will cover each organisational issues that effects the IT system. I will be
explaining the policies and guidelines that an organisation needs to manage
their IT security issues. I will also be explaining how an employment contract
can affect security. To sum all of this up this report will also evaluate the
laws that are related to security and privacy of data.
Security policy and guideline
Disaster recovery is a policy of security planning that was
set up to protect an organisation from human or natural disaster. Human
disaster and natural disaster could be the two reasons that the disaster
recovery policy came about. Human disaster that may occur could be a virus,
fire or an act of terrorism. Natural disaster that could occur is an earthquake,
tornado or a tsunami. Any type of disaster can have a negative effect on an
organisation as research has proven to show that after human or natural
disaster the business is left in a fragile situation because of mass data loss,
however the disaster recovery policy (DRP) can help.
Recovery point objective (RPO), which is files that must be
recovered from a backup storage and Recovery time objective (RTO), which is the
most acceptable tolerable length of time that a system, network and computer
can be down after a disaster occurs. A disaster recovery plan allows an
organisation to follow a structured plan to go through with unplanned incidents
that may threaten the company’s IT set-up which include the software, hardware
Disaster recovery testing helps to shed light on identifying
the problems that may occur if the system has a disaster recovery. It also
allows the employees to be aware of what they are required to do during a
disaster recovery scenario. Therefore, the organisation should have a scheduled
time to test the recovery policy and this should happen after an organisation
has any system changes.
security procedure and Scheduling of security audits
In order for the server to keep running properly the
organisation should download the latest update every four weeks. This allows
the security of the server working and up to date. Updating the antivirus is
also extremely important because it allows the system to have extra features
that will help protect it against virus’s and other threats. If an organisation
decides to not upgrade the software, it may be easy for the system to have
glitches which can allow hackers to have access and cause damage to the system.
The term ‘audit’ means checking procedure which allows the technician
in organisation to check the system for different issues. An audit can also be
used to predict if the organisation can cope the threats that may occur.
Creating a code of conduct for employees, customers and
contractors places a legal contract for them and they are required to sign the
contract to show proof that they have agreed to the terms and policies. Some
basic policies may be an email usage, internet usage and software usage policy.
Equipment that is meant for the employees to use for the
organisation purpose should only be used for the company’s purpose and not for
personal use. For example, using the company’s telephone for personal use
without the manager’s permission could lead to serious consequences like
getting fired because the employee would have signed and agreed to this policy.
Each company has their own rules and policies and it could differ to a
Surveillance policies and monitoring is when CCTV is placed
so if any damage does happen to the company they can trace back what happened.
It is important that the company tells the employees that there is CCTV in
place and where t is as it is used as a surveillance equipment.
However a problem with this is that people are always being
watched and if they are always being watched, it may feel like an intrusion and
like an invasion of privacy and this could lead to the employers having stress
and low morale.
Likewise, having CCTV in operation keeps the organisation
safe against any threat that may occur. Also the security guard can stop any
unauthorised access as the company may have a card that they need to tap into
to get into the building and gain access the equipment that the company have.
Risk management is when an individual is not sure about the
outcome or the consequences of a situation as it rises.
If the company uses money without having a budget it can
affect the company because it could mean that the company will be in debt as
they won’t be allocating a budget for each month. Above this, there should
money to pay off each employer, replacement cost of the software and any
equipment, software licensing and many other things. If the company uses all
their money and have no more extra money for repairs or anything else, the
reputation of the company will be ruined and customers that they have will be
lost too. Resulting in the company having no money.
contract and security
Employment contract and security is a hiring policy
that the organisation needs to do as they look into the background of the
employee for things like previous work report and criminal record. Following
this the company cannot give the employee access to everything at first because
the employee may not be as trust worthy as they think.
Making sure that within a company that if one key personal
is absent, another employee can take over and do that role of the key personal.
This is important because if one day the IT technician was ill and unable to
come into work and there was something wrong with the system, someone else
should be able to step up and fix the system leaving no permanent damages. It
acts as a backup if someone was not in.
Training and communicating with staff
as to their responsibilities
Communication with staff and other employers must be formal within
the workplace and work related unless the individual is on break. Getting
distracted by other employees and the individual themselves can be a
Computer Misuse Act 1990
The computer misuse act of 1990 is a law that was passed
by the British government and it has three part to it.
Unauthorised access to computer material.
Unauthorised access with intent to commit or facilitate
commission of further offences.
Unauthorised acts with intent to impair, or with
recklessness as to impairing
However, if people do break these laws it is very hard to
prove and has not been successful in the past so therefore this law could have
a loophole within it.
Designs and Patents Act 1988
The copyright, design and patents act was passed in 1988
and it allows the creators of literary, musical and any artistic work to be
able to control the wat in which their work can be used. This means the
creators can set down restrictions to certain things the public have access to
of their work. Any individual must ask for permission from the artists/ creator
of the work they want access to.
Privacy and compensation requirements
of Data Protection Act 1984, 1998, 2000
The data protection act was designed to protect personal
data that is stored in computes. For example, names, addresses, contact information
and any other personal information. This act allows each individual to choose
what information they want stored and used and which information they don’t want
to have a trace off.