Security policies and guidelines:
Disaster recovery policies
A disaster recovery policy is the way in which an
organisation can protect themselves from the aftermath of a negative event. The
policy allows for the organisation to quickly and easily get back to normal
operations. This is an important part of an IT infrastructure as it means that
the organisation can be ready to respond if something negative did occur.
Updating of security procedures
A security policy is to ensure that a policy is followed
and protects private and confidential data from being leaked or have
unauthorised access. These procedures are updated; this is possibly because of
more methods of exploitation.
Scheduling of security audits
A security audit is when you examine a computer system or
network. It helps to determine how vulnerable the organisation is to negative events;
this could possibly be natural disasters or criminal malicious activity. When
this is done regularly it ensures that the chances of a disaster can be
Codes of conduct
Codes of conduct are rules and policies signed and agreed
to when someone joins a team or organisation. This ensures that the employee
knows what they can and can’t do in the organisation. Some examples are listed
Email usage policy
An email usage policy is a limit that is set for each
employee and limits how much of the email is used for conducting business and
how much is used for personal use.
Internet usage policy
The internet usage policy limits the employees to how much
their internet browsing time is used for business work. The employees can have
access to the organisation internet connection for personal use but it needs to
be well balanced between work and personal. This ensures work is being done in
The software acquisition policy means that a computer user
cannot install software on a computer without the permission of the head of
department. This may not be totally wrong, but the software that the user maybe
trying to download and install a software that could be holding a virus.
The installation policy limits what the employees can
install, it also limits and enforces how often the employees install
software’s, or drivers, etc…
This allows for an organisation to have CCTV footage at
all times, this can be controversial as some people don’t like being watched
constantly and feel the organisation doesn’t have trust in them. This policy is
mainly used for events in which they affect the workflow and organisation
practically on not digitally.
Risk management is how an organisation can measure risks
that they may encounter, this helps the organisation to be prepared if anything
negatively may affect the organisation.
Budget setting is crucial for an organisation as they can
monitor and track where their money is being spent. It also means that they can
track which department is using more money. It ensures that the organisation
can keep control of budget and be certain money is not going to waste.
Employment contracts and security
A hiring policy states the way in which a recruitment will
be done and shows the guidelines and targets needed for the selection process.
separation of duties
This is where the organisation can state what the roles
that you are performing involve and what needs to be done, it ensures that the
tasks performed within the organisation are performed by the people with the
ensuring compliance including disciplinary procedures
The is a policy which means that it affects the security
of an organisation. If employees break any rules stated in the contract which
they signed when the joined the company. If the employee does go against the
terms in the contract, then they will have disciplinary procedures for their
actions. It may possibly something that isn’t major, the consequence could be a
training and communicating with staff as to their
this policy ensures that both employee and employer treat
each other with a calm manner in the workplace. This is the responsibility of
both parties and they must explore these attitudes to each other to keep the
workplace in flowing nicely.
are laws that are considered altogether. Legislation defines the legal
principles that outline the responsibilities of the people involved.
Misuse Act 1990;
computer misuse act was passed to protect people from others accessing computer
material without permission, this would things such as files on someone else’s
computer. Also, accessing computer material without permission with the intent
of doing harm and altering the data on a computer without the permission of the
Designs and Patents Act 1988;
copyright, designs, and patents act governs how the creators of literary,
dramatic, musical and artistic works can be used by others. It protects the
author from others sharing, lending, editing, or renting their work.
and compensation requirements of Data Protection Act 1984, 1998, 2000
data protection act has 8 basic requirements. It helps to protect people’s
data. It protects data that is also stored in paper filing system. Here are the
8 basic requirements.
§ The data that the organisation is collecting should be
fairly and lawfully processed.
§ Data is processed for limited purposes.
§ They data collection is adequate, relevant and not
§ Data should always be accurate and precise. It should
always be up to date.
§ The data shouldn’t be kept by an organisation when it’s
not needed or no longer necessary.
§ The data should be processed with your rights.
§ The data must be secure with strong protection.
§ Also, when data is being transferred to other countries it
should be done with adequate protection.
Open source license
Open source licences allow for the original code for a
software other products to be used, modified, or shared under specific terms
and conditions. This allows for creators to come together to help create better
programs and software.
Freeware is software that is available to users for no fee
and the owner has all rights to it. This means that the owner/author has all
rights to modify the software, control its distribution and potentially sell or
charge for the service later on.
Shareware is software that is used by a customer or
someone for a specific time, once the time is up they don’t have access to it.
For example, Spotify Premium trial for a month, the user has access to premium
features for only one month but once the 30 days are up the user will not have
access until they pay the fee for the service for a longer/permanent period of
Computer software copyright is for business purposes, it
is created and for sale for the for commercial purposes. It could be free and
open source software that could be considered as commercial software.