P4 explain the policies and guidelines for managing organisational IT security issues.
Disaster recovery
this policy is to help a company get back on their feet if a disaster occurs, this could be anything from floods and fires destroying the building to viruses corrupting data or even worker strikes. This is usually a document detailing what would happen in such circumstances, for example numbers to ring for insurance, a temporary work building, details of backups, where new equipment could be hired from temporarily etc. This is an extremely important policy for all companies to have.
this policy is to help a company get back on their feet if a disaster occurs, this could be anything from floods and fires destroying the building to viruses corrupting data or even worker strikes. This is usually a document detailing what would happen in such circumstances, for example numbers to ring for insurance, a temporary work building, details of backups, where new equipment could be hired from temporarily etc. This is an extremely important policy for all companies to have.
Updating security
procedures
it is important to keep the security procedures updated to keep up with new technology and threats. It is also important to test the new procedures to check that they are valid and still working. A good way to test how secure a system is, is to hire a hacker and see if they can hack into the system. If they can, then you know which areas of the system need extra support. A physical security expert could also be brought in to look at the locks and other physical security measures to see if they are secure enough too
Code of conduct
Every organisation should have a code of conduct, to be signed by anyone that will be using the system. This tells them what they can and can’t do while using the system and also the consequences of breaking the code of conduct. If a code of conduct is signed by an individual, they are then legally accountable for anything they do within the system.
Southport college has an unacceptable usage policy (http://moodle2.southport.ac.uk/mod/book/view.php?id=1666&chapterid=18) which dictates what cannot be done when using the system. An example of this is ‘do not bring in viruses’ which is, obviously, to prevent viruses attacking the network. Breaking nay of the rules in the code of conduct will result in anything from an internet ban for a week (for example if you use another students log in) to misconduct or gross misconduct investigation (for example damaging computer equipment)
it is important to keep the security procedures updated to keep up with new technology and threats. It is also important to test the new procedures to check that they are valid and still working. A good way to test how secure a system is, is to hire a hacker and see if they can hack into the system. If they can, then you know which areas of the system need extra support. A physical security expert could also be brought in to look at the locks and other physical security measures to see if they are secure enough too
Code of conduct
Every organisation should have a code of conduct, to be signed by anyone that will be using the system. This tells them what they can and can’t do while using the system and also the consequences of breaking the code of conduct. If a code of conduct is signed by an individual, they are then legally accountable for anything they do within the system.
Southport college has an unacceptable usage policy (http://moodle2.southport.ac.uk/mod/book/view.php?id=1666&chapterid=18) which dictates what cannot be done when using the system. An example of this is ‘do not bring in viruses’ which is, obviously, to prevent viruses attacking the network. Breaking nay of the rules in the code of conduct will result in anything from an internet ban for a week (for example if you use another students log in) to misconduct or gross misconduct investigation (for example damaging computer equipment)
Surveillance and
monitoring
CCTV is a popular choice when monitoring staff members in an organisation. It’s good because not only can it show all of the CCTV camera views on one computer screen for all angles, it can also be watched back if anything needs to be disputed.
Staff should be informed about when surveillance may be taking place. A lot of staff may feel like their privacy is being invaded when they are being watched by CCTV, so staff should be told exactly what the CCTV is being used for. it should be used with discretion, for example making sure that it is looking for security breaches or intruders or people in areas where they do not have access, and not for spying on staff to check if they are working or not.
CCTV is a popular choice when monitoring staff members in an organisation. It’s good because not only can it show all of the CCTV camera views on one computer screen for all angles, it can also be watched back if anything needs to be disputed.
Staff should be informed about when surveillance may be taking place. A lot of staff may feel like their privacy is being invaded when they are being watched by CCTV, so staff should be told exactly what the CCTV is being used for. it should be used with discretion, for example making sure that it is looking for security breaches or intruders or people in areas where they do not have access, and not for spying on staff to check if they are working or not.
Risk Management
this policy is how the organisation will deal with the risks that they face every day, depending on how high or low risk it might be. There are 4 options that they organisation may choose. They could tolerate the risk and do nothing, they could upgrade their system, they could deal with the risk by stopping it directly or they could transfer the risk by changing the way that they work.
this policy is how the organisation will deal with the risks that they face every day, depending on how high or low risk it might be. There are 4 options that they organisation may choose. They could tolerate the risk and do nothing, they could upgrade their system, they could deal with the risk by stopping it directly or they could transfer the risk by changing the way that they work.
Budget setting
Budget setting is extremely important, as organisations need to make sure that they have all of the equipment that they need and they need to keep money aside for things such as replacing hardware, training staff, cost of software licensing, staff wages, the costs of security measures, external support which may be needed to set systems or equipment up. A good security system will not be cheap and this should be taken into account when the budget is being planned.
Budget setting is extremely important, as organisations need to make sure that they have all of the equipment that they need and they need to keep money aside for things such as replacing hardware, training staff, cost of software licensing, staff wages, the costs of security measures, external support which may be needed to set systems or equipment up. A good security system will not be cheap and this should be taken into account when the budget is being planned.
Tank roo
ReplyDeleteYour the best.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHello i need a question to be answered. It has been unanswered for at least 5000 years, so as you can see this is a hard question and the time has changed for that the question need to be answered urgently and no time can be waste to answering it. if you know the answer then may our god bless your harvest. the question i need answering is as follows. How Do I
ReplyDeleteThis comment has been removed by the author.
DeleteHA GOTEEM. My feet smells like egg shells
ReplyDeleteRead my name (no homo)
ReplyDeleteI don't know if it cool to recommend a hacker but I promised to drop the contact of this pro hacker Arthur Vitali who helped me hack an entire cellphone with just a phone number. IF YOU NEED A HACKER, YOU FOUND THE BEST. Email- Quickarturhack@gmail,com WHATSAPP +17025301177
ReplyDeleteI had access to all social media accounts, SMS, pictures, videos, Camera, GPS tracking and an option to tap into phone calls and listen. Arthur offers a lot of other hacking services.