Factors to be taken into account when designing ICT Security Policies

Slides:



Advertisements
Similar presentations
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Auditing Computer-Based Information Systems
Mr C Johnston ICT Teacher
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
Keeping Data Safe Revision Summer How many ways can data be lost? Start a list… Physical Loss or Corruption of data Accidental or Deliberate Unauthorised.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Administrative Practices Outcome 1
Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Data Security GCSE ICT.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Protecting ICT Systems
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Data and Database Administration
DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.
What does “secure” mean? Protecting Valuables
Security and Privacy Strategic Global Partners, LLC.
ITSC Writing an Operational Security Plan E. Jane Powanda FISSEA 2005 Conference March 22,
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 6 of the Executive Guide manual Technology.
Today’s Lecture Covers < Chapter 6 - IS Security
3.3 Digital Communication Security. Overview Demonstrate knowledge and understanding of basic network security measures, e.g. passwords, access levels,
Information Systems Security Operational Control for Information Security.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
Chapter 2 Securing Network Server and User Workstations.
Data Security.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
MBA 664 Database Management Dave Salisbury ( )
ICT Security Policies Security Policies What is Security?What is a policy? The aims or plan of action of a person or group. School OED Precaution against.
Topic 8 – Security Methods 1)TechMed scenario covers Security methods and devices, including biometrics In the scenario: Implied.
Welcome to the ICT Department Unit 3_4 Code of Conduct.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Policies and Security for Internet Access
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
BASIC SECURITY THREATS TO INFORMATION SYSTEMS. All information systems linked up in networks are prone to security violations. All information systems.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Welcome to the ICT Department Unit 3_5 Security Policies.
Information Security and Privacy in HRIS
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Review of IT General Controls
Explaining strategies to ensure compliance with workplace legislation
Working at a Small-to-Medium Business or ISP – Chapter 8
Administrative Practices Outcome 1
Lecture 14: Business Information Systems - ICT Security
Business Risks of Insecure Networks
Unit 7 – Organisational Systems Security
LM 8 Data Administration & Database Administration
Security Measures Module 7 Section 1.
Planning and Security Policies
Operational procedures for preventing misuse
How it affects policies and procedures
G061 - Network Security.
Presentation transcript:

Factors to be taken into account when designing ICT Security Policies

Lesson Objectives To understand the factors to take into account when designing security policies

You are setting up a new business. Make a list of 5 things you think you will need to think about regarding your Security policy.

The factors to take into account when designing security policies

Physical security This involves protecting hardware and software using physical rather than software methods either to restrict access to the computer equipment or the storage medium, using physical methods (Locks, guards biometric methods)

Logical (software) methods User ids, passwords, levels of access ( e.g. who can update web pages) firewalls, encryption.

Auditing for detection Query any transactions that are out of the ordinary for customers, access logs

System Access Establishing procedures for accessing data such as log on procedures, firewalls.

Personnel administration Training (including prevention of accidental misuse) , fitting the employee to the task, ensuring that staff are controlled, staff screening.

A code of conduct A list of roles and responsibilities that an employee should follow when using ICT equipment

Operational procedures Including disaster recovery planning and dealing with threats from viruses, backup, updating antivirus.

Disciplinary procedures Warnings / dismissal / prosecutions etc.

Exam Question A national bank wants to ensure that its financial systems are secure against attack. Other than code of conduct, describe four factors that should be included in the bank’s security policy. [8]

Just a Minute On a scrap piece of paper write down as many things covered today in a minute.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.