Revision 5.2 Flashcards
(24 cards)
Security of Information
Organisations have a responsibility to secure personal
data stored about employees and users.
Having data lost in cyber attacks could lead to
Government fines
Lawsuits
Reputational loss
Loss of revenue
Disaster Planning and Recovery
:But cyber attacks and other major negative events do happen
:Disaster planning is thinking about what to do ahead of time
:Disaster recovery is thinking about how to get systems back online
Disaster planning example.
Having a backup data centre.
Organisational Policies
:Documents setting out expectations for employees
:Employees often have to sign to agree and show they’ve read it
:Then if they don’t adhere, there can be disciplinary action
Acceptable Use Policies
:Set rules for how an organisation’s computer systems should be used
:Can be used to ensure understanding of how to stay safe online
Change Management
:Formally considering business adaptations
:Senior managers will meet to discuss and may conduct market research
Drivers of change include:
:New legislation
:Improvement in technology
:New competitors
:Changing customers
attitudes
Health and Safety
:Employers are responsible for the safety of their employees
according to the Health and Safety at Work Act (1974)
:Examples include allow enough rest breaks, and ensuring screens and chairs are suitable for long, continued use
-Electrical equipment should also be
frequently tested
What are operational issues?
:Operational issues refer to potential problems that could disrupt the workflow and efficiency of an organisation.
:Operational issues relate to processes within an organisation and the way that the company operates on a daily basis.
Security of Information
:Definition: Organisations must ensure that data is stored securely to minimise the chances of data loss, corruption or manipulation.
:Having information stolen through a hacking attempt, for example, would negatively impact the company and its customers and possibly lead to consequences such as poor publicity, a loss of business and reputation, fines and bankruptcy.
Health & Safety
:Definition: Ensuring that employees, clients and visitors are physically protected on-site.
:The organisation should create a health and safety policy that staff need to read and possibly sign at the start of their work placement.
:The policy should include information about how to avoid injury when using the systems, how to safely maintain the equipment and whom to contact for help.
Disaster & Recovery Planning
:With important data often stored on a computer network, it is absolutely vital that a detailed and effective disaster recovery policy is in place in the event of data being lost due to an unexpected disaster.
:Disasters include natural disasters (e.g. fire, flood, lightning), hardware failure (e.g. power supply unit failing), software failure (e.g. virus damage) and malicious damage (e.g. hacking).
Before the disaster:
- All of the possible risks should be analysed to spot if there are any weaknesses in preparation.
- Preventative measures should be taken after the analysis, such as making rooms flood-proof or storing important data at a different location.
- Staff training should take place to inform employees what should happen in the event of a disaster.
During the disaster:
- The staff response is very important - employees should follow their training and ensure that data is protected and appropriate measures are put in place.
- Contingency plans should be
implemented while the disaster is taking place, such as uploading recent data to cloud storage or securing backups in a safe room and using alternative equipment until the disaster is over.
After the disaster:
- Recovery measures should be followed, such as using backups to repopulate computer systems.
Replacement hardware needs to be purchased for equipment that is corrupted or destroyed. - Software needs to be reinstalled on the new hardware.
- Disaster recovery policies should also be updated and improved.
Change Management
Definition: Change management is a formal approach by an organisation to lead a change in the way a business or project is run. This may include changing budgets, redefining expected deadlines, amending resource use or changes in personnel.
Advantages of change management:
- Reduces the likelihood of things going wrong during development. * Creates a clear log of changes and improvements that are to be made. * Allows changes to be approved and discussed before they happen. Formalises the process and sets out clear rules for changes.
Disadvantages of change management:
- Can make the process of change more complicated.
- Can reduce the responsiveness of developers if everything must go through a formal process.
- Can be challenging to implement successfully.
- To work effectively, it needs everyone to follow the process.
Scales of Change
There are two main reasons why major change will occur in an organisation.
Change Drivers
Definition: Companies must change to stay up to date with the times and new technology.
Change drivers are factors that force a business to change, such as:
- New legislation
- New competitors in the market
- New platforms (e.g. mobile technology and games consoles) to sell products on
- Economic changes
- Changes in business practice * Social changes
Change Needs
Definition: Companies must change if the needs and focus of the organisation are altered over time.
This reflects the changing needs of the business, often due to advancements in technology, such as:
- New equipment (e.g. replacing a slow network with a faster fibre optics network)
- Customer interaction (e.g.communicating with customers in new ways, such as social media apps) Workplace shifts (e.g. providing remote access for employees to access work and services at home)
