Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

Slides:



Advertisements
Similar presentations
GCSE ICT Networks & Security..
Advertisements

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
Information Security Policies and Standards
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Factors to be taken into account when designing ICT Security Policies
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Computer Security: Principles and Practice
New Data Regulation Law 201 CMR TJX Video.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Data Security GCSE ICT.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.
Security and backups GCSE ICT.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 14 – Human Factors.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Information Systems Security Operational Control for Information Security.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
Information Systems Security
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Module 15 Managing Windows Server® 2008 Backup and Restore.
Continuous Backup for Business CrashPlan PRO offers a paradigm of backup that includes a single solution for on-site and off-site backups that is more.
Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
Chapter 2 Securing Network Server and User Workstations.
Data Security.
Network Security & Accounting
Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
Physical security By Ola Abd el-latif Abbass Hassan.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Physical Security Concerns for LAN Management By: Derek McQuillen.
Access Control for Security Management BY: CONNOR TYGER.
Computer Security Sample security policy Dr Alexei Vernitski.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
ANS File Security Chapter # 29 ( Prepared by : Mazhar Javed ) 1 Data Security “Protection against loss, corruption of, or unauthorized access of data”
Configuring Windows Firewall with Advanced Security
Managing the IT Function
Planning and Security Policies
County HIPAA Review All Rights Reserved 2002.
Security of Data  
Module 2 OBJECTIVE 14: Compare various security mechanisms.
PLANNING A SECURE BASELINE INSTALLATION
G061 - Network Security.
Presentation transcript:

Cmpe 471: Personnel and Legal Issues

Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy –having more than one person who can accomplish a given task –it is a requirement for security

Personnel Problems with schedules –required vacation Behavioural changes Separation of duties Employment termination –resignations –firing

Personnel All security arrangements must be changed to exclude the ex-employee from access to the building and from all information systems: –striking the person’s name from all security lists of authorised access –explicitly informing guards that ex-employee is not allowed into the building –changing the combinations, reprogramming access card systems, replacing physical keys

Personnel –Removing or changing all personal access codes known to have been used by the ex- employee on all secured systems –informing all outside agencies –request co-operation from outside agencies in informing if the ex-employee conducts n unauthorised functions on behalf of the former employer

Personnel Training replacements –cross training as a regular procedure Psychological issues –farewell party –firing: embarrassment, shame, anger –remaining staff: rumors, resentment, fear

Personnel To overcome such issues: –publish termination procedures –require all employees to sign a statement confirming that they have read and agred to the termination procedures –consistent application of the termination procedures

Personnel Style –image to the outside world Legal issues –build a solid, documented case –keep a good record: get several opinions of trustworthy people and keep them on record –give employee a clear feedback before firing –offer the delinquent employee all reasonable chances to correct his/ her behaviour

Physical Security A new site –geographical site –access –neighbourhood risks An existing building –layout –walls –doors –windows –ceilings and floors

Physical Security The computer centre electrical power supply air conditioning fire –prevention –detection –suppression

Physical Security Access Control Devices –employee badges –guards –mechanical locks –electronic systems –security cards –biometric devices

Identification, Authentication, and Authorisation Passwords –borrowing –theft –guessing Password hygiene –composition and length

Identification, Authentication, and Authorisation IBM corporate password policy from IBM UK Information Network Newsletter: –a password will be disallowed if its length is not at least 6 characters –the first character must be alphabetic –the following strings cause the new password to be disallowed: the year number of this year, last year, or next year any three-character string from the old password any character repeated more than twice…. …….

Identification, Authentication, and Authorisation Source –how passwords created ownership –passwords should be uniquely assigned to an individual entry –should not appear on the screen when it is entered storage –must be stored encrypted

Software Security Features Switch-on protection –forces the software to be invoked at boot time –some prevent Ctrl-Alt-Del key combination Log-on restrictions –exclusion after repeated errors password management –configurable length, content, pattern exclusions, expiration, one-way encryption

Software Security Features Audit trail –records all log-ons and log-offs Access rights Selective access –by user, function, or file copy protection –prevent files being copied to or from disk

Software Security Features Screen locking OS access controls Number of users Dual passwords for users and system admins file encryption documentation ease of use ease of administration cost and value for money

Backups and Data Integrity Cost/ Benefit Analysis –how often do we take system backups –how much system availability do backups cost –how much do our backups currently cost –if backups are so important, why don’t we back up so often –if backups are so expensive, why don’t we do them less often –how long do we keep backups –where do we keep backups

Backups and Data Integrity Retaining backups –daily full backups are immediately sent off-site –daily backups are kept for one week –end-of-week backups are kept for 2 months –end-of-month backups are kept for one year –end-of-year backups are kept for 5 years

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.