Presentation is loading. Please wait.

Presentation is loading. Please wait.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

Similar presentations

Presentation on theme: "13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within."— Presentation transcript:

1 13.6 Legal Aspects Corporate IT Security Policy

2 Objectives Understand the need for a corporate information technology security policy and its role within an organisation.  Factors could include prevention of misuse, detection, investigation, procedures, staff responsibilities, disciplinary procedures. Describe the content of a corporate information technology security policy. Describe methods of improving awareness of a security policy within an organisations, cross-referencing to training and standards

3 What do I need to know? There are many legal considerations which regulate the use, by companies, of IT equipment, programs and data. In this section we will look at the way legislation influences the way that organisations operate. We will also look at security problems raised by these legal problems along with what companies can do to make staff aware of the need for security and what action organisations can take to minimise loss.

4 Legislation Some laws are specifically aimed at the use of IT. Name the laws an IT professional should know about:

5 IT systems are vulnerable to two threats: Accidental Deliberate

6 Can you define… Malpractice  Bad practice  Against the organisations code of practice  Usually by an employee within the organisation Crime  Crime is concerned with illegal activities  Usually occurs from outside of the organisation  Actions that are unauthorised

7 Corporate Information Technology Security Policy A document covering all aspects of security within an organisation. It also contains conditions and rules that need to be obeyed by all staff. It should be produced by and have backing of senior management and directors

8 IT Policy Statement Covers all aspects of computer operations All users are expected to read and sign Some companies also include training:  DPA  Computer Misuse Act  Raise awareness of threats

9 Corporate IT Security Policy Should address:  Prevention of misuse  Detection (through regular checking)  Investigation (through monitoring and audit)  Procedures used to prevent security problems (unauthorised access)  Staff responsibilities (to prevent misuse)  Disciplinary procedures. (for breaches of security)

10 Methods of Improving Awareness of ICT Security Policy Induction Training Staff Access to Guidance  Full staff meeting  Training  A leaflet distributed to all staff  Policy posted on Intranet or bulletin board  Posters displayed throughout the building  Emails sent to all staff

Download ppt "13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within."

Similar presentations

Ads by Google