Unit 7: Organisation
System security
P4: Explain the
policies and guidelines for managing organisational security issues
D2: Evaluate the
security policies used in an organisation
In this task
I am going to be explaining the policies and guidelines that have been put in
place to manage organisation system security, I am also going to be evaluating
the security policies in an organisation and lastly I will create a security
policy for my project. There are many there are many guidelines and policies
that have been put in place to manage organisation system security, they
include being:
·
Disaster
recovery policies
·
Updating
security procedures
·
Scheduling
of security audits
·
Codes
of conducts
·
Surveillance
policies
·
Risk
management
·
Budget
setting
Disaster recovery policies
This is a
plan which is put in place if something goes wrong in an organisation for
example if there is a fire and it has destroyed everything in an organisation
then they will need have a back plan of what they need to do in order to make
everything fine again. If this is not in place then the organisation might have
to close down or start again, this will make them lose a lot of money and also
have a bad reputation from their clients because they lost their vital
information and data.
Evaluation of Disaster recovery
policy
In my
opinion I believe that having this security measure is vital for every
organisation this is because if something terrible happens to the organisation
then they would have a back up plane which will see them back to business, but
not having this security procedure might make the organisation lose a lot of
money and they might also have a bad reputation because the clients might not
trust them with their information. So this is why I believe that having this is
really important security measure for the organisation to have.
Updating security procedures
It is really
important for the organisation to do this security measure, because the change
in IT comes a really rapid speed so the organisation will need to be up to the
rapid change so that they can implement new security procedures in their organisation
for example if there is a new security procedure like eye scan then the
organisation will need to be updating their security measures to achieve their
new procedure which is the eye scan. To do this the organisation will need to
have certain guidelines that the employees will need to meet like updated
research on the latest security measures.
Evaluation of Updating of security
procedures
In my
judgement I believe that this procedure needs to be updated regularly due to
the rapid change in the environment of information technology, this will help
the organisation such as NewVic to stay safe and keep their data safe as well.
Doing this may cost the organisation money but I believe that the cost will be
worth it because it will safe guard their data from being access by an unauthorised
personal. So this is why I believe this is another important procedure to have
in place for the organisation.
Scheduling of security audits
This is when
security checks need to be implemented on things like, computer hardware,
software’s and physical protection for example the organisation will need to
make sure that there hardware is secure by locks like servers and software’s
need to checked so that they don’t contain viruses. These checks need to be
regularly scheduled by the organisation so that if there are any potential
threats that are about to occur like viruses can be dealt with quickly, so that
it doesn’t impact the organisation.
Evaluation of Scheduling of security
audits
I believe
that doing this security measure will have less or no impact on the
organisation if they are doing it regularly because if there are any chances of
any security threats then they can be dealt with by the organisation. But if
they are not regularly scheduling these security audits then this will lead to
the organisation to face many problems like viruses occurring from software’s.
So this is why I believe that it is essential for organisation to keep on
scheduling security audits to maintain their security.
Codes of conduct
These are
really important and apply to all employees who are working in the organisation
because if the employees don’t follow the guidelines which have been set by the
organisation then it will lead to a security alert which can banned the
employee from accessing certain features of the organisation. Code of conduct
can include being:
Use of
email: the employees might not allow to say certain words or might be
restricted to sending email to another user who is not part of the organisation.
Internet
usage policy: this is when the organisation might not be able go on certain
websites. These websites can be social networking sites, adult sites and etc.
Software acquisition:
This is when the employee is restricted to access the certain software. This
can be because of legal issues and might be dangerous to use.
Installation
policy: this is when the download of external software which are not safe and
may not be allowed to download for example software which need licence might
not be legal to download may not be allowed by the organisation.
Evaluating code of conduct
In my
judgement I believe that this is another most important aspect when it come to
security issues. This is because it will restrict access to things that are not
allowed to be done to make the network and the environment of work a better
place for instance if the employee was allowed to go and send messages via
email to another user who is not within the organisation then they may leak
important details regarding organisational matters. Another reason why I
believe this is important is because it saves organisation money since the
employees are not allow to download software, if they did then the organisation
might have to pay for the licensing of the software. So this is why in my
judgment this is a good security measurement in place to have for the
organisation.
Surveillance policies
These are
put in place so that the organisation can see what is happening around the
organisation for example cameras in an organisation are used to see what is
happening around the organisation. This policy is a law that needs to be
implemented to every organisation so that they can monitor their surveillance
camera 24 hours. If there was a break in an organisation then they will be able
to monitor the situation of what is happening and who was involved.
Evaluation of Surveillance policy
In my
opinion this is a really important policy to be implemented by the
organisation, as I believe that having this will increase security dramatically
in an organisation. This is because the intruders will have to be alerted and
they might not try to break in the organisation. The other reason why I believe
this is important security feature is because it will allow the organisation to
monitor the situation for example what the employees are doing. This is why I
believe in my judgment this is a really important security measure to have in
the organisation.
Risk Management
This is a
security guideline measure that the organisations need to be implemented because
if it is not then employees might be hurt and can risk there life for example
if the organisation don’t have certain signs up like “wet floor” and the
employee might slip, hurt them self’s and they may need first aid attention. This
can also be included in a financial department in other words the organisation
might need to make a plan if there is a financial problem. All the information
that is in risk management will need to be put or recorded in a document. This
can be a security issue due to the financial plan being misplaced and may alert
security action to be taken.
Evaluation of Risk Management
I believe
that risk management is an important aspect of security policy, this is because
this shows that the risk management documentation will need to be stored in a
safe place to avoid being lost or stolen, to do this the organisation will need
to have some procedures like passwords and authentication needed in order to
prevent it from being lost or stolen. The other reason is that if the employees
don’t follow the guidelines set then the employees might face security actions
like being excluded from accessing the risk management documentation. This is
why this is an important security policy for the organisation to have.
Budget setting
This is when
the organisation is trying to upgrade equipment by purchasing, this can be have
a time set of when they want to do this for example it can be once every year
or once every four years. This can include hardware that may improve
performances of the computer and also hardware, which will improve security
like more protected server. This can also be software related to improve
security by the organisation purchasing security software like password
protection software in order to improve the security further.
Evaluation of budget setting
My judgment
of this is that it allows the organisation to keep up their security measure by
purchasing new software and hardware. This makes the organisation less
vulnerable from security attacks like hacks. This might cost organisation money
but I believe that client data is more valuable then extra money for the
organisation because they will need to spend in buying that data. So this is
why I believe that this will be an essential security measure for the
organisation to have.
I am now going to be creating a
security policy for my maths project
Disaster recovery policy
In this my
group will need to make sure that we all have are data and also are data is
stored in cloud computing using drop box. So if anyone of us loses the data
then the other person might have the data and also the data or the project
files will be stored on cloud computing which we are using.
Codes of conducts
For this
security policy we will make not copy and paste information and we will not leak
are information via email to our friends and family.
Risk Management
This
security policy will ensure that my group fills out a report if they fail
deliver the work on time as this will show how my group will overcome that
risk.
Budget setting
This security
measure will be put in place to set are targets so that we don’t go over budget
when purchasing extra storage on cloud computing.
These are
the security policy that will be put in place for my maths project group.
