Topic 5 Security policies Flashcards Preview

ICT Year 2 > Topic 5 Security policies > Flashcards

Flashcards in Topic 5 Security policies Deck (10):
1

Factors to take into account when designing security policies

Physical security e.g. locks
Logical security e.g. encryption
Disciplinary procedures
Personnel administration e.g. right employee for the right task
Operational procedures e.g disaster recovery planning
Auditing - WHO/WHAT/WHEN

2

Operational factors to prevent misuse

Screening potential employees e.g. DBS check
Define procedures for downloading from the internet e.g. Code of conduct
Establish a disaster recovery plan e.g. Backup plans
Set up auditing procedures (audit trials) to detect misuse e.g. WHO/WHAT/WHERE
Staff training

3

User accounts and logs

Auditing - keeps a record of who had done what on the network

Auditing keeps records of:
WHO (usernames) logged on
WHAT - Details of files accessed/ details of changes made/ details of from which machine/ details of programs they used
WHEN - At what time did they logged on and off

4

Methods of preventing deliberate misuse

Controlling access to computer rooms
Proxy servers- gateway server
Password hierarchy to limit access

5

Factors that should be included in a disaster recovery plan

Cost
Risk analysis
Short and long term consequences
Backup strategy

6

Methods of preventing accidental misuse

Backup and recovery procedures
Grandfather, Father, Son systems
Keeping backup copies off-site

7

Why should a business have security policies?

A legal requirement of the Data Protection Act becuase of its potential for misuse

8

Factors that decide how much to spend on protecting data (Risk analysis)

Identify potential risks
Likelihood of risk occurring
Short and long term concequnces of treat
How well equipped is the company to deal with the threat
(The diaster recovery plan)

9

Treats to data

Theft by employees
Natural disaster e.g. flood
Fire e.g. in the building
Power loss

10

Consequnes of losing data

Loss of business and income
Loss of reputation
Legal action
(cost of recovering data)