Unit 48 IT Security Management

Quick Upload

Introduction


Aim

The aim of this unit is to provide an understanding of IT security management to enable learners to manage organisational security.

Unit abstract

This Unit 48 IT Security Management deals with the management of an organisation’s security. This involves controlling access, regulating use, implementing contingency plans and devising security policies and procedures. Breaches in security may be caused by human actions, accidental, malicious or negligent, or through incorrect installation, configuration or operation. Physical security management involves regulating the access to the computers, network devices, databases etc by physical means such as securing buildings from unauthorised access, prevention of loss or damage due to weather, fire and water ingress. Consideration must also be given to alternative sources of supply of hardware, software, power, telecommunications and suitable buildings to allow the organisation to continue after a disaster has occurred (disaster recovery planning). Human resource management is also an important topic as regards the management of security. It allows for the selection of roles and responsibilities and the associated documentation of organisational procedures based on current legislation and standards.

Learning outcomes


1 Understand risks to IT security

  • Risks: types eg unauthorised use of a system without damage to data, unauthorised removal or copying of data or code from a system, damage to or destruction of physical system assets and environment, damage to or destruction of data or code inside or outside the system, naturally occurring risks
  • Organisational security: procedures eg data, network, systems, operational impact of security breaches, web systems, wireless systems

2 Understand mechanisms to control organisational IT security

  • Risk assessment: potential loss eg data, intellectual property, hardware and software; probability of occurrence eg disaster, theft; staff responsibilities
  • Data protection: government regulations eg Data Protection Act 1998, Computer Misuse Act ; company regulations: eg site or system access criteria for personnel; anti-virus software; firewalls, basic encryption techniques; operational continuity planning; back-up procedures
  • Physical security: types eg biometrics, swipe cards, theft prevention

3 Be able to manage organisational security

  • Organisational security: policies eg system access, access to internet email, access to internet browser, development/use of software, physical access and protection, 3rd party access, business continuity, responsibility; controlling security risk assessments and compliance with security procedures and standards eg ISO/IEC 17799:2005 Information Technology (Security Techniques – code of practice for information security management); informing colleagues of their security responsibilities and confirming their understanding at suitable intervals
  • Security: tools eg user logon profiles to limit user access to resources, online software to train and update staff, auditing tools to monitor resource access
  • Security audits: gathering and recording information on security; initiating suitable actions to deal with identified breaches of security (see also Human resource issues below); scheduling of security audits; defining requirements for security audits
  • Human resource issues: staff rights and responsibilities; coping with disaffected staff eg disciplinary procedures in the event of identified security breaches

Resources


Books

Alexander D et al – Information Security Management Principles (BCS, 2008) ISBN-13: 978- 1902505909

Beekman G – Computer Confluence Complete: and Student CD (Prentice Hall, 2005) ISBN 1405835796

Tipton H – Information Security Management Handbook: v. 4 (Auerbach Pubs, 2010) ISBN-10: 1439819025

Websites

www.acm.org – Association of Computing Machinery

www.bcs.org – British Computer Society

www.bsa.org.uk – Business Software Alliance

www.fast.org.uk – Federation Against Software Theft

www.ico.gov.uk – Information Commissioners Office

Our Features
  • FULL TIME EXPERTS
  • BEST QUALITY WORK
  • TALK TO SUBJECT EXPERT
  • PLAGIARISM FREE
  • PART PAYMENT OPTION
  • DELIVERY BEFORE DEADLINE
Recent Reviews
Maria Thomson
5

My database assignment received before the deadline given...


Abbie Woods
4

My HRM assignment was good quality and plagiarism free. I...


Sadhana Sinha
5

Thank you OZ Assignment help, Thank you for your support ...



Related Subjects
Related Assignments
Related Solutions

Related solutions yet to come.

Happy Students Testimonials