Explanation on the Policies and Guidelines Employedby Industries to Manage IT Security Issues P4Security policies and guidelines:Disaster recovery policiesIn a company they will have manage their money so that oneday it can be useful in the future. So if there are disasters that are either human-basedor it is caused by natural disasters. Examples of human-based disasters areterrorist attacks, human error, worker strikes, computer viruses from hackersor accidental by employee and fires which are caused by humans. Examples ofnatural disasters are power failure if there is lots of rain, which can cause aflood and might damage the computer system. The money will enable the companyto recover any lost information with this policy.
Then they when their data hasbeen recovered they will have to make sure that the same problem doesn’t happenagain.Updating of security proceduresThis is when the computer will update normally in order toreview the security system, however updating may have an impact on the system.Therefore, it will need to be tested before it can to continue. Updating thesecurity procedures is important as they will need the new knowledge to go upagainst other potential threats that may attack the organisations computersystem.Scheduling of security auditsThe security audit is used to see if there were any serviceattacks to the computer system and it is done automatically without it beinginformed to employees of the industry. The audits are used to detect anyrecurring problems that by me a threat in the future.
So, when the problem isdistinguished they will able to improve their security, therefore there won’tbe any problems in the system again that could be threat to the industry.Codes of conductCodes of conduct is when a someone that creates a code thatwill enable contractors, employees, customers or suppliers have complete accessto your system. However, to have full access to the system they will have tosign a code of conduct. Therefore, if they were to mess up the system oranything else, they will have to take full responsibility of their actions andwill have to fix the problem themselves.Surveillance policiesWhen installing CCTV or a covert surveillance camera in anemployee’s room, it may cause them stress and make them feel uncomfortable whenin the room.
This is because their every move is being watched and willtherefore lead want them to make a complaint. So, for this not to happen theemployees you will want to have the job will have to sign a contract that theyare okay with being monitored. Risk managementThis is when you predict a risk from happening by looking atthe weather forecast. A clear example is to see if there is a weather changeand if there is going to be heavy rain, which might cause a leak or a flood,tomorrow they will have to see what they can do to stop it from damaging thesystem.
Such as having waterproof cables. This is important as it will beuseful in the future as the industry’s system will be safe from heavy rain. Butthere are more things worse than heavy rain, thus they will need more equipmentto protect the system.Budget settingsThis is to manage the budget so that your company does not gobankrupt. They will have to maintain a budget which is acceptable so it can beuseful in the future, furthermore it will include continual investing so thatthe company can have control and maintain it. For example, having to trainstaff, the cost of each audit, replacing equipment and software versions or thestaff wages connecting to the industries security system.Explanation on how Employment Contracts Can AffectSecurity P5Employment contracts and security:Hiring policiesIt is important to check you employees background as you willbe needing to trust them in having full access in the facility. For example, ifan employee had a criminal record of theft then the industry won’t trust them anywherenext to money as they will think that they might steal it.
Furthermore, otheremployees won’t feel comfortable around them and this might cause problems withthe speed of products being completed.Separation of dutiesThis is when there is an employee that is absent and willhave to be filled in with another employee to control that area and maintainthe speed, so that the company does not go behind schedule. So, this is willinclude a team where some employees will have one separate duty to manage andone deputy who will have experience of the area where the absent personcontrols.Ensuring compliance including disciplinaryproceduresThese procedures will have to be taken by every employee sothat it is fair and can be dealt is a legal acceptable manner. On the otherhand, in some occasions an employee who has been falsely accused in causing aproblem in the industry, therefore they can be suspended (with pay), anindependent group can investigate what has happened so that it can be fair.
Lastly, if the problem is crime related it will have be reported to the police.The person who has done the mistake will have to take full responsibility as inthe contract it tells the employees the role in the company and they penalty ifthey do anything else but that role. Training and communicating with staff as to theirresponsibilitiesThis is when it is expected that the employers will make surethat their staff will be given training that is related to their job and thatthe employer will talk with the staff so that they realise the responsibilitieswhen taking the job.Explanation of the Security and Privacy of Data P6Computer Misuse Act 1990This is when an individual has access to another person’susername and password to enable to have access to the computer system or anyother data. Or, by changing, removing, copying or transferring informationwithout the owner’s permission. Lastly, it can be having trap to a user inorder to obtain their password. Unauthorised modification of the computer suchas putting in a computer virus that can obtain the personal details e.
g. bankdetails. If you are caught it can lead you to imprisonment.Copyright, Designs and Patents Act 1988This is when you use the authors work without permission asyour own.
The illegal acts (acts against the law) involve, music, videostreaming, written work (which is any text from a person’s website, also knownas plagiarism), any game software or any other kinds of software. Finally,images that are used as your own without the permission of the owner is illegalso you will need an all rights agreement.Privacy and compensation requirements of DataProtection Act 1984, 1998, 2000These acts a controlled by 8 principles:1.
Allinformation is processed fairly2. Anyinformation is processed for important reasons3. Theinformation will have to be useful to the company4. Allinformation will have to be important5. Informationis not kept for long periods of time6. Anypersonal information will have to be accepted by the individual7. All theinformation is protected8.
None of theinformation can be transferred with it being secure.Copyright· Opensource- This license allows users to use the source code to edit,compile and suggest improvements. This is all done under defined terms andconditions. This license is backed up by GNU (Operating System) which will thensecure the copyright of the original designer. · Freeware- This is asoftware which doesn’t need to be paid for.
However, you cannot duplicate it ordistribute it without discussing financial modifications to the author, if youdon’t have the author’s permission it will be illegal. · Shareware- This is atype of software as well and it is similar to freeware. It is free for userswho are allowed to share duplicates of the program. But if users use it for commercialgain they will have pay fees to the author. Shareware are commonly downloadedfrom a website or a magazine freebie. · Commercialsoftware- This is a software which is developed for commercial or salereasons.
This can be open source software or proprietary software (where aperson gets property rights e.g. copyright of the source code)