Aveneu Park, Starling, Australia

contents ensuring compliance including disciplinary procedures. 1

contents
security policies
and guidelines
disaster
recovery policies. 1
updating of
security procedures. 1
scheduling of
security audits. 1
Codes of conduct and guidelines
 software
acquisition  
Installation policy. 1
surveillance
policies. 1
risk management 1
budget setting. 1
employment contracts
and security
hiring policies. 1
separation of
duties. 1
ensuring
compliance including disciplinary procedures. 1
training and
communicating with staff as to their responsibilities. 1
laws:
 computer misuse act 1990. 1
copyright,
designs and patents act 1988. 1
 data protection act 1984, 1998, 2000. 1
copyrights:
open source…………………………………………………………………………………………………………. 1
freeware. 1
shareware. 1
commercial
software. 2
 

Security policies and
guidelines

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Disaster recovery policies

In an organisation the employers
need to invest some of their money into their future, with disaster recovery
policies a company is able to do that, by investing money in a policy that will
allow them to recover stolen, destroyed or missing information should their
company go under a disaster. Disaster recover policies are created for an
organisation so that a company that have suffered from a disaster that
destroyed their hardware or software can get their data back, these disasters
can be either human caused or natural.

Some example of this may include floods which is a natural disaster or
an act of terrorism which is human
caused. When a natural disaster hits an organisation, their power is likely to
be shut off and the severs are likely to go down and therefore there will be
loss of data, if the organisation has disaster recovery policies they will be
able to get the lost data back once they get their systems running again.
Having the disaster recovery policies gives this company some assurance that
they can get their data back after any disaster. Also having disaster recovery
policies save the company a lot more money as the information that they have
lost can be worth a lot more than getting the disaster recovery policies. If
the company goes under attack by hackers and company information is stolen
after the attach the organisation will be able to get some of their files back.

Updating of security
procedures

In an organisation the employer
must have security procedures installed in the company. Almost every company
has this and it proves to be useful when blocking potential threats, such as
viruses and other malware. When these procedures are installed in the company
it is the employer’s responsibility to keep the procedures updated and working
as updating these procedures will cover more threats and make
systems much more secure. The updating of security procedures is done by companies to make
sure that their software and hardware are upgraded when needed to allow threats
to be dealt with, security software in particular is updated and is running all
the necessary diagnostics to keep threats away from their data. An example of
this is for the organisation to update their antiviruses as the older versions
may have problems and the newer version has fixed this issue. This is important
as hackers won’t be able to get through the data easily. Without updating
security procedures an organisation would be exposed to numerous risks and it
will be expensive for the organisation to recover from an attack, but by
updating security procedure the organisation is block potential threats and
lessens the damage that can be done.

 

Scheduling of security
audits

A good organisation will have security audits to give the
employers constant evaluations of the current status of their company aspects. Scheduling security audits is a way
for an organisation to tell what kind of workplace environment they have, by
scheduling audits that will scan and evaluate how secure their system’s
security is, for example a security audit will assess the software information
and how it meets the minimum criteria, it will also evaluate what the user does
on the net, making sure that there are no harmful files being used and
downloaded onto the system. Audits make sure that the system is stable and
running effectively. Without security audit logs the system software would be
unknown and the employers would not know what is being put in and taken out of
the system. Having security audits assists the employer to make important and
suitable policies to help fight the problems facing the company’s security
systems, for example if employers used security audits and found out that
viruses where being sent via email, the employer may want to imply an emailing
policy; a policy that informs the user that they are not allowed to send files
via email as the viruses can attach themselves to the files and affect other
computers.

Codes of conduct and
guidelines

 

Software
acquisition

The software acquisition is a list of rules on
how employees will get the software’s needed for work. This policy explains who
is basically responsible for how the software is managed, used, installed and
who is held responsible for the software. This is an important set of
information as it makes it clear to all the employees who is responsible for
all the software so that they are held accountable if anything goes wrong with
the software and who is responsible for updating and keeping it clear of
viruses. This is important and without this policy an organisation would be not
functional, it would be more likely that employers would be blamed instead of
the manager of the tech department and the wrong person would get prosecuted,
however as there is a designated person to take responsibility of the software
they can be prosecuted and replaced if they don’t do their jobs.

email
usage policy

The email usage policy is a document that is
signed by all employees when starting a job that allows them to declare to use
their emailing system in a certain way desired by the company, keeping in mind
that all organisations are different and serve different purposes. An example
of a point that an emailing policy may contain can be that the email system
can’t be used to send downloads, this may be because the employers want to
minimize the risks of viruses being spread via email and affect their systems.

Installation
policy

An installation policy is a regulation that
all employees must abide by. The policy includes making sure that any employer
must not install any unauthorised computer software as they can lead to viruses
and all sorts of threats for the company’s systems. This policy is important as
it saves the company money because if there are less attacks on their system,
the organisation must pay less to recover lost data or information. Without
this policy any employee could download any software onto the computer system
and some software can be installed within those files.

Surveillance
policies

This policy is made by the law and is created
in a company workplace to control cctv monitoring. This policy explains that
open and not hidden cctv cameras can only be used if employee individuals have
been alerted and been introduced to the camera, whereas hidden security cameras
are only permitted if the surveillance permission has been given by authorities
and employees must be aware of this, this is an important policy as security
footage can be useful in some circumstances when there is possible danger and
the security camera can prevent the danger by feeding back to the employer. It is crucial to have
surveillance in organisations as anything can happen anywhere in the workplace
at any time and it is good to have visuals all over the workplace to prevent
people from getting hurt.

Internet
usage policy

The internet usage policy is another document
that new employees must sign in order to ensure that the employers use the
internet in a specific way, desired and instructed by the employer. This will
help minimise the risks of viruses as the employees will be using less sites
and downloading less software, this means that they won’t be downloading software
and therefore they won’t be downloading any malware onto the workplace
computers. Without this policy, employers would be free to download almost any
file onto the computers; however, it also increases the risk of viruses in
those downloads. This policy restricts the user from using certain sites that
may hold viruses and if they do not visit these websites they cannot download
these viruses.

Risk
management

Risk management is the prediction of possible
threats facing the company, as well as where the threat will hit the company,
for example a threat may be to the software side of the organisation, the
threat may be that if they choose a safe security software there could be a
hacker attack and they can lose a lot of their data. Risk management also show
how the risk can be overcome and fixed or stopped before it even comes, for
example the solution for a possible attack could be to pay more money for a
more secure software. Risk management is important as being able to tell future
risks can help the company save more money, as doing for something that could
save the company from losing a lot of information worth a lot of money. Risk
management is good for organisations that hold a lot of data as their loss
would be more than just an ordinary company with less data stored.

Budget
setting

Budget setting is when a company allocates an
amount of money to deal with lots of different aspects of the company, for
example an organisation may allocate a budget to fix security apparatus, this
means that the organisation will set an amount of money to fund cctv cameras
and other security equipment. Budget setting can also go towards future
disasters, for example when a disaster occurs such as if a company’s servers go
down, there will be money allocated to fix that problem. This is an important
aspect of an organisation as having some money on the side can help a company
with funding as the company isn’t spending too much money on one issue and they
are thinking about other issues in the future and happening currently.

employment contracts and security

Hiring
policies

Before a person can work in an organisation,
the organisation must know about the person and if they qualify for the work
criteria, such as criminal records the company must know of any criminal record
that the person may hold. Some companies have strict policies that all their
employees may abide by, for example if a person who is applying to work in the
organisation has a criminal record they won’t be permitted to work in that
company. This is an important aspect as if the workplace has strict
regulations, only people who qualify are permitted to work there. Without
hiring policies, organisations would employ anybody who wanted the job even
though some were more qualified that the others this increases the danger in
the workplace and as they won’t know their employees they won’t know their
behaviour and they can be potential threats.

Separation
of duties

When somebody is hired they are expected to do
all the jobs on their contract, however some jobs require a team to do, for
example and it department this is done in a team because if one of their team
was absent, the rest of the team would have enough knowledge of the job to fill
in for the missing teammate, without the team the job would be incomplete and
couldn’t be done and it would cost the company a lot of money. This is
important as anybody can call in sick and not attend to work and there will
need to be a backup for that person this will ensure that the job is done otherwise
it could affect the company’s performance.

Ensuring
compliance including disciplinary procedures

This is a procedure that ensures that all
employees stick by the organisations rules and regulations, as some employees
are likely to slack of during work, this order makes sure that the employees do
not slack of therefore it won’t affect the amount of work that they are
producing. This action is taken against workers who do not comply to the work
regulations and disciplinary action can be taken to the worker that doesn’t
comply to the work regulation, for example they can be taken out of the
workplace and removed, or they can be warned. This is an important procedure as
an organisation will be able to take actions against workers who are
underperforming.

Training
and communicating with staff as to their responsibilities

This is an act that ensures that employer
receive proper work training so that they are aware of their jobs and how to do
their jobs. If this action is not taken the employee will not know what their
job is and it will affect the work being done in the company which means that
it will slow down the performance of the organisation.

Laws

Computer
misuse act 1990

The Computer Misuse
Act is designed to protect computer users against wilful attacks and theft of
information. Offences under the act include hacking, unauthorised access to
computer systems and purposefully spreading malicious and damaging software (malware), such as viruses. Unauthorised access
to modify computers include altering software and data, changing passwords and
settings to prevent others accessing the system, interfering with the normal
operation of the system to its detriment. The act makes it an offence to access
or even attempt to access a computer system without the appropriate
authorisation. Therefore, even if a hacker tries to get into a system but is
unsuccessful they can be prosecuted using this law. The act also outlaws
“hacking” software, such as packet sniffers, that can be used to
break into or discover ways to get into systems. Although intention to do
wilful damage cannot be easily proved, the act makes it an offence for a hacker
to access and use a system using another person’s user name, including e-mail,
chat and other services. The act also covers unauthorised access to different
parts of a computer system, therefore, a person may be allowed to access one
part of a system but not others, and the accessing of the other parts will be
an offence. – https://www.sqa.org.uk/e-learning/ITLaw01CD/page_03.html-

The computer misuse
act basically covers

Copyright,
designs and patents act 1988

The Copyright, Designs and Patents Act 1988, is
the current UK copyright law. It gives the creators of literary, dramatic,
musical and artistic works the right to control the ways in which their
material may be used. The rights cover: Broadcast and public performance,
copying, adapting, issuing, renting and lending copies to the public. In many
cases, the creator will also have the right to be identified as the author and
to object to distortions of his work.

-https://www.copyrightservice.co.uk/copyright/uk_law_summary-

Data
protection act 1984, 1998, 2000

The Data
Protection Act controls how your
personal information is used by organisations, businesses or the government. Everyone
responsible for using data has to follow strict rules called ‘data protection
principles’. They must make sure the information is:

used fairly and lawfully used for limited, specifically stated
purposes

used in a way that is adequate, relevant and not excessive

accurate

kept for no longer than is absolutely necessary

handled according to people’s data protection rights

kept safe and secure

not transferred outside the European Economic Area without
adequate protection There is stronger legal protection for more sensitive
information, such as: ethnic background

political opinions

religious beliefs

health

sexual health

criminal records

-https://www.gov.uk/data-protection-

 

Copyrights

Open Source

 

An open source software is software
that can be accessed for free and not get into any kind of trouble by the
creator, within this category open source software can be changed, used and
shared with others. Open source software can be made by multiple people and can
be shared due to the open source law. Open source software requires the
original creators to enforce rights for the audience to study the contents as
well as the fact that this software has to be available for any individual to
use for any purpose

Freeware

 

Freeware is software that is
available for the public to purchase free of change, meaning the user will not
have to pay money in order to use this software, an example of this are things
like, avast antivirus. This program is free to purchase and you can use the
software without purchasing eh item. Freeware requires the original creator of
the software to allow members of the public to use the software to the fullest
without enabling the user to purchase the product. Freeware is a choice that is
made by the creator of the software, this allows the creator to make the choice
to make their software free for the public, however if they do not wish to make
their software free they can charge money in exchange for the software.
Technically they users of this software cannot get prosecuted for piracy as it
is free to use, however the creator is able to set rules and can prosecute
users that abuse and use the software.

Shareware

 

Shareware is
a variation or freeware, as in the application may be free to download and use
until a certain period of time where fees may be required in order to continue
use of the application, or fees may be needed to use all of the features of the
software, an example of this can be a free trial of an application. Shareware
may be used in order for the creators to receive feedback or an evaluation of
their software. Shareware is a way for users to taste what it is like to use
the app and may refer people to user the app by buying the full version of the
software. Shareware

Commercial software

 

Commercial
software also known as payware it is software that is only made to be sold to
other organisations or individuals. The software is simply made for only the
end buyer to see and use. Commercial software can be free, however if it is
being made for end buyers such as companies it probably costs money. Some
examples of commercial software or Payware is Photoshop

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

               

 

 

 

 

 

 

 

 

 

 

 

 

 

 

x

Hi!
I'm Simon!

Would you like to get a custom essay? How about receiving a customized one?

Check it out