13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

Slides:



Advertisements
Similar presentations
1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Advertisements

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
INTRODUCTION TO ISO Joan Kithika. OUTLINE DEFINITIONS WHY ENVIRONMENTAL MANAGEMENT? LEGAL OVERVIEW HOW TO MANAGE THE ENVIRONMENT-AN ENVIRONMENTAL.
How JCPenney is Managing Corporate Risk
Higher Administration and IT Administrative Practices.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
IT Security Requirements
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 8: Developing an Effective Ethics Program.
Factors to be taken into account when designing ICT Security Policies
Health and Safety Legislation
Supplier Ethics: Program Checklist
Session 3 – Information Security Policies
2. 11 Rights of employers and employees Rights of employer and employees Rights and responsibilities  Both employees and employers have legal rights.
Training on Data Protection Roles of the Data Protection Office.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The laws Organizations are covered by lots of different laws
Protecting ICT Systems
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.
Evolving IT Framework Standards (Compliance and IT)
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
G041: Lecture 16 Section B Revision Questions
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Topic 4 How organisations promote quality care Codes of Practice
Maintain Ethical Conduct
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Computer Legislation The need for computer laws Go to Contents.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Health and Safety Policy
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
TAMUCC EPA SECURITY Security Training for Users of Canopy for Creation and Approval of Payroll Documents.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
DIRECT WORKS FORUM 10 June 2008 Andy Ballard. COMMON LAW MANSLAUGHTER Effectively – Death by gross negligence Test – (a) was a (common law) duty of care.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.
Welcome to the ICT Department Unit 3_4 Code of Conduct.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
COMPLIANCE MANAGEMENT – VARIOUS PROVISIONS OF LABOUR LAW and STATUTORY REGULATIONS BY OPTIMUM COMPLIANCE CONSULTANTS PVT LTD.
Implementation of legislation (Chapter 47) By Haley Court.
The Unit Safety Statement November 2014 Dr Emer Bell Integrated Risk Solutions.
Safety Management Standards. Introduction Health and Safety Procedures (which identify the risks, hazards and ways of mitigating these) are weak in that.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.
Information Security in Laurier Grant Li Wilfrid Laurier University.
Seminar for Certified Secretaries Working in State Corporations and County Governments Imperial Hotel Kisumu 13 – 15 April 2016 Session Facilitator: CS.
Welcome to the ICT Department Unit 3_5 Security Policies.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
ValleyView Publishing.  To achieve a suitable location for the new office will be determined  To establish administrative systems  To establish an.
Integrated permitting and inspections
Explaining strategies to ensure compliance with workplace legislation
WORKPLACE LEGISLATION
Cybersecurity - What’s Next? June 2017
Lesson 3 Protecting ICT systems Data Protection Act 1998.
Communicate and Work Effectively in Health
Data protection headaches: GDPR, brexit AND perimeter risk
Data Protection Act and Other Laws
Introduction to SQA malpractice procedures
Unit 7 – Organisational Systems Security
People Responsible For Health and Safety
Employment Rights and Responsibilities
Unit 7 – Organisational Systems Security
Understand Risks to IT Security
Health and Safety! By jack Hughes.
Understanding the issues related to the use of information
How it affects policies and procedures
Presentation transcript:

13.6 Legal Aspects Corporate IT Security Policy

Objectives Understand the need for a corporate information technology security policy and its role within an organisation.  Factors could include prevention of misuse, detection, investigation, procedures, staff responsibilities, disciplinary procedures. Describe the content of a corporate information technology security policy. Describe methods of improving awareness of a security policy within an organisations, cross-referencing to training and standards

What do I need to know? There are many legal considerations which regulate the use, by companies, of IT equipment, programs and data. In this section we will look at the way legislation influences the way that organisations operate. We will also look at security problems raised by these legal problems along with what companies can do to make staff aware of the need for security and what action organisations can take to minimise loss.

Legislation Some laws are specifically aimed at the use of IT. Name the laws an IT professional should know about:

IT systems are vulnerable to two threats: Accidental Deliberate

Can you define… Malpractice  Bad practice  Against the organisations code of practice  Usually by an employee within the organisation Crime  Crime is concerned with illegal activities  Usually occurs from outside of the organisation  Actions that are unauthorised

Corporate Information Technology Security Policy A document covering all aspects of security within an organisation. It also contains conditions and rules that need to be obeyed by all staff. It should be produced by and have backing of senior management and directors

IT Policy Statement Covers all aspects of computer operations All users are expected to read and sign Some companies also include training:  DPA  Computer Misuse Act  Raise awareness of threats

Corporate IT Security Policy Should address:  Prevention of misuse  Detection (through regular checking)  Investigation (through monitoring and audit)  Procedures used to prevent security problems (unauthorised access)  Staff responsibilities (to prevent misuse)  Disciplinary procedures. (for breaches of security)

Methods of Improving Awareness of ICT Security Policy Induction Training Staff Access to Guidance  Full staff meeting  Training  A leaflet distributed to all staff  Policy posted on Intranet or bulletin board  Posters displayed throughout the building  s sent to all staff

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.