1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1

2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menunjukkan Organisational back up

3 Outline Materi Employee Confidentiality and A Culture of Security –Security Awareness and Employees –Recruitment, Contracts and Policies –Employment Contracts –Conclusion

4 Employee Confidentiality and A Culture of Security Along with the commercial advantages that the increased use of e-commerce has had, there is an ever-increasing number of security issues that arise. Global interaction and interconnectivity mean that customers are more accessible to providers, but it also means that the business is more vulnerable to everyone. Failure to properly deal with information security issues involves both regulatory risk (such as data protection) and more general business risk.

5 Although there are hundreds of security products now available on the market, there is one defence that outstrips the rest in terms of both value for money and effectiveness; namely, awareness. Linked to this is the creation of a culture of security and the need to bind staff to contracts that protect the business’s trade secrets and confidential information.

6 Security Awareness and Employees Managers and directors of businesses need to be aware of the threats facing their organisations and of the potentially devastating effect that a security breach could have on them. One of the biggest threats to information security that a company is faced with comes from its own employees. In order to minimise this risk, a culture of security should be promoted within companies; this begins as early as the recruitment process.

7 Recruitment, Contracts and Policies Even if the recruitment functions outsourced, it is still the end-user’s business that is at risk, so it is the end-user who must ensure that both the method of recruitment and the contract governing the outsourcing cover the issue of security: –Background checks should be carried out on all staff and potential staff –The employee should be made aware of his/her obligations, both under the contract of employment, and through office-wide policies

8 –A strong password must be used and changed on a regular basis to keep the network more secure –If employees work from home, or remotely via laptops, dual identification procedures should be used

9 If any of the company’s business is conducted online, especially where money transactions take place on the Internet,information coming in from external sources should be checked twice: once as information is fed between the external source and the website; and once as it moves between the website and the company network.

10 As well as awareness of the threats facing the company, management should ensure that there are procedures, and accountable people throughout the management structure, in place to deal with a security breach should it happen. Early detection can save thousands of pounds worth of damage to the network. As new viruses are introduces every week, the virus software that covers a company’s network should be updated regularly.

11 Having a back-up server can cut down the downtime for web-based products, thus minimising the loss of business and customer confidence. Another way to safeguard customer confidence is to ensure that publicity is handled carefully.

12 Employment Contracts A carefully drafted employment contract can help secure the following: –The employee’s compliance with the relevant security procedures and policies –Compliance with the employer’s and Internet policies –Protection of the business’s intangible assets: copyright, databases,inventions, trade secrets and confidential information (including customer lists and technical information such as computer source code)

13 Conclusion IT spending has increased as the advantages of e-commerce have been recognised by UK businesses; but the spending on IT security is still worryingly low.

14 The End