Unit 7
Assignment 3
Employment contracts and security
Hiring policies
Within organisations a hiring policy will need to be established, this must abide to the
national employment law.
When employing new staff is it great importance to carry out a background check whereby
past employment records are gathered as well as criminal records, references and an
assessment task will also be typically set [to determine whether they are fit for the job].
Organisations usually will have a probation period in place whereby new staff are given
restricted access [until the probationary period is over], this allows time for the organisation
to establish trust with the new employee and allow them responsibility one stage at a time.
Separation of duties
To ensure an organisation doesn’t become reliant on any one member of staff with regards
to the entire security system organisations separate the duties between many team
members. The individual team members all have one critical duty to manage and a deputy,
who is also experienced in that area, is employed to cover the team member in case of
absence or departure.
The same applies to how the system is understood, in that no one individual has full
knowledge of the entire system or how each induvial element is configured. The chief
officer may have an overview of the entire system, however, they will not have a detailed
knowledge of the rules of the induvial components.
Ensuring compliance including disciplinary procedures
Employees and businesses partners who are suspected to be the cause of infringement to
the originations security system must be dealt with in a fair, confidential and legally
acceptable manner, ensuring compliance with the established disciplinary and investigation
procedures.
The person who may be suspected for being the cause of the security systems infringement
may in fact not be the perpetrator and to falsely convict someone is asking for legal action
to be taken against the organisation [leading to hefty fines from damaging the person’s
reputation].
If a staff member is the likely cause of the infringement organisations may take the
following, appropriate steps:
Suspension [whereby the employee is still payed]
An independent party recruited to investigate the matter unbiasedly
If the situation appears to be a crime – immediate involvement of the police may be
appropriate.
1|Page
Matthew Lloyd-Jones
, Unit 7
Assignment 3
On the employee’s contract [and job description] a clear definition of their roles and
responsibilities will be stated, upon this, the penalties will be listed for if the employees
breach their contractual terms.
Training and communicating with staff as to their responsibilities
While no lawful order is in place to ensure the staff of adequate training, it is expected for
the employer to train staff ensuring they will complete their job(s) acceptably. The employer
should also keep in regular contact with their staff to ensure the staff are aware of their
responsibilities.
Laws
Legislation
With the rapidly evolving computer technology of today came the ability to subvert the
rights and intellectual property of others. Within the management of organisational systems
security you will need to be made aware of the following laws:
Computer Misuse act, 1990
Copyright, Designs and Patents Act, 1988
Data Protection Acts of 1984, 1998 and 2000
Freedom of Information Act, 2000
Computer Misuse Act 1990
The Computer Misuse Act is criminal law. There are three main areas to it, effectively it
combats any known instances of hacking, access and network use.
The three main areas will be stated below:
1. Unauthorised access to computer material
i. The use of another person’s username and password to gain entry into a
computer system, use data or run a program
ii. Altering, deleting, copying, moving a program/ data or simply printing out
data with no permission
iii. Creating a way whereby you obtain a password
2. Unauthorised access to a computer system with intent to commit or facilitate the
commission of a further offence [e.g. creating a backdoor Trojan]
3. Unauthorised modification of computer material, including the distribution of
viruses, as well as the amendment of data to gain personal advantage.
Copyright, Design and Patents Act 1988
This act allows for creators of unique works the right to retain the intellectual property and
seek action for damages against those who distribute their work or steal their work and pass
it over as their own.
2|Page
Matthew Lloyd-Jones
Assignment 3
Employment contracts and security
Hiring policies
Within organisations a hiring policy will need to be established, this must abide to the
national employment law.
When employing new staff is it great importance to carry out a background check whereby
past employment records are gathered as well as criminal records, references and an
assessment task will also be typically set [to determine whether they are fit for the job].
Organisations usually will have a probation period in place whereby new staff are given
restricted access [until the probationary period is over], this allows time for the organisation
to establish trust with the new employee and allow them responsibility one stage at a time.
Separation of duties
To ensure an organisation doesn’t become reliant on any one member of staff with regards
to the entire security system organisations separate the duties between many team
members. The individual team members all have one critical duty to manage and a deputy,
who is also experienced in that area, is employed to cover the team member in case of
absence or departure.
The same applies to how the system is understood, in that no one individual has full
knowledge of the entire system or how each induvial element is configured. The chief
officer may have an overview of the entire system, however, they will not have a detailed
knowledge of the rules of the induvial components.
Ensuring compliance including disciplinary procedures
Employees and businesses partners who are suspected to be the cause of infringement to
the originations security system must be dealt with in a fair, confidential and legally
acceptable manner, ensuring compliance with the established disciplinary and investigation
procedures.
The person who may be suspected for being the cause of the security systems infringement
may in fact not be the perpetrator and to falsely convict someone is asking for legal action
to be taken against the organisation [leading to hefty fines from damaging the person’s
reputation].
If a staff member is the likely cause of the infringement organisations may take the
following, appropriate steps:
Suspension [whereby the employee is still payed]
An independent party recruited to investigate the matter unbiasedly
If the situation appears to be a crime – immediate involvement of the police may be
appropriate.
1|Page
Matthew Lloyd-Jones
, Unit 7
Assignment 3
On the employee’s contract [and job description] a clear definition of their roles and
responsibilities will be stated, upon this, the penalties will be listed for if the employees
breach their contractual terms.
Training and communicating with staff as to their responsibilities
While no lawful order is in place to ensure the staff of adequate training, it is expected for
the employer to train staff ensuring they will complete their job(s) acceptably. The employer
should also keep in regular contact with their staff to ensure the staff are aware of their
responsibilities.
Laws
Legislation
With the rapidly evolving computer technology of today came the ability to subvert the
rights and intellectual property of others. Within the management of organisational systems
security you will need to be made aware of the following laws:
Computer Misuse act, 1990
Copyright, Designs and Patents Act, 1988
Data Protection Acts of 1984, 1998 and 2000
Freedom of Information Act, 2000
Computer Misuse Act 1990
The Computer Misuse Act is criminal law. There are three main areas to it, effectively it
combats any known instances of hacking, access and network use.
The three main areas will be stated below:
1. Unauthorised access to computer material
i. The use of another person’s username and password to gain entry into a
computer system, use data or run a program
ii. Altering, deleting, copying, moving a program/ data or simply printing out
data with no permission
iii. Creating a way whereby you obtain a password
2. Unauthorised access to a computer system with intent to commit or facilitate the
commission of a further offence [e.g. creating a backdoor Trojan]
3. Unauthorised modification of computer material, including the distribution of
viruses, as well as the amendment of data to gain personal advantage.
Copyright, Design and Patents Act 1988
This act allows for creators of unique works the right to retain the intellectual property and
seek action for damages against those who distribute their work or steal their work and pass
it over as their own.
2|Page
Matthew Lloyd-Jones
