Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.

Published byMarylou Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy."— Presentation transcript:

1 Cmpe 471: Personnel and Legal Issues

2 Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy –having more than one person who can accomplish a given task –it is a requirement for security

3 Personnel Problems with schedules –required vacation Behavioural changes Separation of duties Employment termination –resignations –firing

4 Personnel All security arrangements must be changed to exclude the ex-employee from access to the building and from all information systems: –striking the person’s name from all security lists of authorised access –explicitly informing guards that ex-employee is not allowed into the building –changing the combinations, reprogramming access card systems, replacing physical keys

5 Personnel –Removing or changing all personal access codes known to have been used by the ex- employee on all secured systems –informing all outside agencies –request co-operation from outside agencies in informing if the ex-employee conducts n unauthorised functions on behalf of the former employer

6 Personnel Training replacements –cross training as a regular procedure Psychological issues –farewell party –firing: embarrassment, shame, anger –remaining staff: rumors, resentment, fear

7 Personnel To overcome such issues: –publish termination procedures –require all employees to sign a statement confirming that they have read and agred to the termination procedures –consistent application of the termination procedures

8 Personnel Style –image to the outside world Legal issues –build a solid, documented case –keep a good record: get several opinions of trustworthy people and keep them on record –give employee a clear feedback before firing –offer the delinquent employee all reasonable chances to correct his/ her behaviour

9 Physical Security A new site –geographical site –access –neighbourhood risks An existing building –layout –walls –doors –windows –ceilings and floors

10 Physical Security The computer centre electrical power supply air conditioning fire –prevention –detection –suppression

11 Physical Security Access Control Devices –employee badges –guards –mechanical locks –electronic systems –security cards –biometric devices

12 Identification, Authentication, and Authorisation Passwords –borrowing –theft –guessing Password hygiene –composition and length

13 Identification, Authentication, and Authorisation IBM corporate password policy from IBM UK Information Network Newsletter: –a password will be disallowed if its length is not at least 6 characters –the first character must be alphabetic –the following strings cause the new password to be disallowed: the year number of this year, last year, or next year any three-character string from the old password any character repeated more than twice…. …….

14 Identification, Authentication, and Authorisation Source –how passwords created ownership –passwords should be uniquely assigned to an individual entry –should not appear on the screen when it is entered storage –must be stored encrypted

15 Software Security Features Switch-on protection –forces the software to be invoked at boot time –some prevent Ctrl-Alt-Del key combination Log-on restrictions –exclusion after repeated errors password management –configurable length, content, pattern exclusions, expiration, one-way encryption

16 Software Security Features Audit trail –records all log-ons and log-offs Access rights Selective access –by user, function, or file copy protection –prevent files being copied to or from disk

17 Software Security Features Screen locking OS access controls Number of users Dual passwords for users and system admins file encryption documentation ease of use ease of administration cost and value for money

18 Backups and Data Integrity Cost/ Benefit Analysis –how often do we take system backups –how much system availability do backups cost –how much do our backups currently cost –if backups are so important, why don’t we back up so often –if backups are so expensive, why don’t we do them less often –how long do we keep backups –where do we keep backups

19 Backups and Data Integrity Retaining backups –daily full backups are immediately sent off-site –daily backups are kept for one week –end-of-week backups are kept for 2 months –end-of-month backups are kept for one year –end-of-year backups are kept for 5 years

Download ppt "Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy."

Similar presentations

GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  17 000 on 136 000 companies  avg case 46 000 £  France.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Data Security GCSE ICT.

Data Security GCSE ICT.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Similar presentations

Ads by Google