Throughout this report is the work of which achieved me the highest possible grade. All of my work was to distinction standard throughout the 2 year course.
BTEC LEVEL 3 UNIT 7 P1,P2,P3,P4,P5,P6,M1,M2,M3,D1,D2
Unit 4: Programming assignment 1 All criteria's complete
GET YOUR DISTECTION NOW
GET YOUR DISTECTION NOW
Todos para este libro de texto (27)
Escuela, estudio y materia
BTEC
PEARSON (PEARSON)
Information Technology 2010 QCF
Unit 7 - Organisational Systems Security
Todos documentos para esta materia (17)
Vendedor
Seguir
MatthewIT
Comentarios recibidos
Vista previa del contenido
Unit 7
Assignment 3
Employment contracts and security
Hiring policies
Within organisations a hiring policy will need to be established, this must abide to the
national employment law.
When employing new staff is it great importance to carry out a background check whereby
past employment records are gathered as well as criminal records, references and an
assessment task will also be typically set [to determine whether they are fit for the job].
Organisations usually will have a probation period in place whereby new staff are given
restricted access [until the probationary period is over], this allows time for the organisation
to establish trust with the new employee and allow them responsibility one stage at a time.
Separation of duties
To ensure an organisation doesn’t become reliant on any one member of staff with regards
to the entire security system organisations separate the duties between many team
members. The individual team members all have one critical duty to manage and a deputy,
who is also experienced in that area, is employed to cover the team member in case of
absence or departure.
The same applies to how the system is understood, in that no one individual has full
knowledge of the entire system or how each induvial element is configured. The chief
officer may have an overview of the entire system, however, they will not have a detailed
knowledge of the rules of the induvial components.
Ensuring compliance including disciplinary procedures
Employees and businesses partners who are suspected to be the cause of infringement to
the originations security system must be dealt with in a fair, confidential and legally
acceptable manner, ensuring compliance with the established disciplinary and investigation
procedures.
The person who may be suspected for being the cause of the security systems infringement
may in fact not be the perpetrator and to falsely convict someone is asking for legal action
to be taken against the organisation [leading to hefty fines from damaging the person’s
reputation].
If a staff member is the likely cause of the infringement organisations may take the
following, appropriate steps:
Suspension [whereby the employee is still payed]
An independent party recruited to investigate the matter unbiasedly
If the situation appears to be a crime – immediate involvement of the police may be
appropriate.
1|Page
Matthew Lloyd-Jones
,Unit 7
Assignment 3
On the employee’s contract [and job description] a clear definition of their roles and
responsibilities will be stated, upon this, the penalties will be listed for if the employees
breach their contractual terms.
Training and communicating with staff as to their responsibilities
While no lawful order is in place to ensure the staff of adequate training, it is expected for
the employer to train staff ensuring they will complete their job(s) acceptably. The employer
should also keep in regular contact with their staff to ensure the staff are aware of their
responsibilities.
Laws
Legislation
With the rapidly evolving computer technology of today came the ability to subvert the
rights and intellectual property of others. Within the management of organisational systems
security you will need to be made aware of the following laws:
Computer Misuse act, 1990
Copyright, Designs and Patents Act, 1988
Data Protection Acts of 1984, 1998 and 2000
Freedom of Information Act, 2000
Computer Misuse Act 1990
The Computer Misuse Act is criminal law. There are three main areas to it, effectively it
combats any known instances of hacking, access and network use.
The three main areas will be stated below:
1. Unauthorised access to computer material
i. The use of another person’s username and password to gain entry into a
computer system, use data or run a program
ii. Altering, deleting, copying, moving a program/ data or simply printing out
data with no permission
iii. Creating a way whereby you obtain a password
2. Unauthorised access to a computer system with intent to commit or facilitate the
commission of a further offence [e.g. creating a backdoor Trojan]
3. Unauthorised modification of computer material, including the distribution of
viruses, as well as the amendment of data to gain personal advantage.
Copyright, Design and Patents Act 1988
This act allows for creators of unique works the right to retain the intellectual property and
seek action for damages against those who distribute their work or steal their work and pass
it over as their own.
2|Page
Matthew Lloyd-Jones
,Unit 7
Assignment 3
The act covers the following: Music, visual media, written material [unique work], designs
which have been used to create a unique system, application, structure or machine,
software [as a whole] and unique images [such as art].
To ensure you are not the subject of legal action when using the intellectual property of
others you should quote the source [i.e. state the creator] or get their permission in writing.
Data Protection Act 1984, 1998, 2000
All of the data protection acts created are governed using eight key principles:
1. All data stored is fairly and lawfully processed
2. Any data processed is for limited and clearly defined purposes
3. The data is adequate, relevant and is concise
4. All data held is accurate and maintained
5. No data is kept longer than needed
6. Personal data is processed in accordance with the individual’s rights
7. All data held is secure
8. Data is not transferred without adequate protection
The data protection act governs the way in which personal information is to be used and
accessed; it is not limited to computer-based information.
Freedom of information Act 2000
The Freedom of Information Act allows for you to request a copy of any official information
or communication, electronic or otherwise. The act applies to the information published by
public authorities such as central and local government, the NHS, schools and things of this
nature. As a private individual you are able to apply for a copy of information on a huge
range of subjects, this may impact an organisations systems security as the information
gathered may be used as a tool to engineer knowledge and could be a potential tool for
information warfare.
The act will allow organisations to refuse the requested disclosure in the following
circumstances:
If the information is available elsewhere
Parliamentary privilege and the formulation of government policy, along with the
conduct of public affairs
Health and safety and environmental information
If the information was supplied by, or relates to an organisation dealing with security
matters
Prohibitions on disclosure in line with official secrets
Information that could affect the economy
Audit functions
If the information is to be publically published
If it would be against the interest or national security and defence
Information that regards international relations and relations within the UK
3|Page
Matthew Lloyd-Jones
, Unit 7
Assignment 3
Current investigations/ proceedings conducted by public authorities
Law enforcement and court records and information for the legal professional
Communications with the monarch and the management off honours
Personal information and information provided in confidence
Commercial interests – this applies to an organisations system security
Copyrights
To gain access to copyrighted property owned by either an individual or organisation a
license agreement is established. Copyrighted material is used by the typical person every
day whether it be for music, videos, software or published documents.
There have been a variety of different license agreements developed with regards to
software. This is due to the complexity of the software, its uses and who may benefit from
using it. Below I will discuss four license types.
Open source
The code of the software is available for the users to edit, compile and to make
recommendations. Commercial gain is based upon an agreement between both the user
and the original creator.
Freeware
The software is copyrighted by its owner yet is free to use [the people who distribute the
software or sell copies of it must ensure the owner gets his/her cut of the deal].
Shareware
Shareware is very similar to freeware, however, if you like the software, use it regularly or
intend to use it for commercial gain a fee is expected to be paid to its creator.
Commercial software
Commercial software is a program which has been both designed and developed for
licensing or sale to end users or that serves a commercial purpose.
Ethical decision making
Freedom of information versus personal privacy
In the rise of the internet there has been a positive impact on the freedom of information,
there has also been a negative impact on people’s personal privacy.
Within the UK there are websites in which you can sign up to offering a directory services
resource, combining information from the electoral roll, phone directory and postcode
information to offer services such as street maps and Google Earth Street View.
The major positive from having this facility is that people can connect to their relatives who
they never knew they have, conversely it may create opportunity for unwanted visits.
Permission issues
4|Page
Matthew Lloyd-Jones
Los beneficios de comprar resúmenes en Stuvia estan en línea:
Garantiza la calidad de los comentarios
Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!
Compra fácil y rápido
Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.
Enfócate en lo más importante
Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable.
Así llegas a la conclusión rapidamente!
Preguntas frecuentes
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
100% de satisfacción garantizada: ¿Cómo funciona?
Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MatthewIT. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for $5.48. You're not tied to anything after your purchase.
