Understand mechanisms to control organisational IT security Unit 48 I.T. Security Management HND in Computing and Systems Development Understand mechanisms to control organisational IT security
Understand mechanisms to control organisational IT security Risk assessment √ Data protection Physical security
Computer Misuse Act 1990 Unauthorised access (section 1) intent to commit or facilitate commission of further offences (section 2) Unauthorised access with intent (section 2) intent to impair computer operation (section 3) Unauthorised modification (section 3) Making, supplying or obtaining articles for use in offence under section 1 or 3 Task: Look at the examples given: Real examples: Http://www.computerevidence.co.uk/Cases/CMA.htm Discuss: Why is this act significant to organisations?
site or system access criteria for personnel What principles would you apply? Draft a policy statement for MWS What systems will they have? Who will have access to the different systems? When will they have access to them? How will access rights be managed during day-to-day operations? e.g. when someone joins the company what access rights will they be granted? How will access rights be changed (granted or revoked)? You may reference good practice from other users but must quote them! OECD(Organization for Economic Co-operation and Development): Guidelines for the Security of Information Systems
anti-virus software What recommendations would you make in terms of anti- virus software for MWS? How would you manage it? What are the shortcomings of your recommendations? What are the advantages?
firewalls What recommendations would you make for managing the firewall? How should it be configured?
basic encryption techniques What does encryption mean? Prepare a presentation to explain a basic encryption technique? ((not Caesar Cipher) Explain: how to encrypt, how to decrypt and comment on the strength of the encryption.