Unit 07 – Organisational Systems
Security
ASSIGNMENT 3: REVIEWING THE ISSUES
Policies, guidelines and employment contracts used to
manage IT security issues
Disaster recovery policies
These rules are described as a strategy that is carried out in a business in the event of an emergency. A
disaster recovery plan might state, for instance, that Rockin Records has had an earthquake, fire, or
flood. Rockin Records must adhere to the recovery policy plan, which is a backup strategy. The backup
will stop the organisation from losing its valuable data. Rockin Records must have a procedure in place
for regularly creating backups of all the data and this data must be stored off site.
Updating of security procedures
To ensure that all of Rockin Records' servers and software are running smoothly and without errors,
Rockin Records must download the most recent server updates every four weeks. The most recent
Windows update guarantees that everything on the server is safe, up-to-date, and working properly.
Updating their antivirus software is another item a business should think about. By avoiding unwanted
threats like viruses, trojans, and malware from affecting the company's network and causing further
harm, this will benefit the business. Rockin Records will finally be updated to the most recent version,
which will be used since it will be software versions that will provide them extra ones and also fix any
features that were on the system prior to updating it that had flaws. If it isn't updated, hackers can enter
the user's computer and steal data or upload viruses to Rockin Records.
Scheduling of security audits
There is a schedule for security audits when security needs to be integrated into things like computer
hardware, software, and physical security. When a company locks its servers behind a door that can only
be opened with an RFID card, it is demonstrating physical security. This prevents unauthorised access.
The company must ensure that the software's content is clear of viruses. Rockin Records should have a
set of guidelines to assess things against if dangerous dangers are converging so they can halt them
before they get worse and start to hurt the company. The audit review is necessary as a result of
changes to the business' infrastructure, such as a move by Rockin Records, the installation or upgrading
of a new system, or the use or updating of a new application. After updating the operating system (OS)
or installing a new OS. Rockin Records must perform a security audit every three months and at the very
least a basic check each month to be safe to check for n
Codes of conduct
o email usage policy
Anyone at Rockin Records who needs access to the network must sign a statement acknowledging their
understanding of the corporate code of conduct. For a contract to be enforceable in court, it must be
, made orally. To ensure that it covers everything, the contract must have a variety of restrictions. To
specify what purposes employees may use email in the workplace and what kinds of files they may
receive or send, this policy should include email usage guidelines.
o Internet usage policy
All Rockin Records staff members are required to abide by the Internet Use Policy as well. No employee
shall access any websites that are improper for work, include unlawful material, or are virus-infected,
according to the first Internet usage policy. Viral infections quickly and uncontrolled spread throughout
all desktops and computers, causing data loss or harm to information that is held for both customers
and the organisation. Another guideline states that no employee may visit social networking websites
like Facebook or Instagram or play games on the Internet while at work. Rockin Records will act to
reduce and limit the employee's internet access after finding out about it in the audit logs the company
keeps. Another guideline is that no employee may unlock firewall settings, which protects against
viruses and Trojans that could destroy the business. An additional restriction is that no employee should
change a browser's settings because doing so could expose them to responsibility and cost a lot of
money to fix because the settings can be changed to fit the demands of the department head.
o Software acquisition
The purchase of software is another type of policy that should be followed in any firm. All Rockin
Records personnel are required to abide by this policy, and it must be watched over. The most
significant or crucial regulation or policy is this method. This is since the guide outlines the software
installation process on computers within an organisation. No employee shall use any software or
programmes that are not properly licenced, according to the first rule. If an employee is observed doing
this, their access to the workplace may be blocked. This is because when they download unauthorised
software, they put the company at risk because the software could be contaminated with viruses or
Trojan horses that can ruin data and disrupt the system. The possibility of a hacker infiltrating the
system and making changes remotely is also very real. Utilizing legally obtained software that has been
extensively examined, verified to be bug-free, and given the go-ahead for use by companies, institutions,
or organisations is the only solution as a result. that may cause data and the system harm.
o Installation policy
When unapproved computer software and programmes, including files downloaded and opened via the
Internet, are installed, security flaws can proliferate quickly and easily. Unauthorized software, including
those offered by reputable companies and well-known suppliers, may be infected with Trojan horses
and other malware that helps hackers steal critical information. This procedure's essential component,
the following software installation policy, focuses on safeguarding Rockin Records' computers, systems,
data, and communications from unauthorised access and averting data loss.
The purpose of this policy is to ensure that every employee, temporary employee, and volunteer is
aware of the exact requirements for installing and using software, programmes, and applications on
company-provided computers, systems, and networks and that they agree to abide by them.
Surveillance policies
Policies governing surveillance are used when employees of a corporation are observed.
Installing a security camera system allows Rockin Records to keep an eye on all activity and
