1 / 10

13.6 Legal Aspects

Learn about the need for a corporate IT security policy, its role in an organization, legal aspects, and methods to improve awareness. Explore prevention, detection, investigation procedures, staff responsibilities, and disciplinary actions.

robertmsmith
Download Presentation

13.6 Legal Aspects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 13.6 Legal Aspects Corporate IT Security Policy

  2. Objectives • Understand the need for a corporate information technology security policy and its role within an organisation. • Factors could include prevention of misuse, detection, investigation, procedures, staff responsibilities, disciplinary procedures. • Describe the content of a corporate information technology security policy. • Describe methods of improving awareness of a security policy within an organisations, cross-referencing to training and standards

  3. What do I need to know? • There are many legal considerations which regulate the use, by companies, of IT equipment, programs and data. • In this section we will look at the way legislation influences the way that organisations operate. • We will also look at security problems raised by these legal problems along with what companies can do to make staff aware of the need for security and what action organisations can take to minimise loss.

  4. Legislation • Some laws are specifically aimed at the use of IT. Name the laws an IT professional should know about:

  5. IT systems are vulnerable to two threats: • Accidental • Deliberate

  6. Can you define… • Malpractice • Bad practice • Against the organisations code of practice • Usually by an employee within the organisation • Crime • Crime is concerned with illegal activities • Usually occurs from outside of the organisation • Actions that are unauthorised

  7. Corporate Information Technology Security Policy • A document covering all aspects of security within an organisation. • It also contains conditions and rules that need to be obeyed by all staff. • It should be produced by and have backing of senior management and directors

  8. IT Policy Statement • Covers all aspects of computer operations • All users are expected to read and sign • Some companies also include training: • DPA • Computer Misuse Act • Raise awareness of threats

  9. Corporate IT Security Policy • Should address: • Prevention of misuse • Detection (through regular checking) • Investigation (through monitoring and audit) • Procedures used to prevent security problems (unauthorised access) • Staff responsibilities (to prevent misuse) • Disciplinary procedures. (for breaches of security)

  10. Methods of Improving Awareness of ICT Security Policy • Induction Training • Staff Access to Guidance • Full staff meeting • Training • A leaflet distributed to all staff • Policy posted on Intranet or bulletin board • Posters displayed throughout the building • Emails sent to all staff

More Related