Unit 7 (note this document was originally done in on a power-point presentation )
P6: Legislation to Cover for Organisational Security
Computer Misuse Act
1990
Computer Misuse Act 1990 is an act that is
designed to frame rules and control over computer crime and internet fraud.
Using others ID and passwords to access ones computer is against the computer
misuse act 1990, unauthorised access to commit a serious crime and unauthorised
modification of a computer content are also against the misuse act, as the
person who’s account has been misuse, they are not aware of this. For example
using others log in to access their account and installing virus to the
computer, will destroy their files on the computer.
Principles of
Computer Misuse Act 1990
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate commission of further offences.
- Unauthorised modification of computer material.
Computer Misuse Act has been created to
protect users computer materials from unauthorised access. Companies will have
computer misuse act in place to prevent unauthorised modification of computer
material.
Privacy and
Compensation requirements of Data Protection Act 1984, 1998, 2000
Data protection act 1998 is a law that has been created to make
sure that personal details i.e. the wages they earn are handled properly and
safely. The person who’s information that have been handled, have the right to
know what information of theirs has been held. For example accountants within a
bank must not share details about their customer’s to others within or outside
of their organisation. The person who is handling personal information must
register with the DPA and obey the eight principles.
Designs and Patents
Act 1988
Design and Patents act has been created
to give the creators the right for them to control the way their material is
being used. The creators rights cover a number of things such as copying,
renting and lending copies to the public. For example YouTube users are unable
to uploaded other creators content to their profile, YouTube will delete the
video as the user of the profile did not have the right to upload the video. If
the content has been copied and has not included the original creator, the
person can bee taken to court and charged for plagiarism.
Copyrights
Freeware: is software that is copyrighted
but given away for free of charge. Even though the content is free, the creator
of the software has the copyrights to the software.
Open Source: is software that is
available for free and also can be modified by the users of the software. The
software can also be shared to others without payment.
Shareware: some shareware software is
free of charge however the creator may request that the user pays a small fee
as they are regularly using the software. The user will receive service
assistance and updates if they pay the fee.
M3: Ethical Decision Making in Organisation IT Security
Ethical decision
making in a organisation can cause some problems as there are different views,
ethics and business decisions which can often clash and can cause problems
within the organisation.
Freedom of
Information
Users can present
any information about themselves or
their opinions on to the internet on
various websites such as social networking, forums or job sites etc. There is
many downfalls to this on the users personal information. This is because users signing up to these
sites will have to have a lot of trust on their computer systems, to keep their
personal information all confidential. Within an organisation and their freedom
of information against personal privacy an example of this is if the
organisation choose to install CCTV for security purposes. Employees in the
organisation may say that this is invading the previous.
Ethical Issues
Street maps such as Google street maps is
a big ethical issue as it can provide burglars within information about certain
areas, which can help them plan robbery's in areas. The information they gather
can help them find ways to enter a building. Also photographing people on the
street without their knowledge. Although they blur the pedestrians faces, they
are also photographing children on the street without their knowledge, this can
cause have a huge impact on Google as it is against the law to photograph
children.
Phonebooks is another ethical issue as it
provides the public with phone numbers of other people. People can use the
phone numbers to prank call the residents and hocks scenarios which can scare
the residents. Fraudsters can use residents phone numbers and call them
pretending to be their bank, they can gain valuable information such as their
card details etc.
Permission
Organisation which use photographs,
videos or CCTV footage for business security purposes, may cause a few issues
within the organisation with their employees. For example if an organisations
advertises the business and uses music which they didn't have permission to use
from the create, this can cause a huge impact on them as they could be fined by
the creator of the soundtrack, because they used the soundtrack without
informing the creator. If the organisation also uses photos of their employees
for a website without asking them for permission, this will cause a lot of
issues with the staff as they may not have wanted their image on the website.
Their are also organisation which are also very weary on how they approach ethical issues as it is a sensitive issue with the individuals in the employee.
D2: Evaluate the Security Policies used in an Organisation
Disaster Recovery
Polices
The effectiveness
of disaster recovery police has within an organisation is that it reduces the
lose of data and improves the recovery of the organisation if they face a
disaster. Back ups of the systems will
be completed at scheduled time which will be set up by the network technician,
the back ups will be scheduled at less busy times when the network is not being
used as much. This will speed the process of the back up. However it also has a
negative on the network as it can decrease the speed of the data travelling
through the network. Overall disaster recovery will benefit the organisation as
they recovery data although it may slow down the network.
Advantages
The advantage in having disaster recovery
polices in place is that it reduces loss of data. As the technicians within the
organisation have backed the system up before any disaster occurred, if any
data is lost during a disaster they can recover the date from the backup. This
will reduce downtime as they can transfer data from one system to another because of the backup.
Disadvantages
The disadvantage in having the policy in
place is that the organisations is that it is costly for the organisation to
run, as they will need to maintain the recovery system and it can also
interrupt the organisations network, by slowing it down. This will make it
difficult for employees in the organisation to do their work, as their system
will slow down because of the reduced speed of the data transfer rate.
Updating Security
Procedures and Scheduling Security Audits
Updating security procedure has an
benefit and also a negative on the organisation. The benefit that this
procedure has on the organisation it can be slow however once the updates have
been completed the software would run quicker, the systems will be more secure
and have a great impact on the network, as the latest version has been
installed which will run much efficiently than the previous version. By
updating they can improve the whole network overall from the speed of the data
transmission and also the security.
The negative this may have on the
organisation is that they may have to also upgrade the hardware so that it is
compatible with the updated software. For example the software may require a
larger hard drive so that the update can be improved.
Code of Conduct
They are in place to stop any problems
from occurring within the organisation from users access website which contain
viruses or adding bad attachments onto an email etc. By butting code of conduct
in place will reduce the costs on as there will be less chances in any of
equipment being damage, reducing the cost for the organisation paying for
repairs of equipment. This will reduce
downtime as their will not be disruption on the network.
The negative impact that this has on the
organisation is that users may think it is not fair that they are being
restricted from accessing certain areas of the network compared to others which
will be able to access that area to. This will create a lot of tension between
employees, as they will think that the employers of the organisation do not
trust them with their systems.
Surveillance and
Monitoring Policies
This policy allows
the organisation to monitor what is going on within the organisation, this may
cause some tension as the employees may not like being watched while they are
working at all time. However this benefits the organisation, by monitoring users
on the computer system they can identify and prevent any threats for happening
before they appear. For example if the users is on a website which houses
viruses the admin can shut down the window before anything happened. This
policy is very effective as it can prevent faults from occurring on the systems
or network, it can also prevent theft to equipment.
This policy is
great for security within an organisation however the size of the system will
be large and hard to maintain and keep updated. As the organisation will have
many areas which will be watched by CCTV and also all the computer systems on
the network will be monitored. The cost to maintain and update the surveillance
and monitoring tools will have an affected on the organisation as they will
have to pay technicians to maintain the tools .
Advantage
The advantage in having this police in
place is that it can reduce any physical
threats happening to the systems, as they are being monitored by CCTV.
The system can also help identify and resolve threats before or after they
occur. Not only can the system prevent anything happening to their systems, the
system can also protect the employers working in the organisation. For example
if employees are caught ignoring their duties, stealing or threaten other
employees, the employers can use the footage to prosecute rouge employees. This shows the public that
the organisation cares for their employees.
Disadvantage
The disadvantage in having this policy in
place is that their could be a misunderstanding among the employees as they
might feel like their employees are intruding their privacy or my feel that
their employers do not trust them. Employers will need to inform their
employees on why they are going to introduce this policy before hand. Another
drawback in this policy is that it can be very costly for the organisation to
set up the system, as they will need to install cameras, computers, and
software to maintain the system. They will also need a place to store all data
they collect in case they need to use the clips in future references. The
organisation may also need to invest in legal advice to make sure that their
systems follows the privacy rights law.
Risk Management
This helps the
technicians within the organisations to deal with issues quicker and stop
anything worse occurring. This provides
the technicians with information about the hardware, software and other devices
on the network. The program is set up so that technician can identify issues
much quicker and resolve them before getting worse.
The cost of running
the program, having it installed to the system, and paying technicians to
maintaining the program. These are minor negatives in having this policy in
place, other than that it is a great policy to have in place.
Advantage
The advantage in having the police in
place is that it can reduce downtime benefiting the organisation as they can
continue to provide service to the customers. This is because the issue that
has occurred is dealt within sooner and also strop anything worse occurring.
The policy can also prevent possible threats happening before they occur. The
threats can also help them improve their systems so that the issue doesn't
occur again in the future.
Disadvantage
The disadvantage in having
this police in place is that it can be very costly for the organisation, as
they will need to train employees to help them manage issues properly and also
maintain it so that the issue doesn't occur again. The time spent training the
employees to that they execute the risk management properly.
"note you may be asked to expand on some of the points, so try to add more to the assignment. Also remember not to copy word for word, as their are now software to check for plagiarism, when marking the assignment, try to complete the assignment your own way." [I am not encouraging you to copy this piece is here for educational purposes]