Updating of security procedures:
It is important to update security procedures because new threats are being
created every day, such as viruses,
hacking, fraud, theft and more. These sorts of threats will have an impact on
the company, because on the off chance that one of the threats successfully
infiltrated the company, all their personal information (Address, contacts,
salary) will be stolen. Therefore, having a regular update can avoid threats, and it can maintain IT security management inside a company.
Scheduling of security audits:
A security audit is the like a test,
which tests the company’s computers and
other components to see on the off chance that they are up to standard, if not
then a replacement will be headed. This is also critical, as it can keep up
your company’s working environment, because without security audits running
much of the time, there may be a concealed issue inside the PC and it hasn’t
been discovered yet, and if nobody attempted to solve it, at that point that
issue may escalate, which will influence the company, especially IT
Codes of conduct:
Code of conduct is set of rules and
regulations that have been put inside an association. They are set up for
disciplinary, fairness, assorted variety, enactment, to prevent damage to
gear/software or to avoid representatives getting hurt in the association. Code
of conduct is ordinarily put in association/work environment, in training,
military and so forth anyplace you are giving administration to others. They
are there to securely direct the workers inside the association for everyday
basic leadership. For instance, in schools,
there will be code of conducts which the teachers
will take after to keep the student safe and themselves. Code and conduct can
likewise be utilized on software which the representatives utilize; they will
be set up to keep any dangers to the association’s
computer systems. Before you join an organisation
you will be given a code of conduct sheet that you will have to sign, after
signing the sheet you agree to the rules stated in the code of conduct sheet.
email usage policy:
Email usage is when the organisation
limits the uses of the client’s email for
security reasons and additionally to keep any threats to the network and the
system. The clients will be not able to utilize
their email for individual use as there
will be separate systems for them to use for individual utilize. This is
because if the client opens an email which stores virus, the virus could spread
all through the system and the network will affect them and the association. Organisations
will likewise constrain the span of connections to keep the system from getting
moderate amid the exchange of the email.
internet usage policy:
Internet usage is when the
Organisation limits the Internet use for the users i.e. for personal use.
Organisations will have this approach set up to prevent any threats entering
their system or frameworks and furthermore for security reasons. The users will
be notable visit other sites that are not related with their everyday job,
this is so the users aren’t occupied from their work and furthermore prevents
them going by locales that may store threats. There will be a different computer
system which the worker could use for personal purposes at their own time, for example, coffee breaks and so on. The
results for not having Internet usage approach set up are that viruses could
enter the framework and harm the product and equipment, which the association
may need to purchase substitutions. This can lead them to downtime which will prevent the users utilizing the PC to do
their everyday activity. The association will lose benefit as the
representatives can’t work.
acquisition policy is when the user is not permitted to download any software
or projects without the verification and authorisation of the head of department. The motivation behind why it may be
the software that the worker is attempting to download may contains viruses so
by setting off to the head of department and then giving them a chance to
settle on an approaching decision in the wake of doing trials on the software
or program to check whether it is protected on the off chance that it is
affirmed that this software or program won’t influence the organization then it
will be permitted if not then it will be forbidden to enter the controls of the
organization or establishment.
This policy and guideline ought to be
followed by each employee in the organization. This system is the very pinnacle
of important or significant rule or policy. This is because of this guideline
specifying the installation of software on to the work areas and PCs in the
organization or business. The principal policy or rule is that all employees
must not utilize any unlicensed software or program if they do then they will
be considered responsible and accordingly will have their agreement terminated
because of installing a foreign software that will bring about a devastating
path as it has not been confirmed and in this manner, will bring infections and
Trojans which will influence the organization or foundation. So, therefore, the main thing to do is utilize an
authorized software which has been rigorously tried and there are no bugs and
has been given the endorsement of using it in businesses or foundations or
Surveillance policy is set up to monitor certain areas within the
organization. Surveillance won’t be included in the staff rooms or break out
areas or any personal places within the organization. Surveillance can monitor
areas of the organization utilizing a CCTV, GPS tracking of certain equipment,
key logging software monitors the keys you push on the computer system or
surveillance on computer systems which tracks the information going through the
All the employees within the
organization should know about the surveillance policy and furthermore be
advised to sign to the surveillance policy arrangement which states you know
about the surveillance policy, the administration and furthermore the union
will be informed of the surveillance policy. For instance, at a school, every one of the Teachers and students
will be informed that there is a surveillance policy set up which monitors
certain areas of the school grounds.
It is an elimination of unsuitable
risks inside an association. Reducing the risk is very important, on the
grounds that it will benefit the company itself. In a company, security will
create the most astounding risks, for example, introducing another working
framework, and they should prepare their representatives once more, with the
goal that they can see how to utilize it and what’s in store, which is tedious.
Then again, the advanced innovations are moving very quick, therefore it is
better for a company to make up for lost time and to keep up with the
cutting-edge innovation, particularly in IT security, more infections are being
created every day, and having the most refreshed hostile to infection will help
the company to battle against malevolent records. Therefore, dealing with the
risks will benefit the company, however now and then, that risks may be
justified regardless of an attempt.
Budget setting is like a manager for the budget within an association.
This is vital because it goes under
security upkeep, pay rates for workers, substitutions, programming permitting,
outer help, and the cost per audit. On the off chance that the association overspend their budget, they will wind up
noticeably bankrupt. Accordingly, associations should spend it deliberately,
particularly in IT security, since security needs a continuum support, and each
will cost a considerable measure, in addition to audit tests, which tries out
the organization’s PCs to check whether they are working or not.
Employment contracts and security:
employing or interviewing an employee the employer must make sure that the
employee is not in conflict with the national employment law. To do this the
employer may have to look at the employee’s background so that the organisation
is up to date with the employee’s records, this includes previous employment records and their criminal record. Many organisations have
a probation period, in this period new recruits and the employees getting
promoted are looked at carefully so that the company can begin to trust them
more. So that the company can give the new user access to the system straight
away as they know that this employee is trustworthy.
Separation of duties:
This is another factor that would
affect the security of an organisation system via an employee’s contracts. This
policy or procedure mainly hovers around a variety of employees.
And their tasks or work that they
have been set. In summary, the separation of duties will affect an organisation
as the head of the organisation or the CEO of the organisation must employ an
experienced deputy or an experienced captain to lead the team with their work
and must overlook throughout the whole operation. The deputy or captain will be
a key cog in the operation as they will be able to cover the employees who are
absent from work and thus will be able to use their key experience and do their
work or tasks that was set for them and
finish it within the timeline or the deadline
Ensuring compliance including
is another policy that will also affect any organisation or establishment’s
security if certain employees break the contractual agreements in their
contracts then they would have to pay the consequences of breaking it. As they
are trying to leak the organisation’s
information that is important to the organisation. However, there are some
cases in which an accused employee is not the main culprit as they have been
framed by the main culprit and this can lead to a long never-ending lawsuit
against the organisation in court or in a tribunal. Nevertheless, if an employee
does commit an offence that is directly aimed at them then the only
consequences that the organisation needs to take is a punishable action.
Actions such as suspending the employee without pay.
Training and communicating with staff
as to their responsibilities:
is the last and final policy in which the organisation should take into
consideration. As this involves the employees and the employers. This policy
involves both the employees and employers talking in a nice and calm manner on
a regular basis. The reason why both units
need to talk to each other on a regular basis it is because communication is
very important as the employer will be able to help the employee if they are
new on the job and they need help on a certain thing such as using the software
that the organisation currently operates on.
Laws Relating to Security and Privacy of Data
There are a
variety of laws and legislation that will
safeguard or protect an organisations or establishment’s data and information
from different threats. The legislation
or laws or regulations are computer misuse act (1990), Copyright, Designs and
Patents Act (1988), Data Protection Acts of 1984, 1998, (2000) and finally the
Freedom of Information Act (2000).
of computer misuse act of 1990 is that this is a criminal offence where the
perpetrator will use brute force to access another user or person’s computer
which they are not authorised to do so.
There are three
main factors involving the computer misuse act such as illicit access to
another user’s computer, unlawful access to another user’s computer system,
alteration of another user’s computer system a file.
The first factor
was an illegal entry to another person’s,
computer and their files and data and information.
The user will
obtain another users information such as their username and their password once
they have obtained that critical information they then will be able to do
whatever they like for instance go on the web browser and go to illicit
websites i.e. gambling websites. Other things the user might do is use the
software and obtain the main critical information and then disperse it on the
web or infiltrate the mainframe of the organisation’s
system and delete everything or erase everything.
factor is similar to the first factor but it involves using Trojans so they
will have access to the system they then will be able to access it from
anywhere thus will be able to infiltrate or penetrate into other users account
by using a much higher account such as an administrator and taking valuable information
out of theirs or erasing them permanently.
The third factor
also involves the culprit to access sensitive data or information such as bank
details and other information and disperse it or use it to their advantage by
spending it or spread it for their own personal reasons.
Designs and Patents Act (1988):
was designed to protect the inventors or creators of their work so that their
work was safeguarded so other external people would not be able to steal or
obtain it in an unauthorised way or claim it as their own and pass it on.
There are many examples
such as music, art, scriptures or any written work by a writer or a software or
Acts (1984, 1998, 2000):
Protection Acts are acts which cover how personal information can be accessed
and used. It doesn’t cover data from computers; it also covers paper based
information. There are 8 basic principles to the act
must be collected and used fairly and inside the law.
must only be held and used for the reasons given to the Information
can only be used for those registered purposes and only be disclosed to those
people mentioned in the register entry. You cannot give it away or sell it
unless you said you would to begin with.
information held must be relevant and not excessive when compared with the
purpose stated in the register. So you must have enough detail but not too much
for the job that you are doing with the data.
must be accurate and be kept up to date. There is a duty to keep it up to date,
for example to change an address when people move.
must not be kept longer than is necessary for the registered purpose. It is
alright to keep information for certain lengths of time but not indefinitely.
This rule means that it would be wrong to keep information about past customers
longer than a few years at most.
information must be kept safe and secure. This includes keeping the information
backed up and away from any unauthorised access. It would be wrong to leave
personal data open to be viewed by just anyone.
files may not be transferred outside of the European Economic Area (that’s the
EU plus some small European countries) unless the country that the data is
being sent to has a suitable data protection law. This part of the DPA has led
to some countries passing similar laws to allow computer data centres to be
located in their area.
Information ACT (2000):
The freedom of information
act (2000) is a legislation or law which dictates that anybody will be able to
access various types of information or data from various types of organisations
whether that maybe businesses, schools, colleges, universities, hospitals, law
firms and banks and other established organisations.
Open source is software that is
available for free also this can be edited and modified by the users of the software. The
software and the data is free and it can be shared without payment.
is data that is copyrighted but given away for free of charge. Even though the
the author or the creator has copyrighted to the software.
Shareware is software or data that is
free of charge but the creator may ask the user to pay a small fee as they are
frequently using the software, also if the user pays the fee they will receive
assistance with the software and they will receive new updates for that
is a computer software that is made for business purposes and for