Topic 5 Security policies Flashcards Preview

ICT Year 2 > Topic 5 Security policies > Flashcards

Flashcards in Topic 5 Security policies Deck (10):

Factors to take into account when designing security policies

Physical security e.g. locks
Logical security e.g. encryption
Disciplinary procedures
Personnel administration e.g. right employee for the right task
Operational procedures e.g disaster recovery planning
Auditing - WHO/WHAT/WHEN


Operational factors to prevent misuse

Screening potential employees e.g. DBS check
Define procedures for downloading from the internet e.g. Code of conduct
Establish a disaster recovery plan e.g. Backup plans
Set up auditing procedures (audit trials) to detect misuse e.g. WHO/WHAT/WHERE
Staff training


User accounts and logs

Auditing - keeps a record of who had done what on the network

Auditing keeps records of:
WHO (usernames) logged on
WHAT - Details of files accessed/ details of changes made/ details of from which machine/ details of programs they used
WHEN - At what time did they logged on and off


Methods of preventing deliberate misuse

Controlling access to computer rooms
Proxy servers- gateway server
Password hierarchy to limit access


Factors that should be included in a disaster recovery plan

Risk analysis
Short and long term consequences
Backup strategy


Methods of preventing accidental misuse

Backup and recovery procedures
Grandfather, Father, Son systems
Keeping backup copies off-site


Why should a business have security policies?

A legal requirement of the Data Protection Act becuase of its potential for misuse


Factors that decide how much to spend on protecting data (Risk analysis)

Identify potential risks
Likelihood of risk occurring
Short and long term concequnces of treat
How well equipped is the company to deal with the threat
(The diaster recovery plan)


Treats to data

Theft by employees
Natural disaster e.g. flood
Fire e.g. in the building
Power loss


Consequnes of losing data

Loss of business and income
Loss of reputation
Legal action
(cost of recovering data)