Explanation on the Policies and Guidelines Employed
by Industries to Manage IT Security Issues P4
Security policies and guidelines:
Disaster recovery policies
In a company they will have manage their money so that one
day it can be useful in the future. So if there are disasters that are either human-based
or it is caused by natural disasters. Examples of human-based disasters are
terrorist attacks, human error, worker strikes, computer viruses from hackers
or accidental by employee and fires which are caused by humans. Examples of
natural disasters are power failure if there is lots of rain, which can cause a
flood and might damage the computer system. The money will enable the company
to recover any lost information with this policy. Then they when their data has
been recovered they will have to make sure that the same problem doesn’t happen
Updating of security procedures
This is when the computer will update normally in order to
review the security system, however updating may have an impact on the system.
Therefore, it will need to be tested before it can to continue. Updating the
security procedures is important as they will need the new knowledge to go up
against other potential threats that may attack the organisations computer
Scheduling of security audits
The security audit is used to see if there were any service
attacks to the computer system and it is done automatically without it being
informed to employees of the industry. The audits are used to detect any
recurring problems that by me a threat in the future. So, when the problem is
distinguished they will able to improve their security, therefore there won’t
be any problems in the system again that could be threat to the industry.
Codes of conduct
Codes of conduct is when a someone that creates a code that
will enable contractors, employees, customers or suppliers have complete access
to your system. However, to have full access to the system they will have to
sign a code of conduct. Therefore, if they were to mess up the system or
anything else, they will have to take full responsibility of their actions and
will have to fix the problem themselves.
When installing CCTV or a covert surveillance camera in an
employee’s room, it may cause them stress and make them feel uncomfortable when
in the room. This is because their every move is being watched and will
therefore lead want them to make a complaint. So, for this not to happen the
employees you will want to have the job will have to sign a contract that they
are okay with being monitored.
This is when you predict a risk from happening by looking at
the weather forecast. A clear example is to see if there is a weather change
and if there is going to be heavy rain, which might cause a leak or a flood,
tomorrow they will have to see what they can do to stop it from damaging the
system. Such as having waterproof cables. This is important as it will be
useful in the future as the industry’s system will be safe from heavy rain. But
there are more things worse than heavy rain, thus they will need more equipment
to protect the system.
This is to manage the budget so that your company does not go
bankrupt. They will have to maintain a budget which is acceptable so it can be
useful in the future, furthermore it will include continual investing so that
the company can have control and maintain it. For example, having to train
staff, the cost of each audit, replacing equipment and software versions or the
staff wages connecting to the industries security system.
Explanation on how Employment Contracts Can Affect
Employment contracts and security:
It is important to check you employees background as you will
be needing to trust them in having full access in the facility. For example, if
an employee had a criminal record of theft then the industry won’t trust them anywhere
next to money as they will think that they might steal it. Furthermore, other
employees won’t feel comfortable around them and this might cause problems with
the speed of products being completed.
Separation of duties
This is when there is an employee that is absent and will
have to be filled in with another employee to control that area and maintain
the speed, so that the company does not go behind schedule. So, this is will
include a team where some employees will have one separate duty to manage and
one deputy who will have experience of the area where the absent person
Ensuring compliance including disciplinary
These procedures will have to be taken by every employee so
that it is fair and can be dealt is a legal acceptable manner. On the other
hand, in some occasions an employee who has been falsely accused in causing a
problem in the industry, therefore they can be suspended (with pay), an
independent group can investigate what has happened so that it can be fair.
Lastly, if the problem is crime related it will have be reported to the police.
The person who has done the mistake will have to take full responsibility as in
the contract it tells the employees the role in the company and they penalty if
they do anything else but that role.
Training and communicating with staff as to their
This is when it is expected that the employers will make sure
that their staff will be given training that is related to their job and that
the employer will talk with the staff so that they realise the responsibilities
when taking the job.
Explanation of the Security and Privacy of Data P6
Computer Misuse Act 1990
This is when an individual has access to another person’s
username and password to enable to have access to the computer system or any
other data. Or, by changing, removing, copying or transferring information
without the owner’s permission. Lastly, it can be having trap to a user in
order to obtain their password. Unauthorised modification of the computer such
as putting in a computer virus that can obtain the personal details e.g. bank
details. If you are caught it can lead you to imprisonment.
Copyright, Designs and Patents Act 1988
This is when you use the authors work without permission as
your own. The illegal acts (acts against the law) involve, music, video
streaming, written work (which is any text from a person’s website, also known
as plagiarism), any game software or any other kinds of software. Finally,
images that are used as your own without the permission of the owner is illegal
so you will need an all rights agreement.
Privacy and compensation requirements of Data
Protection Act 1984, 1998, 2000
These acts a controlled by 8 principles:
information is processed fairly
information is processed for important reasons
information will have to be useful to the company
information will have to be important
is not kept for long periods of time
personal information will have to be accepted by the individual
7. All the
information is protected
8. None of the
information can be transferred with it being secure.
source- This license allows users to use the source code to edit,
compile and suggest improvements. This is all done under defined terms and
conditions. This license is backed up by GNU (Operating System) which will then
secure the copyright of the original designer.
Freeware- This is a
software which doesn’t need to be paid for. However, you cannot duplicate it or
distribute it without discussing financial modifications to the author, if you
don’t have the author’s permission it will be illegal.
Shareware- This is a
type of software as well and it is similar to freeware. It is free for users
who are allowed to share duplicates of the program. But if users use it for commercial
gain they will have pay fees to the author. Shareware are commonly downloaded
from a website or a magazine freebie.
software- This is a software which is developed for commercial or sale
reasons. This can be open source software or proprietary software (where a
person gets property rights e.g. copyright of the source code)