Understand Risks to IT Security

Slides:



Advertisements
Similar presentations
Jisc Legal. John X Kelly - Mobile Devices - BYOD.
Advertisements

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Computer Security Fundamentals
Unit 2 – Principles of Health and Social Care
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Health & Social Care Apprenticeships & Diploma
David N. Wozei Systems Administrator, IT Auditor.
The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Checking and Corrective Action EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
1 Corruption Prevention Strategies. 2 Specific Objectives: 1. Corruption Loopholes 2. Corruption Prevention Strategies 3. Conclusions.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Ethical dilemmas arising from information management strategies used by organisations Ethics & Information Systems.
The Data Protection Act 1998
The Data Protection Act 1998
Making the Connection ISO Master Class An Overview.
4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Legal and Ethical Responsibilities
Data protection headaches: GDPR, brexit AND perimeter risk
Computer Security Fundamentals
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Understand mechanisms to control organisational IT security
Learning Aim B: Examine the ethical issues when Providing care and support to meet the individual needs. B1 & B2.
CIS 349 Competitive Success/snaptutorial.com
CIS 349 Education for Service/snaptutorial.com
SEC 310 Education for Service/snaptutorial.com
CIS 349 Teaching Effectively-- snaptutorial.com
GENERAL DATA PROTECTION REGULATION (GDPR)
Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY
Security measures Introducing Risk Assessment in GDPR
G.D.P.R General Data Protection Regulations
Unit 2: Global Information
Intrusion detection Lewis Knight.
General Data Protection Regulation
Data Protection principles
Understand mechanisms to control organisational IT security
Detecting, reporting & investigating data breaches under GDPR
Understand mechanisms to control organisational IT security
Unit 5 Assignment 1 Help.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Managing data breaches
GDPR Session
LO1 - Know about aspects of cyber security
Presentation transcript:

Understand Risks to IT Security Unit 48 I.T. Security Management HND in Computing and Systems Development

Last week Organisational security procedures An operational model: Prevention Detection Response Definitions: Policies, Procedures, Standards, Guidelines Policy life-cycle: Aspects to consider Questions to ask Plan (adjust) for security Evaluate the effectiveness Implement the plans Monitor the implementation

Organisational Security Procedures Need to consider: data, network, systems, operational impact of security breaches, web systems, wireless systems

Data What is the data? Where is it stored? What format is it stored in? Some data may still be stored in paper-form. Who has access to the data? Where can they access the data? What systems can access the data? Who owns the data? Who can change the data? Where is the data backed-up?

Procedures So you know about the data… What procedures will you implement to protect it? Influenced by: Computer Misuse Act 1990 Data Protection Act 1998 (principle 7) “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Guidance from the ICO What needs to be protected? What level of security? What measures? https://ico.org.uk/for-organisations/guide-to-data- protection/principle-7-security/

First line of Defence? Not overly burdensome prevent breaches from occurring lay out the proper procedures should a breach occur. 

Money Security as a cost Creating value from security

Task Draw up a list of procedures that you will implement to protect the systems at MWS. Explain the rationale behind the choice of the various procedures with reference to: The data The company objectives The appropriate legislation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.