FACTORS TO BE TAKEN INTO ACCOUNT WHEN DESIGNING ICT SECURITY POLICIES
Transcript
Slide 1
Slide 2
FACTORS TO BE TAKEN INTO ACCOUNT WHEN DESIGNING ICT SECURITY
POLICIES
Slide 3
Lesson Objectives To understand the factors to take into
account when designing security policies
Slide 4
You are setting up a new business. Make a list of 5 things you
think you will need to think about regarding your Security
policy.
Slide 5
The factors to take into account when designing security
policies
Slide 6
Physical security This involves protecting hardware and
software using physical rather than software methods either to
restrict access to the computer equipment or the storage medium,
using physical methods (Locks, guards biometric methods)
Slide 7
Logical (software) methods User ids, passwords, levels of
access ( e.g. who can update web pages) firewalls, encryption.
Slide 8
Auditing for detection Query any transactions that are out of
the ordinary for customers, access logs
Slide 9
System Access Establishing procedures for accessing data such
as log on procedures, firewalls.
Slide 10
Personnel administration Training (including prevention of
accidental misuse), fitting the employee to the task, ensuring that
staff are controlled, staff screening.
Slide 11
A code of conduct A list of roles and responsibilities that an
employee should follow when using ICT equipment
Slide 12
Operational procedures Including disaster recovery planning and
dealing with threats from viruses, backup, updating antivirus.
Slide 13
Disciplinary procedures Warnings / dismissal / prosecutions
etc.
Slide 14
Exam Question A national bank wants to ensure that its
financial systems are secure against attack. Other than code of
conduct, describe four factors that should be included in the banks
security policy. [8]
Slide 15
Just a Minute On a scrap piece of paper write down as many
things covered today in a minute.