Unit 15 week 8 class 1Lesson overview Pete Lawrence BTEC National Diploma Organisational System Security
Overview • Recap • Keeping systems and data secure • Resubmitting Assignment 1 • Working on Assignment 2 • Security policies • Focus on Budget settings, Disaster recovery, Updating security procedures and scheduling security audits, Codes of Conduct, Surveillance and monitoring policies and Risk management.
Security policies Many organisations will agree, maintain and operate a range of policies in the management of security in their organisation’s ICT environments. The purpose of these policies is to ensure that all employees, departments, supplies and customers adhere to a common principle which will ensure their welfare as well as their systems.
Budget setting Home Annual Budget setting is essential to ensure organisational system security is maintained at an acceptable level. Effective security is not cheap and requires continual investment to maintain control. issues to consider when budgeting for organisational system security • The replacement cost of redundant equipment and software versions. • The cost of each audit • Training staff • Software licensing • The procurement of external consultation and support. • Staff wages relating to organisational system security
Disaster recovery Detail what actions are to be taken in the event of a human -based or natural disaster.
Disaster recovery cont... Home Disaster recovery policies may also include
Updating security procedures and scheduling security audits • Reviews of security procedures need to be carried out on a periodic basis • A security review is only as good a the knowlege acquired at that time. It is essential to check security policies for currency and to compare the policy against current knowledge and new threats • Updates need to be trialled before a planned roll out
Updating security procedures and scheduling security audits cont... Home • Security audits of physical and networked systems need to take place at regular intervals; they are often done with out the staff knowing, in order to prove the effectiveness of the system. • In network management, an audit of database and network logs may occur, with detailed analysis to look for reoccurring issues, which may represent and existing threat. The audit is often conbined with penetration testing, stimulating a hacker or DoS attack to prove the validity of the existing system. • Some organisations may even employ covert personnel to attempt to circumvent their physical security systems.
Code of conduct • Many employees, contractors, customers and suppliers use you organisation’s system. To allow them complete freedom is inadviasble. Creating codes of conduct which are signed by the individuals who need access to your system places the legal responsibility on them.
Surveillance and monitoring Home • Placing a CCTV or covert surveillance camera in any organisation may cause considerable distress among the workforce and could be the prelude to union action. • How surveillance and monitoring may occur has to be clearly defined and agreed with employees, including describing the reasons for using surveillance, where it will be used and the type of surveillance equipment.
Risk management Home • The measurement and prediction of possible issues, together with a strategy for dealing with each risk if it arises. The actions an organisation may with depend on the severity of the threat.