Throughout this report is the work of which achieved me the highest possible grade. All of my work was to distinction standard throughout the 2 year course.
BTEC LEVEL 3 UNIT 7 P1,P2,P3,P4,P5,P6,M1,M2,M3,D1,D2
Unit 4: Programming assignment 1 All criteria's complete
GET YOUR DISTECTION NOW
GET YOUR DISTECTION NOW
Alles voor dit studieboek
(28)
Geschreven voor
BTEC
PEARSON (PEARSON)
Information Technology 2010 QCF
Unit 7 - Organisational Systems Security
Alle documenten voor dit vak (17)
Verkoper
Volgen
MatthewIT
Ontvangen beoordelingen
Voorbeeld van de inhoud
Unit 7
Assignment 3
Employment contracts and security
Hiring policies
Within organisations a hiring policy will need to be established, this must abide to the
national employment law.
When employing new staff is it great importance to carry out a background check whereby
past employment records are gathered as well as criminal records, references and an
assessment task will also be typically set [to determine whether they are fit for the job].
Organisations usually will have a probation period in place whereby new staff are given
restricted access [until the probationary period is over], this allows time for the organisation
to establish trust with the new employee and allow them responsibility one stage at a time.
Separation of duties
To ensure an organisation doesn’t become reliant on any one member of staff with regards
to the entire security system organisations separate the duties between many team
members. The individual team members all have one critical duty to manage and a deputy,
who is also experienced in that area, is employed to cover the team member in case of
absence or departure.
The same applies to how the system is understood, in that no one individual has full
knowledge of the entire system or how each induvial element is configured. The chief
officer may have an overview of the entire system, however, they will not have a detailed
knowledge of the rules of the induvial components.
Ensuring compliance including disciplinary procedures
Employees and businesses partners who are suspected to be the cause of infringement to
the originations security system must be dealt with in a fair, confidential and legally
acceptable manner, ensuring compliance with the established disciplinary and investigation
procedures.
The person who may be suspected for being the cause of the security systems infringement
may in fact not be the perpetrator and to falsely convict someone is asking for legal action
to be taken against the organisation [leading to hefty fines from damaging the person’s
reputation].
If a staff member is the likely cause of the infringement organisations may take the
following, appropriate steps:
Suspension [whereby the employee is still payed]
An independent party recruited to investigate the matter unbiasedly
If the situation appears to be a crime – immediate involvement of the police may be
appropriate.
1|Page
Matthew Lloyd-Jones
,Unit 7
Assignment 3
On the employee’s contract [and job description] a clear definition of their roles and
responsibilities will be stated, upon this, the penalties will be listed for if the employees
breach their contractual terms.
Training and communicating with staff as to their responsibilities
While no lawful order is in place to ensure the staff of adequate training, it is expected for
the employer to train staff ensuring they will complete their job(s) acceptably. The employer
should also keep in regular contact with their staff to ensure the staff are aware of their
responsibilities.
Laws
Legislation
With the rapidly evolving computer technology of today came the ability to subvert the
rights and intellectual property of others. Within the management of organisational systems
security you will need to be made aware of the following laws:
Computer Misuse act, 1990
Copyright, Designs and Patents Act, 1988
Data Protection Acts of 1984, 1998 and 2000
Freedom of Information Act, 2000
Computer Misuse Act 1990
The Computer Misuse Act is criminal law. There are three main areas to it, effectively it
combats any known instances of hacking, access and network use.
The three main areas will be stated below:
1. Unauthorised access to computer material
i. The use of another person’s username and password to gain entry into a
computer system, use data or run a program
ii. Altering, deleting, copying, moving a program/ data or simply printing out
data with no permission
iii. Creating a way whereby you obtain a password
2. Unauthorised access to a computer system with intent to commit or facilitate the
commission of a further offence [e.g. creating a backdoor Trojan]
3. Unauthorised modification of computer material, including the distribution of
viruses, as well as the amendment of data to gain personal advantage.
Copyright, Design and Patents Act 1988
This act allows for creators of unique works the right to retain the intellectual property and
seek action for damages against those who distribute their work or steal their work and pass
it over as their own.
2|Page
Matthew Lloyd-Jones
,Unit 7
Assignment 3
The act covers the following: Music, visual media, written material [unique work], designs
which have been used to create a unique system, application, structure or machine,
software [as a whole] and unique images [such as art].
To ensure you are not the subject of legal action when using the intellectual property of
others you should quote the source [i.e. state the creator] or get their permission in writing.
Data Protection Act 1984, 1998, 2000
All of the data protection acts created are governed using eight key principles:
1. All data stored is fairly and lawfully processed
2. Any data processed is for limited and clearly defined purposes
3. The data is adequate, relevant and is concise
4. All data held is accurate and maintained
5. No data is kept longer than needed
6. Personal data is processed in accordance with the individual’s rights
7. All data held is secure
8. Data is not transferred without adequate protection
The data protection act governs the way in which personal information is to be used and
accessed; it is not limited to computer-based information.
Freedom of information Act 2000
The Freedom of Information Act allows for you to request a copy of any official information
or communication, electronic or otherwise. The act applies to the information published by
public authorities such as central and local government, the NHS, schools and things of this
nature. As a private individual you are able to apply for a copy of information on a huge
range of subjects, this may impact an organisations systems security as the information
gathered may be used as a tool to engineer knowledge and could be a potential tool for
information warfare.
The act will allow organisations to refuse the requested disclosure in the following
circumstances:
If the information is available elsewhere
Parliamentary privilege and the formulation of government policy, along with the
conduct of public affairs
Health and safety and environmental information
If the information was supplied by, or relates to an organisation dealing with security
matters
Prohibitions on disclosure in line with official secrets
Information that could affect the economy
Audit functions
If the information is to be publically published
If it would be against the interest or national security and defence
Information that regards international relations and relations within the UK
3|Page
Matthew Lloyd-Jones
, Unit 7
Assignment 3
Current investigations/ proceedings conducted by public authorities
Law enforcement and court records and information for the legal professional
Communications with the monarch and the management off honours
Personal information and information provided in confidence
Commercial interests – this applies to an organisations system security
Copyrights
To gain access to copyrighted property owned by either an individual or organisation a
license agreement is established. Copyrighted material is used by the typical person every
day whether it be for music, videos, software or published documents.
There have been a variety of different license agreements developed with regards to
software. This is due to the complexity of the software, its uses and who may benefit from
using it. Below I will discuss four license types.
Open source
The code of the software is available for the users to edit, compile and to make
recommendations. Commercial gain is based upon an agreement between both the user
and the original creator.
Freeware
The software is copyrighted by its owner yet is free to use [the people who distribute the
software or sell copies of it must ensure the owner gets his/her cut of the deal].
Shareware
Shareware is very similar to freeware, however, if you like the software, use it regularly or
intend to use it for commercial gain a fee is expected to be paid to its creator.
Commercial software
Commercial software is a program which has been both designed and developed for
licensing or sale to end users or that serves a commercial purpose.
Ethical decision making
Freedom of information versus personal privacy
In the rise of the internet there has been a positive impact on the freedom of information,
there has also been a negative impact on people’s personal privacy.
Within the UK there are websites in which you can sign up to offering a directory services
resource, combining information from the electoral roll, phone directory and postcode
information to offer services such as street maps and Google Earth Street View.
The major positive from having this facility is that people can connect to their relatives who
they never knew they have, conversely it may create opportunity for unwanted visits.
Permission issues
4|Page
Matthew Lloyd-Jones
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper MatthewIT. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €4,92. Je zit daarna nergens aan vast.
