this could be anything from floods and fires destroying the building to viruses corrupting data or even worker strikes. This is usually a document detailing what would happen in such circumstances, for example numbers to ring for insurance, a temporary work building, details of backups, where new equipment could be hired from temporarily etc. This is an extremely important policy for all companies to have.
this policy is to help a company get back on their feet if a disaster occurs, this could be anything from floods and fires destroying the building to viruses corrupting data or even worker strikes. This is usually a document detailing what would happen in such circumstances, for example numbers to ring for insurance, a temporary work building, details of backups, where new equipment could be hired from temporarily etc. This is an extremely important policy for all companies to have.
Updating security
procedures
it is important to keep the security procedures updated to keep up with new technology and threats. It is also important to test the new procedures to check that they are valid and still working. A good way to test how secure a system is, is to hire a hacker and see if they can hack into the system. If they can, then you know which areas of the system need extra support. A physical security expert could also be brought in to look at the locks and other physical security measures to see if they are secure enough too
Code of conduct
Every organisation should have a code of conduct, to be signed by anyone that will be using the system. This tells them what they can and can’t do while using the system and also the consequences of breaking the code of conduct. If a code of conduct is signed by an individual, they are then legally accountable for anything they do within the system.
Southport college has an unacceptable usage policy (http://moodle2.southport.ac.uk/mod/book/view.php?id=1666&chapterid=18) which dictates what cannot be done when using the system. An example of this is ‘do not bring in viruses’ which is, obviously, to prevent viruses attacking the network. Breaking nay of the rules in the code of conduct will result in anything from an internet ban for a week (for example if you use another students log in) to misconduct or gross misconduct investigation (for example damaging computer equipment)
it is important to keep the security procedures updated to keep up with new technology and threats. It is also important to test the new procedures to check that they are valid and still working. A good way to test how secure a system is, is to hire a hacker and see if they can hack into the system. If they can, then you know which areas of the system need extra support. A physical security expert could also be brought in to look at the locks and other physical security measures to see if they are secure enough too
Code of conduct
Every organisation should have a code of conduct, to be signed by anyone that will be using the system. This tells them what they can and can’t do while using the system and also the consequences of breaking the code of conduct. If a code of conduct is signed by an individual, they are then legally accountable for anything they do within the system.
Southport college has an unacceptable usage policy (http://moodle2.southport.ac.uk/mod/book/view.php?id=1666&chapterid=18) which dictates what cannot be done when using the system. An example of this is ‘do not bring in viruses’ which is, obviously, to prevent viruses attacking the network. Breaking nay of the rules in the code of conduct will result in anything from an internet ban for a week (for example if you use another students log in) to misconduct or gross misconduct investigation (for example damaging computer equipment)
Surveillance and
monitoring
CCTV is a popular choice when monitoring staff members in an organisation. It’s good because not only can it show all of the CCTV camera views on one computer screen for all angles, it can also be watched back if anything needs to be disputed.
Staff should be informed about when surveillance may be taking place. A lot of staff may feel like their privacy is being invaded when they are being watched by CCTV, so staff should be told exactly what the CCTV is being used for. it should be used with discretion, for example making sure that it is looking for security breaches or intruders or people in areas where they do not have access, and not for spying on staff to check if they are working or not.
CCTV is a popular choice when monitoring staff members in an organisation. It’s good because not only can it show all of the CCTV camera views on one computer screen for all angles, it can also be watched back if anything needs to be disputed.
Staff should be informed about when surveillance may be taking place. A lot of staff may feel like their privacy is being invaded when they are being watched by CCTV, so staff should be told exactly what the CCTV is being used for. it should be used with discretion, for example making sure that it is looking for security breaches or intruders or people in areas where they do not have access, and not for spying on staff to check if they are working or not.
Risk Management
this policy is how the organisation will deal with the risks that they face every day, depending on how high or low risk it might be. There are 4 options that they organisation may choose. They could tolerate the risk and do nothing, they could upgrade their system, they could deal with the risk by stopping it directly or they could transfer the risk by changing the way that they work.
this policy is how the organisation will deal with the risks that they face every day, depending on how high or low risk it might be. There are 4 options that they organisation may choose. They could tolerate the risk and do nothing, they could upgrade their system, they could deal with the risk by stopping it directly or they could transfer the risk by changing the way that they work.
Budget setting
Budget setting is extremely important, as organisations need to make sure that they have all of the equipment that they need and they need to keep money aside for things such as replacing hardware, training staff, cost of software licensing, staff wages, the costs of security measures, external support which may be needed to set systems or equipment up. A good security system will not be cheap and this should be taken into account when the budget is being planned.
Budget setting is extremely important, as organisations need to make sure that they have all of the equipment that they need and they need to keep money aside for things such as replacing hardware, training staff, cost of software licensing, staff wages, the costs of security measures, external support which may be needed to set systems or equipment up. A good security system will not be cheap and this should be taken into account when the budget is being planned.
Unit 7 Organisational Systems Security P3
P3 Software and network security keeping systems and data secure and how data transmitted over a network can be protected by encryption.
These are measures taken within
the actual computers and not focusing on the building or surrounding area.
One of the ways to make sure the system is safe is to have passwords on everything, and very hard to guess passwords that have a mixture of upper and lower case, numbers, letters and punctuation. An incredibly insecure password would be 'password' or 'password1' however having 'pA$sw0Rd7' would be much more secure. It is a lot harder to remember however and having such difficult to remember passwords have led to employees writing their passwords down and leaving them on sticky notes right next to their computer, and if the building gets broken into then they automatically have access to everything. this is why it is vital that people remember their passwords and not write them down.
Virus checking software will often run in the background of any system. It will scan each file as it is being opened for any fingerprints which match the virus definitions. It will also attempt to identify any suspicious activity from a program. If a virus is detected then the antivirus software should take care of it before it can cause any problems. Software to detect and get rid of viruses is of massive importance as a virus can gain access to important information and could corrupt it.
Confidentiality is a very simple way to keep data secure however it would also be very easy for an employee for a high security company to mention something important about work in passing and for the wrong person to hear it. a lot of companies have policies stating that employees are not allowed to post about work, be it colleagues or bosses or actual work at all and this all leads to data being more confidential.
Keeping the operating system up to date is also very important as it usually has defects or bugs where viruses can easily slip through and when you update it is more than likely that they will have fixed the bug and patched up the holes.
One of the ways to make sure the system is safe is to have passwords on everything, and very hard to guess passwords that have a mixture of upper and lower case, numbers, letters and punctuation. An incredibly insecure password would be 'password' or 'password1' however having 'pA$sw0Rd7' would be much more secure. It is a lot harder to remember however and having such difficult to remember passwords have led to employees writing their passwords down and leaving them on sticky notes right next to their computer, and if the building gets broken into then they automatically have access to everything. this is why it is vital that people remember their passwords and not write them down.
Virus checking software will often run in the background of any system. It will scan each file as it is being opened for any fingerprints which match the virus definitions. It will also attempt to identify any suspicious activity from a program. If a virus is detected then the antivirus software should take care of it before it can cause any problems. Software to detect and get rid of viruses is of massive importance as a virus can gain access to important information and could corrupt it.
Confidentiality is a very simple way to keep data secure however it would also be very easy for an employee for a high security company to mention something important about work in passing and for the wrong person to hear it. a lot of companies have policies stating that employees are not allowed to post about work, be it colleagues or bosses or actual work at all and this all leads to data being more confidential.
Keeping the operating system up to date is also very important as it usually has defects or bugs where viruses can easily slip through and when you update it is more than likely that they will have fixed the bug and patched up the holes.
Encryption is a method of converting normal information such
as text, images and media into a format which is unintelligible unless you are
in possession of the key that is the basis of the conversion. Public/private
keys are keys that are mathematically related. The public key can be widely
distributed, among employees for example, and is used to encrypt data. The
private key can decrypt the data and is kept secret.
Handshaking
is process where two communication devices continuously agree a method of data
communication.
Use of backups is also extremely important in case the information gets corrupted or accidentally deleted. 2 copies of the backup should be taken, one to leave on the premises for easy access if information is needed quickly and one to be kept off the premises in case there is a fire or something similar which would mean both the original and the backup data would be destroyed. there are different types of backup and these are as follows;
Incremental Backups: Involves storing only changed data since the last backup of any type.
Differential Backups: Involves storing only changed data since the last full backup.
Redundancy: A term in meaning duplication of information.
RIAD: Stands for redundant array of independent disks. It is used as a live backup mechanism with multiple hard disks maintaining multiple images of the data.
Mirroring: A backup server that ‘mirrors’ the processes and actions of the primary server fails. If the primary server fails, the backup server can take over without any downtime because it has mirrored the content of the primary server.
The tiers of recovery show what how prepared a company would be if all their information was wiped. are as follows;
Use of backups is also extremely important in case the information gets corrupted or accidentally deleted. 2 copies of the backup should be taken, one to leave on the premises for easy access if information is needed quickly and one to be kept off the premises in case there is a fire or something similar which would mean both the original and the backup data would be destroyed. there are different types of backup and these are as follows;
Incremental Backups: Involves storing only changed data since the last backup of any type.
Differential Backups: Involves storing only changed data since the last full backup.
Redundancy: A term in meaning duplication of information.
RIAD: Stands for redundant array of independent disks. It is used as a live backup mechanism with multiple hard disks maintaining multiple images of the data.
Mirroring: A backup server that ‘mirrors’ the processes and actions of the primary server fails. If the primary server fails, the backup server can take over without any downtime because it has mirrored the content of the primary server.
The tiers of recovery show what how prepared a company would be if all their information was wiped. are as follows;
Tier 0 – No off site data. Possibly no recovery. One power
cut and all data is unsafe.
Tier 1 – Data backup with a no dark site. Backups are taken
but no replacement location if system fails.
Tier 2 – Data backup with a dark site. Copies of data are
taken and there is a centre available to transfer data.
Tier 3 – Electronic vaulting. Mirrored copies of the system
state are continuously maintained.
Tier 4 - Point-In-Time copies. Remote copies of the data are
the same as local data.
Tier 5 – Transaction integrity. The system ensures both
copies are in tune with each other.
Tier 6 – Zero data loss. For fast systems, where a sudden
fault, could result in some minor transactional data loss.
Tier 7 – Highly
automated, business integrated solution. The system will do all the thinking
for you.Call Backs are used on dial up systems where network administrators can dial into a network and the network device will call them back. Carries a username and password to ensure that the channel is secure. It uses CHAP which stands for Challenge handshake authentication protocol.
A diskless network is very useful as it does not have a CD/DVD drive, USB ports or floppy disk drive. It stops users adding new devices such as USB sticks or CDs so data is not being stolen and it also stops data being easily transferred from a computer to a mobile storage device.
A firewall acts as a barrier between the computer and the internet, having a firewall makes it extremely hard for hackers and viruses to get onto the system. Firewalls are usually meant to stop malicious things from coming in but they can also be set up to prevent employees accessing dangerous sites or sending out information over email.
Unit 7 Organisation Systems Security P2
P2 Physical security measures that help keep systems secure.
Physical security measures are measures that are taken to keep the physical computers safe, not virtual things like antivirus software. these can be as simple as just putting locks on the doors of rooms containing computers or as complicated as having a biometric system.Some more simple measures are things like visitor passes so you can tell when there are unauthorised people in the building as they won't have a visitor pass. These visitor passes can also double as door entry swipe cards if they have a little black programmable strip on the back, this means that each visitor pass can be extremely easily programmed to only give access to certain parts of the building, by only opening certain doors. this means that access to important rooms is restricted as few people as are required there, and it greatly reduces unauthorised people being in restricted areas since they cannot access them.
Sign in/sign out systems are also quite similar in that they can show how many people are in the building at one time, and security guards can guard doors of high importance rooms to make sure that no one breaks in.
If the information within the system needs to be kept extremely secure then biometrics can be put in place, these can be really expensive and take a long time to implement as all of the current employee's retinas, fingerprints and/or voices (depending on the type of biometric system) need to be scanned. Retina scans take a picture of the back of your eye and these are the most reliable ones as your retina doesn't change. fingerprint scanners can fail eventually as if people bite their fingers it can damage their prints to the extent that the machine will not be able to read it and not allow the person access to the building. Voice recognition is perhaps the worst option of biometrics, as voices can be easily imitated, and your voice can change throughout the day depending on your mood, how tired you are, if you have a cold or a sore throat, and are therefore not very reliable.
Unit 7 Organisational Systems Security P1
P1 The impact of specific individual types of threats that exist to organisations.
Malicious damage is the intentional harming of property, and in large
companies this usually means disgruntled employees who have just been fired and
want to take it out on the company. It could also be stressed employees who
have just had enough, this can potentially ruin a lot of equipment and the
company will lose money in having to replace it, and if it is a small company
with only 3 or 4 computers and someone breaks one then it could slow down or
potentially completely stop work.
There are many types of potential threats to an organisation that
involve access without damage, and these are;
Phishing and Identity theft , Phishing is a type of Internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organizations. The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. Such excuses usually relate to loss of data, system breakdown, etc.
Phishing and Identity theft , Phishing is a type of Internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organizations. The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. Such excuses usually relate to loss of data, system breakdown, etc.
Piggybacking, which is gaining access to restricted communication
channel by using session that another user has already established, can be
defeated by logging off before leaving a workstation or terminal or by
initiating a protected mode, such as via a screensaver that requires
re-authentication before access can be resumed. This also is a cause for loss
of information.
Hacking involves gaining unauthorized access to other computers. A
hacker can "hack" his or her way through the security levels of a
computer system or network. This can be as simple as figuring out somebody
else's password or as complex as writing a custom program to break another
computer's security software. Hacking is very bad as not only can there be
massive data loss, if the company deals with a lot of personal information then
the hacker will have access to all of it.
Website Defacement is an example of a threat related to ecommerce. Website
defacement is an attack on a website that changes the visual appearance of the
site or a webpage. These are typically the work of system crackers, who break
into a web server and replace the hosted website with one of their own. This
can lead to the company not being taken seriously or losing customers.
DOS attacks are denial of service
attacks, which is where a group of people will bring it upon themselves to take
a website down by flooding it with useless traffic and taking the server down
so other people cannot access the website. This can lose the company customers
and if they are an ecommerce website then it could lose them a lot of money,
especially if it takes them a while to get the server back up and running again.
Unit 1 Communication and Employability M3
M3 How an awareness of learning styles can aid personal development.
Knowing
your learning style will aid your personal development as when you understand
how you learn best you can make sure that you learn more in those ways and that
way what you're studying will stick a lot more, you will learn faster, be more
productive, and you will also be more interested in studying.
There are 4
main types of learning styles, known as VARK, and these are visual, auditory,
reading/writing and kinaesthetic.
If you’re a visual learner then you learn better through watching other people do things first and then copying them. Ways you can learn this way could be to watch youtube videos on the subject that you’re learning about as this is way you can watch tutorials of things.
If you're an auditory learner you learn best by listening to things, the best way to learn if you hear the information and this can best be achieved through lectures, watching videos or having discussions or debates about a given subject.
If you're a read/write learner you learn best from taking notes and copying from text books, and good things to do to help study would be writing flash cards or re-writing some parts of text books in your own words as this included both reading and writing.
If you’re a kinaesthetic learner then you learn best from doing things practically. Making flash cards and graphs would be useful while studying, however while learning doing practicals and getting hands on are the best ways.
If you’re a visual learner then you learn better through watching other people do things first and then copying them. Ways you can learn this way could be to watch youtube videos on the subject that you’re learning about as this is way you can watch tutorials of things.
If you're an auditory learner you learn best by listening to things, the best way to learn if you hear the information and this can best be achieved through lectures, watching videos or having discussions or debates about a given subject.
If you're a read/write learner you learn best from taking notes and copying from text books, and good things to do to help study would be writing flash cards or re-writing some parts of text books in your own words as this included both reading and writing.
If you’re a kinaesthetic learner then you learn best from doing things practically. Making flash cards and graphs would be useful while studying, however while learning doing practicals and getting hands on are the best ways.
I
personally learn best by writing bits of information out over and over again
until the information is stuck in my brain, so a reading and writing, however I
also find that studying using different aspects of all learning styles is very
beneficial. Upon taking a learning styles test I was presented with the result
of being a VARK learner.
Unit 1 Communication and Employability P5
P5 Use IT to aid communication
|
Channel
|
Benefit
|
Disadvantage
|
|
Word-processed
document
|
Really
easy to edit and change. Search document for specific paragraph. Permanent
record of stuff. Spell checker.
|
You
need a computer to make a word document and a printer to print it out,
printer ink can be expensive
|
|
Presentations
|
Easy to get your point out to a large
audience and can include pictures and videos
|
Can be hard to stand up in front of an
audience, sometimes too many animations or transitions can make it hard to
watch, or too much or too little information on each slide
|
|
Web
pages
|
Very
easy to search through numerous webpages with a search engine, easy to c+p
info, ctrl+f to find specific information
|
Some
webpages are made up information, can contain viruses or take a while to find
the information that you need amongst adverts
|
|
Email
|
A lot quicker to get information out than by
a letter for example, can also add attachments and send to numerous people
without having to type it out again
|
Can be easy to be very informal when the situation
calls to be more formal, or send the wrong attachment
|
|
Blogs/v
logs/podcasts
|
They
are all good ways for a company to interact with it’s customers in a modern
way Vlogs are good for advertising
|
Videos
can take a long time to edit, and you have to have a good internet connection
to be able to stream videos
|
|
Video
conferencing
|
Can have a basically face to face meeting
even if people are in other countries and this is a lot cheaper than a plane
ticket, or if you get ill you can still attend meetings from your home
|
Slow connections or the internet going down
can make video conferencing really hard if people keep cutting out or
disconnecting, requires a good internet connection and a webcam
|
|
Fax
|
Can be
easier than spending an email attachment if the internet goes down but the
power is still on
|
Not a
lot of people still have a fax machine
|
|
Skype
|
Free, very easy to use, instant messaging and
phone calls (with or without webcam) over the internet
|
Requires internet connection and sometimes
the call can cut out if one person’s internet dies, requires microphone and
can require webcam for video calling
|
|
Social
Network
|
Can be
a very easy way to keep up with people and find out what’s going on in the
world (e.g. BBC or CNN news twitter) can be easy to contact people over the
messaging services
|
Inappropriate
content can be posted that can come back to haunt you, requires internet
connection
|
|
Phone
call
|
Very quick and easier to communicate that via
email for example, as replies are instant
|
Can be costly if calling from a mobile and if
you need to think about your response for a while it is not ideal, you can’t
go back and change what you said if you decide that you want to reword what
you said like with an email or word document
|
|
Voice
Mail
|
Easy
to leave a recorded message with a person if they can’t reach the phone
|
Some
voice mail systems are flawed in that after you have listened to the message
it deletes it so you can’t re-listen to it if you needed the hear the
information again
|
|
VLE
|
Easy for college and school students to
access work and find resources to use
|
Can be hard for non technical teachers to
manage it. If the internet goes down in the school or college then no one can
access the vle
|
Unit 1 Communication and Employability P3 + M1
P3 Discuss potential barriers to effective communication and M1 Explain mechanisms that can reduce the impact of communication barriers.
There are a few different barriers to communication that can
hinder how well you can communicate with other people. These are;
- general communication skills
- interpersonal skills
- written communication skills
An example of some barriers to general communication include things like language differences, and making sure that if you’re giving a presentation for example that you are using language suitable for the audience. If you’re giving a personation to beginner technology user you should make sure that you are not using language that is too technical for them to understand, this is a way that you can reduce the impact of the communication barrier.
A way to reduce the impact for different languages might be to have a translator present who can translate your speech into the needed language. Or if you are aware beforehand that there will, for example, be Spanish people watching the presentation, you could make sure that you have the information in both Spanish and English on each slide.
Examples of some barriers to interpersonal skills include things like background noises and distractions that could draw your attention away from the audience or if you’re in the audience it could draw the attention away from the speaker. This could be avoided by making sure that people are sat away from things like air conditioners and that windows are closed to reduce noise and making sure that everyone in the room is facing the speaker and not away from them.
Examples
of barriers to written communication include things such as bad spelling and
grammar and also bad structure. When it comes to emails and word documents and
presentations it is always important to spell and grammar check your work and
make sure that it is in numerous paragraphs instead of just one long unreadable
paragraph. You have to be careful when it comes to spelling and grammar because
it only checks words against the dictionary. If you made a typo, and typed
‘sick’ instead of ‘sock’ for example, your work would no longer make sense but
Microsoft word wouldn’t pick up on it as ‘sick’, even though it is not the word
you wanted to use, it is spelt correctly. This is why it is always important to
make sure you proof read your work before printing it or submitting it.- general communication skills
- interpersonal skills
- written communication skills
An example of some barriers to general communication include things like language differences, and making sure that if you’re giving a presentation for example that you are using language suitable for the audience. If you’re giving a personation to beginner technology user you should make sure that you are not using language that is too technical for them to understand, this is a way that you can reduce the impact of the communication barrier.
A way to reduce the impact for different languages might be to have a translator present who can translate your speech into the needed language. Or if you are aware beforehand that there will, for example, be Spanish people watching the presentation, you could make sure that you have the information in both Spanish and English on each slide.
Examples of some barriers to interpersonal skills include things like background noises and distractions that could draw your attention away from the audience or if you’re in the audience it could draw the attention away from the speaker. This could be avoided by making sure that people are sat away from things like air conditioners and that windows are closed to reduce noise and making sure that everyone in the room is facing the speaker and not away from them.
Subscribe to:
Posts (Atom)