Successfully reported this slideshow.
You’ve unlocked unlimited downloads on SlideShare!
6.1.1 - If data is not stored
securely, there could be
consequences such as financial
costs, legal issues and loss of
6.1.2 – Consider, when developing a
security policy, Protection, Detection &
Investigation of Misuse, Company
Procedures, staff Responsibility and
Discipline & Sanctions.
22.214.171.124 – Prevention takes account of
user that makes an accidental security
breach due to lack of training or general
incompetence and also deliberate
misuse caused by hacking or other
126.96.36.199 – Serious damage can be avoided this
way. Network management personnel can
use manual methods to monitor the system.
Audit Trail software can be used to detect
188.8.131.52 – When misuse gets detected, it’s
important to do a full investigation. This
helps prevent further problems in future.
Can be internal misuse from an employee
meaning some form of discipline may be
required as well as further training.
184.108.40.206 – Physical Security, System
Access, Human Resource Issues,
220.127.116.11 – E.g. System Admin could
be responsible for system backups
and would need to follow
procedures to ensure correct
timings, data content and location of
18.104.22.168 – Staff need to know about
sanctions they may receive based on
any misdemeanour, either deliberate
or accidental. Organisations needs to
take care when writing this as it has
to comply with current employment
6.1.3 – Employees need to be aware
of how the security policy works
and affects them. Can be made alert
to security issues by: Training;
Communication; Legal Obligations.
6.2.1 – Organisation needs to identify skills required
for each role in the company. Human resources
department would keep details of current roles of the
employees, academic qualifications and previous
training courses they have attended. All this info would
be co-ordinated to determine future training needed by
individuals, which would be reviewed regularly.
6.2.2 – Courses are often
short, intense and
expensive; some costing
£500 per day. Organisation
would keep full details of
various course providers
and quality of trainings
thousands o employees to
train and invest in an in-
house training facility.
6.2.3 – Linked to training
budget, normally awarded on
annual basis. To be spent on
6.2.4 - If employee is well
trained, they will make less
mistakes and be more
efficient. Meaning less money
spent on training and more on
physical components to make
the organisation greater.
6.3.3 - Organisations consider
the disposal of their old
hardware as it is replaced with
more modern equipment and
consequently have produced a
policy to cover the issues.
6.3.2 - In projects, there are
budgets that have to be kept
within and many companies
are employing specialist
consultants to maximise their
6.3.1 - Funds can be saved by making sure that
the nessery ICT equipment or services are
delivered at the time they're needed and that
product cost is carefully negotiated. Employees
are responsible for different categories such as:
Hardware, Networking & Communication
Technology, Staff Services & Contract Labour,
Applications Software and System Software.
6.1.1 – Why a Security Policy is
6.1.2 – Factors Considered in a
22.214.171.124 – Prevention of Misuse.
126.96.36.199 – Detection of Misuse.
188.8.131.52 – Investigation of Misuse.
184.108.40.206 – Company Procedures.
220.127.116.11 – Staff Responsibility.
18.104.22.168 – Discipline & Sanctions.
6.2.1 - Skill Requirements
6.2.2 - Course Structure &
6.2.3 - Financial Issues
6.2.4 - Cost Benefit
6.3.1 - Procurement of
Equipment and Services
6.3.2 - ICT Procurement
6.3.3 - Disposal of Equipment