Security policies and guidelines:· Disaster recovery policieso A disaster recovery policy is the way in which anorganisation can protect themselves from the aftermath of a negative event. Thepolicy allows for the organisation to quickly and easily get back to normaloperations. This is an important part of an IT infrastructure as it means thatthe organisation can be ready to respond if something negative did occur. · Updating of security procedureso A security policy is to ensure that a policy is followedand protects private and confidential data from being leaked or haveunauthorised access. These procedures are updated; this is possibly because ofmore methods of exploitation.
· Scheduling of security auditso A security audit is when you examine a computer system ornetwork. It helps to determine how vulnerable the organisation is to negative events;this could possibly be natural disasters or criminal malicious activity. Whenthis is done regularly it ensures that the chances of a disaster can bemonitored better.· Codes of conducto Codes of conduct are rules and policies signed and agreedto when someone joins a team or organisation. This ensures that the employeeknows what they can and can’t do in the organisation. Some examples are listedbelow:o Email usage policy§ An email usage policy is a limit that is set for eachemployee and limits how much of the email is used for conducting business andhow much is used for personal use.o Internet usage policy§ The internet usage policy limits the employees to how muchtheir internet browsing time is used for business work.
The employees can haveaccess to the organisation internet connection for personal use but it needs tobe well balanced between work and personal. This ensures work is being done inthe workplace.o Software acquisition§ The software acquisition policy means that a computer usercannot install software on a computer without the permission of the head ofdepartment. This may not be totally wrong, but the software that the user maybetrying to download and install a software that could be holding a virus.
o Installation policy§ The installation policy limits what the employees caninstall, it also limits and enforces how often the employees installsoftware’s, or drivers, etc…· Surveillance policieso This allows for an organisation to have CCTV footage atall times, this can be controversial as some people don’t like being watchedconstantly and feel the organisation doesn’t have trust in them. This policy ismainly used for events in which they affect the workflow and organisationpractically on not digitally.· Risk management o Risk management is how an organisation can measure risksthat they may encounter, this helps the organisation to be prepared if anythingnegatively may affect the organisation. · Budget settingo Budget setting is crucial for an organisation as they canmonitor and track where their money is being spent. It also means that they cantrack which department is using more money. It ensures that the organisationcan keep control of budget and be certain money is not going to waste. Employment contracts and security· hiring policieso A hiring policy states the way in which a recruitment willbe done and shows the guidelines and targets needed for the selection process. · separation of dutieso This is where the organisation can state what the rolesthat you are performing involve and what needs to be done, it ensures that thetasks performed within the organisation are performed by the people with therelevant skills.
· ensuring compliance including disciplinary procedureso The is a policy which means that it affects the securityof an organisation. If employees break any rules stated in the contract whichthey signed when the joined the company. If the employee does go against theterms in the contract, then they will have disciplinary procedures for theiractions. It may possibly something that isn’t major, the consequence could be asimple warning.· training and communicating with staff as to theirresponsibilitieso this policy ensures that both employee and employer treateach other with a calm manner in the workplace. This is the responsibility ofboth parties and they must explore these attitudes to each other to keep theworkplace in flowing nicely. Laws: · Legislationo Legislationsare laws that are considered altogether.
Legislation defines the legalprinciples that outline the responsibilities of the people involved.· ComputerMisuse Act 1990; o Thecomputer misuse act was passed to protect people from others accessing computermaterial without permission, this would things such as files on someone else’scomputer. Also, accessing computer material without permission with the intentof doing harm and altering the data on a computer without the permission of theowner. · Copyright,Designs and Patents Act 1988; o Thecopyright, designs, and patents act governs how the creators of literary,dramatic, musical and artistic works can be used by others. It protects theauthor from others sharing, lending, editing, or renting their work. · Privacyand compensation requirements of Data Protection Act 1984, 1998, 2000o Thedata protection act has 8 basic requirements. It helps to protect people’sdata. It protects data that is also stored in paper filing system.
Here are the8 basic requirements.§ The data that the organisation is collecting should befairly and lawfully processed.§ Data is processed for limited purposes.§ They data collection is adequate, relevant and notexcessive.§ Data should always be accurate and precise. It shouldalways be up to date.
§ The data shouldn’t be kept by an organisation when it’snot needed or no longer necessary.§ The data should be processed with your rights.§ The data must be secure with strong protection.§ Also, when data is being transferred to other countries itshould be done with adequate protection.Copyrights: · Open source licenseo Open source licences allow for the original code for asoftware other products to be used, modified, or shared under specific termsand conditions. This allows for creators to come together to help create betterprograms and software. · Freewareo Freeware is software that is available to users for no feeand the owner has all rights to it.
This means that the owner/author has allrights to modify the software, control its distribution and potentially sell orcharge for the service later on. · Sharewareo Shareware is software that is used by a customer orsomeone for a specific time, once the time is up they don’t have access to it.For example, Spotify Premium trial for a month, the user has access to premiumfeatures for only one month but once the 30 days are up the user will not haveaccess until they pay the fee for the service for a longer/permanent period oftime. · Commercial softwareo Computer software copyright is for business purposes, itis created and for sale for the for commercial purposes.
It could be free andopen source software that could be considered as commercial software.