Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 7 – Organisational Systems Security

Published byDerick Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit 7 – Organisational Systems Security"— Presentation transcript:

1 Unit 7 – Organisational Systems Security
Organisation rules and guidelines Unit 7 – Organisational Systems Security

2 LO3: Issues affecting security
Policies and guidelines for managing organisational IT security issues. How employment contracts can affect security. Laws related to security and privacy of data. The role of ethical decision making in organisational IT security. Security policies used in an organisation.

3 Recap Lisa Moon virus Users need protecting from themselves
Training/education Policies & guidelines

4 Common rules and guidelines
Budget setting Disaster recovery Schedule for Update and review of security policies Schedule of security audits Codes of conduct

5 Assignment 3 Task 1 (P4) Explain the policies and guidelines employed by an organisation to manage IT security issues. Give examples of the policies and procedures. > one slide per topic: Disaster recovery policies Updating security procedures Codes of conduct Surveillance and monitoring policies Risk management Budget setting

6 Question What is a policy? How is it different from a procedure?

7 Policy High-level, written by management
Describes organisations position on an issue Not specific in detail Focus on result Do not describe method for achieving result

8 Points about policies Need updating less frequently than the procedures related to them Should be reviewed by organisation’s legal counsel Need plan to show how employees will be made aware Can refer to an outside authority (eg legal obligation), may refer to internal authority (CEO, department head etc)

9 Procedures Step-by-step Prescribe how employees should act
In a certain situation To achieve a certain result Policies may be general and apply across an industry Standards and procedures will mostly be organisation-specific

10 …Edexcel required policies
Disaster recovery policies Updating security procedures Codes of conduct Surveillance and monitoring policies Risk management Budget setting

11 Disaster Recovery Policy
Relate to recovery from: Natural disasters Fire Power failure Terrorist attack Organised/deliberate disruptions (incl. virus) System/equipment failure Human error Legal issues Industrial action Loss of personnel

12 Disaster Recovery Policy
Should include: Data relocation Alternative sites Hiring of personnel Hiring of equipment Must be supported by top level management and appropriate finance (incl. insurance)

13 Updating security Security needs to be reviewed against new threats and current knowledge: over 2 million new threats every month!* 75% of companies have suffered a malware attack in the last 12 months* Security and systems need updating but updates should be tested before roll-out. * Lumension Whitepaper, Best Practice Guide to addressing Web 2.0 Risks (See wiki)

14 Scheduling audits Regular audits of security – both physical and network should take place Do you notify employees when these are due? Audit logs need to be analysed White-hat attacks – hacking, DoS, physical break-ins?

15 Codes of conduct Training for users How to behave Could cover?
Internet use User storage area Password protection Will emphasise right to monitor

16 Surveillance and monitoring policies
CCTV Auditing Event logs Internet use Codes of conduct will underline right to monitor

17 Risk management Assess risk – Mitigation Possible strategies to deal
Level of possible consequences Likelihood Mitigation Possible strategies to deal Avoid risk (don’t do that, do this) Offset risk (insurance) Meet risk head-on (eg malware) Do nothing (risk is too big, or too small)

18 Budget setting Security costs money, need to budget for?
Software updates Replacement hardware Staff Auditing Anti-malware and firewall software Hot-site DRP Task: find quotes for these!

Download ppt "Unit 7 – Organisational Systems Security"

Similar presentations

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Health and Safety - an update Ian Gillett Safety Director.

Health and Safety - an update Ian Gillett Safety Director.
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Network security policy: best practices

Network security policy: best practices
Chapter 3 Ethics, Privacy & Security

Chapter 3 Ethics, Privacy & Security
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.

IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
Protecting ICT Systems

Protecting ICT Systems
Security Awareness Norfolk State University Policies.

Security Awareness Norfolk State University Policies.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.

DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

Similar presentations

Ads by Google