Unit 7: P6, M3 & D2

Unit 7 (note this document was originally done in on a power-point presentation )

P6: Legislation to Cover for Organisational Security

Computer Misuse Act 1990 

Computer Misuse Act 1990 is an act that is designed to frame rules and control over computer crime and internet fraud. Using others ID and passwords to access ones computer is against the computer misuse act 1990, unauthorised access to commit a serious crime and unauthorised modification of a computer content are also against the misuse act, as the person who’s account has been misuse, they are not aware of this. For example using others log in to access their account and installing virus to the computer, will destroy their files on the computer.

Principles of Computer Misuse Act 1990

• Unauthorised access to computer material.
• Unauthorised access with intent to commit or facilitate commission of further offences.
• Unauthorised modification of computer material.

Computer Misuse Act has been created to protect users computer materials from unauthorised access. Companies will have computer misuse act in place to prevent unauthorised modification of computer material. 

Privacy and Compensation requirements of Data Protection Act 1984, 1998, 2000

Data protection act 1998 is a law that has been created to make sure that personal details i.e. the wages they earn are handled properly and safely. The person who’s information that have been handled, have the right to know what information of theirs has been held. For example accountants within a bank must not share details about their customer’s to others within or outside of their organisation. The person who is handling personal information must register with the DPA and obey the eight principles.

Designs and Patents Act 1988

Design and Patents act has been created to give the creators the right for them to control the way their material is being used. The creators rights cover a number of things such as copying, renting and lending copies to the public. For example YouTube users are unable to uploaded other creators content to their profile, YouTube will delete the video as the user of the profile did not have the right to upload the video. If the content has been copied and has not included the original creator, the person can bee taken to court and charged for plagiarism.   

Copyrights

Freeware: is software that is copyrighted but given away for free of charge. Even though the content is free, the creator of the software has the copyrights to the software.

Open Source: is software that is available for free and also can be modified by the users of the software. The software can also be shared to others without payment.

Shareware: some shareware software is free of charge however the creator may request that the user pays a small fee as they are regularly using the software. The user will receive service assistance and updates if they pay the fee.

M3: Ethical Decision Making in Organisation IT Security

Ethical decision making in a organisation can cause some problems as there are different views, ethics and business decisions which can often clash and can cause problems within the organisation.

Freedom of Information 

Users can present any information about themselves  or their opinions  on to the internet on various websites such as social networking, forums or job sites etc. There is many downfalls to this on the users personal information.  This is because users signing up to these sites will have to have a lot of trust on their computer systems, to keep their personal information all confidential. Within an organisation and their freedom of information against personal privacy an example of this is if the organisation choose to install CCTV for security purposes. Employees in the organisation may say that this is invading the previous.

Ethical Issues

Street maps such as Google street maps is a big ethical issue as it can provide burglars within information about certain areas, which can help them plan robbery's in areas. The information they gather can help them find ways to enter a building. Also photographing people on the street without their knowledge. Although they blur the pedestrians faces, they are also photographing children on the street without their knowledge, this can cause have a huge impact on Google as it is against the law to photograph children.

Phonebooks is another ethical issue as it provides the public with phone numbers of other people. People can use the phone numbers to prank call the residents and hocks scenarios which can scare the residents. Fraudsters can use residents phone numbers and call them pretending to be their bank, they can gain valuable information such as their card details etc.  

Permission 

Organisation which use photographs, videos or CCTV footage for business security purposes, may cause a few issues within the organisation with their employees. For example if an organisations advertises the business and uses music which they didn't have permission to use from the create, this can cause a huge impact on them as they could be fined by the creator of the soundtrack, because they used the soundtrack without informing the creator. If the organisation also uses photos of their employees for a website without asking them for permission, this will cause a lot of issues with the staff as they may not have wanted their image on the website. Their are also organisation which are also very weary on how they approach ethical issues as it is a sensitive issue with the individuals in the employee. 

D2: Evaluate the Security Policies used in an Organisation

Disaster Recovery Polices

The effectiveness of disaster recovery police has within an organisation is that it reduces the lose of data and improves the recovery of the organisation if they face a disaster.  Back ups of the systems will be completed at scheduled time which will be set up by the network technician, the back ups will be scheduled at less busy times when the network is not being used as much. This will speed the process of the back up. However it also has a negative on the network as it can decrease the speed of the data travelling through the network. Overall disaster recovery will benefit the organisation as they recovery data although it may slow down the network.

Advantages

The advantage in having disaster recovery polices in place is that it reduces loss of data. As the technicians within the organisation have backed the system up before any disaster occurred, if any data is lost during a disaster they can recover the date from the backup. This will reduce downtime as they can transfer data from one system to another  because of the backup.

Disadvantages

The disadvantage in having the policy in place is that the organisations is that it is costly for the organisation to run, as they will need to maintain the recovery system and it can also interrupt the organisations network, by slowing it down. This will make it difficult for employees in the organisation to do their work, as their system will slow down because of the reduced speed of the data transfer rate.

Updating Security Procedures and Scheduling Security Audits

Updating security procedure has an benefit and also a negative on the organisation. The benefit that this procedure has on the organisation it can be slow however once the updates have been completed the software would run quicker, the systems will be more secure and have a great impact on the network, as the latest version has been installed which will run much efficiently than the previous version. By updating they can improve the whole network overall from the speed of the data transmission and also the security.

The negative this may have on the organisation is that they may have to also upgrade the hardware so that it is compatible with the updated software. For example the software may require a larger hard drive so that the update can be improved.

Code of Conduct

They are in place to stop any problems from occurring within the organisation from users access website which contain viruses or adding bad attachments onto an email etc. By butting code of conduct in place will reduce the costs on as there will be less chances in any of equipment being damage, reducing the cost for the organisation paying for repairs of equipment.  This will reduce downtime as their will not be disruption on the network. 

The negative impact that this has on the organisation is that users may think it is not fair that they are being restricted from accessing certain areas of the network compared to others which will be able to access that area to. This will create a lot of tension between employees, as they will think that the employers of the organisation do not trust them with their systems.

Surveillance and Monitoring Policies

This policy allows the organisation to monitor what is going on within the organisation, this may cause some tension as the employees may not like being watched while they are working at all time. However this benefits the organisation, by monitoring users on the computer system they can identify and prevent any threats for happening before they appear. For example if the users is on a website which houses viruses the admin can shut down the window before anything happened. This policy is very effective as it can prevent faults from occurring on the systems or network, it can also prevent theft to equipment.

This policy is great for security within an organisation however the size of the system will be large and hard to maintain and keep updated. As the organisation will have many areas which will be watched by CCTV and also all the computer systems on the network will be monitored. The cost to maintain and update the surveillance and monitoring tools will have an affected on the organisation as they will have to pay technicians to maintain the tools .

Advantage

The advantage in having this police in place is that it can reduce any physical  threats happening to the systems, as they are being monitored by CCTV. The system can also help identify and resolve threats before or after they occur. Not only can the system prevent anything happening to their systems, the system can also protect the employers working in the organisation. For example if employees are caught ignoring their duties, stealing or threaten other employees, the employers can use the footage to prosecute  rouge employees. This shows the public that the organisation cares for their employees.

Disadvantage

The disadvantage in having this policy in place is that their could be a misunderstanding among the employees as they might feel like their employees are intruding their privacy or my feel that their employers do not trust them. Employers will need to inform their employees on why they are going to introduce this policy before hand. Another drawback in this policy is that it can be very costly for the organisation to set up the system, as they will need to install cameras, computers, and software to maintain the system. They will also need a place to store all data they collect in case they need to use the clips in future references. The organisation may also need to invest in legal advice to make sure that their systems follows the privacy rights law.

Risk Management

This helps the technicians within the organisations to deal with issues quicker and stop anything worse occurring.  This provides the technicians with information about the hardware, software and other devices on the network. The program is set up so that technician can identify issues much quicker and resolve them before getting worse.

The cost of running the program, having it installed to the system, and paying technicians to maintaining the program. These are minor negatives in having this policy in place, other than that it is a great policy to have in place.

Advantage

The advantage in having the police in place is that it can reduce downtime benefiting the organisation as they can continue to provide service to the customers. This is because the issue that has occurred is dealt within sooner and also strop anything worse occurring. The policy can also prevent possible threats happening before they occur. The threats can also help them improve their systems so that the issue doesn't occur again in the future.

Disadvantage

The disadvantage in having this police in place is that it can be very costly for the organisation, as they will need to train employees to help them manage issues properly and also maintain it so that the issue doesn't occur again. The time spent training the employees to that they execute the risk management properly.

"note you may be asked to expand on some of the points, so try to add more to the assignment. Also remember not to copy word for word, as their are now software to check for plagiarism, when marking the assignment, try to complete the assignment your own way." [I am not encouraging you to copy this piece is here for educational purposes]