Unit 7 – Organisational Systems Security

Slides:

Advertisements

Similar presentations

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

Advertisements

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Ethics, Privacy and Information Security

Health and Safety - an update Ian Gillett Safety Director.

Security Controls – What Works

Security+ Guide to Network Security Fundamentals

Factors to be taken into account when designing ICT Security Policies

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Network security policy: best practices

Chapter 3 Ethics, Privacy & Security

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

Protecting ICT Systems

Security Awareness Norfolk State University Policies.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

SEC835 Database and Web application security Information Security Architecture.

DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

? Moral principles of right and wrong Used by individuals/organisations To guide behaviour.

Organisational Systems Security Assignment 2 tips (available on Wiki also)

Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.

Welcome to the ICT Department Unit 3_5 Security Policies.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

Ethical dilemmas arising from information management strategies used by organisations Ethics & Information Systems.

Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Level 2 Diploma in Customer Service

Information Systems Security

Law Firm Data Security: What In-house Counsel Need to Know

Performing Risk Analysis and Testing: Outsource or In-house

Information Security Policy

Explaining strategies to ensure compliance with workplace legislation

Information Technology (IT) Audits

Disaster and Emergency Planning

MGMT 452 Corporate Social Responsibility

Design for Security Pepper.

Security Standard: “reasonable security”

Procedures and documentation that protect relationships with employees

Disaster Recovery Policy & Procedures

General Data Protection Regulations: what you really need to know

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

IS4680 Security Auditing for Compliance

CYB 110 Competitive Success/snaptutorial.com

SEC 310 Competitive Success/snaptutorial.com

SEC 310 Education for Service/snaptutorial.com

I have many checklists: how do I get started with cyber security?

Move this to online module slides 11-56

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

County HIPAA Review All Rights Reserved 2002.

Internet law Business law.

Security of Data

Cybercrime and Canadian Businesses

Operational procedures for preventing misuse

Drew Hunt Network Security Analyst Valley Medical Center

Understanding the issues related to the use of information

Chapter # 3 COMPUTER AND INTERNET CRIME

IT OPERATIONS Session 7.

Basic Systems Management Employing Security Policies

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

Unit 7 – Organisational Systems Security Organisation rules and guidelines Unit 7 – Organisational Systems Security

LO3: Issues affecting security Policies and guidelines for managing organisational IT security issues. How employment contracts can affect security. Laws related to security and privacy of data. The role of ethical decision making in organisational IT security. Security policies used in an organisation.

Recap Lisa Moon virus Users need protecting from themselves Training/education Policies & guidelines

Common rules and guidelines Budget setting Disaster recovery Schedule for Update and review of security policies Schedule of security audits Codes of conduct

Assignment 3 Task 1 (P4) Explain the policies and guidelines employed by an organisation to manage IT security issues. Give examples of the policies and procedures. > one slide per topic: Disaster recovery policies Updating security procedures Codes of conduct Surveillance and monitoring policies Risk management Budget setting

Question What is a policy? How is it different from a procedure?

Policy High-level, written by management Describes organisations position on an issue Not specific in detail Focus on result Do not describe method for achieving result

Points about policies Need updating less frequently than the procedures related to them Should be reviewed by organisation’s legal counsel Need plan to show how employees will be made aware Can refer to an outside authority (eg legal obligation), may refer to internal authority (CEO, department head etc)

Procedures Step-by-step Prescribe how employees should act In a certain situation To achieve a certain result Policies may be general and apply across an industry Standards and procedures will mostly be organisation-specific

…Edexcel required policies Disaster recovery policies Updating security procedures Codes of conduct Surveillance and monitoring policies Risk management Budget setting

Disaster Recovery Policy Relate to recovery from: Natural disasters Fire Power failure Terrorist attack Organised/deliberate disruptions (incl. virus) System/equipment failure Human error Legal issues Industrial action Loss of personnel

Disaster Recovery Policy Should include: Data relocation Alternative sites Hiring of personnel Hiring of equipment Must be supported by top level management and appropriate finance (incl. insurance)

Updating security Security needs to be reviewed against new threats and current knowledge: over 2 million new threats every month!* 75% of companies have suffered a malware attack in the last 12 months* Security and systems need updating but updates should be tested before roll-out. * Lumension Whitepaper, Best Practice Guide to addressing Web 2.0 Risks (See wiki)

Scheduling audits Regular audits of security – both physical and network should take place Do you notify employees when these are due? Audit logs need to be analysed White-hat attacks – hacking, DoS, physical break-ins?

Codes of conduct Training for users How to behave Could cover? E-mail Internet use User storage area Password protection Will emphasise right to monitor

Surveillance and monitoring policies CCTV Auditing Event logs Email Internet use Codes of conduct will underline right to monitor

Risk management Assess risk – Mitigation Possible strategies to deal Level of possible consequences Likelihood Mitigation Possible strategies to deal Avoid risk (don’t do that, do this) Offset risk (insurance) Meet risk head-on (eg malware) Do nothing (risk is too big, or too small)

Budget setting Security costs money, need to budget for? Software updates Replacement hardware Staff Auditing Anti-malware and firewall software Hot-site DRP Task: find quotes for these!