Slide 1

Slide 2

FACTORS TO BE TAKEN INTO ACCOUNT WHEN DESIGNING ICT SECURITY POLICIES

Slide 3

Lesson Objectives To understand the factors to take into account when designing security policies

Slide 4

You are setting up a new business. Make a list of 5 things you think you will need to think about regarding your Security policy.

Slide 5

The factors to take into account when designing security policies

Slide 6

Physical security This involves protecting hardware and software using physical rather than software methods either to restrict access to the computer equipment or the storage medium, using physical methods (Locks, guards biometric methods)

Slide 7

Logical (software) methods User ids, passwords, levels of access ( e.g. who can update web pages) firewalls, encryption.

Slide 8

Auditing for detection Query any transactions that are out of the ordinary for customers, access logs

Slide 9

System Access Establishing procedures for accessing data such as log on procedures, firewalls.

Slide 10

Personnel administration Training (including prevention of accidental misuse), fitting the employee to the task, ensuring that staff are controlled, staff screening.

Slide 11

A code of conduct A list of roles and responsibilities that an employee should follow when using ICT equipment

Slide 12

Operational procedures Including disaster recovery planning and dealing with threats from viruses, backup, updating antivirus.

Slide 13

Disciplinary procedures Warnings / dismissal / prosecutions etc.

Slide 14

Exam Question A national bank wants to ensure that its financial systems are secure against attack. Other than code of conduct, describe four factors that should be included in the banks security policy. [8]

Slide 15

Just a Minute On a scrap piece of paper write down as many things covered today in a minute.