CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2"

Transcription

1 CP3043 Social, Legal and Professional Aspects of Computing Mr Graham Brown Assessment 2 Colin Hopson Wednesday 16 th April 2008 i

2 Contents 1 Introduction The Bridgeway Building Society Overview of Requirements The Risk Assessment Assessment of Risks Application of Relevant Ethical Theories Analysis of Professional Codes Legal Issues and Legislation Summary and Evaluation Conclusion Appendix I: Security Overview Diagram... 6 ii

3 1 Introduction 1.1 The Bridgeway Building Society The Bridgeway Building Society is a small, financial organisation that serves the town of Aberford. It employs fifteen staff in its office and has a number of agencies with professional and financial service intermediaries. Customer information is stored on a server for a local computer network. Presently customers phone or visit the branch to conduct financial transactions. Future business plans are to implement internet banking to savers and borrowers, along with providing financial services; such as mortgage payment, insurance, etc. These are to be implemented through three phases. 1. Promotion of the business by electronic advertising. 2. Enable existing and potential customers to enquire about products and services online. 3. Enable online transactions to savings and mortgage accounts. 1.2 Overview of Requirements The requirements detailed by the Bridgeway Building Society firstly raise a number of issues. The first and main concern is the welfare of its customers, employees and agencies; secondly the finance to implement the project, and thirdly their reliance on other organisations to maintain the internet network. 2 The Risk Assessment The purpose of this assessment is to outline the risks that this project presents. The report is separated in to four different categories, but mainly concentrates on the assessment of risks. 2.1 Assessment of Risks Firstly, the Bridgeway Building Society must recognise the consequences of implementing the project, or on the other hand, analyse their situation if no progress is made. Advantages must be compared against the risks in order to justify the best course of action. There are numerous advantages for going ahead with the project. Primarily the organisation will benefit from introducing new products and expanding current services, as these will stride the company ahead of competitors and produce future revenue. Choosing not to implement the new technology may leave the organisation uncompetitive and may even effect its future survival. However, if the company only serves local town residents, is there any threat from competition in that area? Another influential factor is comparing financial cost against financial gain. As the company currently serves just a small community, can the rewards justify the expenditure risk that the project may entail? Failure to provide a consistent business practice during installation could effect company reputation and raise legal issues. It will not only require the purchase and maintenance of resources, but involves 1

4 upholding a high level of security for customers and to its employees. The level of external threats will be significantly increased by the introduction of internet connectivity, leaving data more vulnerable to misuse or corruption. It is therefore important that employees are educated about, and become aware of, internal security measures. This is likely to impose more pressure on management in order to administer and organise staff accordingly. It will no doubt require that staff adhere to increased safety and security constraints which will probably require extra training and compliance. This in itself may impose problems with employees, as they may feel enforced to comply with new rules and regulations. Employees may become segregated and/or feel dejected, whereas others may be promoted by the action. The necessity of employee training may also effect staff moral and productivity, plus test their loyalty to the organisation. The organisation will notably become reliant on supplies and services provided by external companies, especially those responsible for internet telecommunications plus computer hardware and software. As these companies will be required to provide advice and consultation, it may be wise to employ an internal computer professional (system administrator) who is familiar with the system and therefore can identify and respond to threats. This employee can report network vulnerabilities to the external company and generally keep the system up-to-date with the latest upgrades and software patches. It may be the responsibility of this system administrator to configure filtering that will reject virus-laden and spam as well as recognise that the company website is liable to phishing attacks by hackers. It is imperative that all companies, especially ones who process client information, uphold integrity and endorse confidentiality. As the integrity and privacy of customer and employee data is precedence, user access will need to be controlled depending on employee roles, which are derived by usernames. Authorisation and authenticity of staff can be maintained by using identification cards and the introduction of electronic door access. However, it will be necessary for management to educate staff about the new security requirements, such as the regular change of user passwords. To maintain confidentiality to information stored on databases and to ensure the availability of the proposed services, a number of requirements will be necessary; Secondary electrical power supply and telecommunication link Frequent database back-ups and off-site storage and/or encrypted transfer Monitoring and use of external staff utilities, such as memory sticks Hierarchy of data access rights for authentication and confidentiality Exclusive hardware firewalls and security suite (anti-virus) software Encryption techniques and filtering (spam) It is conclusive that the resource most frequently at risk, will be internet connectivity, therefore it is essential that the last three points are implemented. Other security issues include fire precautions, health and safety standards, staff dismissal, employee vetting and/or monitoring. Appendix I: Security Overview is a diagram showing the security requirements for the project with an indication to the frequency of external and internal threats (scaled 1 to 10) and the impact they pose (colour coded). It shows the increase of threats and the impact they pose as the project phases progress. 2

5 2.2 Application of Relevant Ethical Theories The first phase that the company wish to implement (the electronic advertising promotion) conveys an egoistic attitude (focus on self interest), but it is in the interest of the company and to its employees, to stay competitive. The second phase should promote utilitarianism (greatest good for greatest number), giving existing and potential clients increased service and access to products as well as sustaining staff employment. The third phase requires the company to ethically maintain customer data and uphold privacy. For this, the new company website will need to secure client s online transactions, usernames and passwords. The company should keep business competence and recognise the balance of ethical liabilities to clients, employees and financial intermediaries (deontology). By providing training and upholding Health and Safety standards, the company demonstrates its loyalty and moral duty to its employees as well as an emphasis on the Social Contract Theory. However, Kantianism and the social contract theory may spotlight the individual decisions made by the system administrator, as he must consider all affected parties in consequence of his actions. One of the fundamental liabilities that the company must balance is client and employee privacy, although it can be argued that secrecy promotes anti-social behaviour and concealment to cause harm. The ethical importance of privacy is found in numerous scenarios that the project may create, such as online usernames and passwords, savings and mortgage account numbers, personal information, etc. 2.3 Analysis of Professional Codes It will be required by company employees to conform to professional codes of conduct outlined by the British Computer Society (BCS). The company has correctly initiated a professional attitude by incorporating advice and consultation from specialist personnel. However, it is important during and after project implementation that the company continues to illustrate to its employees the correct methods of sustaining professional conduct. This may require that management demonstrate the best practice and behaviour between work colleagues and uphold the golden rule treat people in the way you want them to treat you. The company also has an obligation to the public interest and employees will be responsible for keeping client information integral, confidential and secure. This is likely to affect managerial roles, especially the system administrator. The company also has a moral duty to the relevant society. On this occasion the business profession is finance and the Information Technology sector. Its duty to these professions, require that the business uphold the standards and practice found in modern banking and finance. The implementation of the project will also portray good professional competence for the business and proves it can modernise and incorporate practice in the best interest of its customers. 3

6 2.4 Legal Issues and Legislation Although the company currently stores and processes client information on the local network, the introduction of internet connectivity will impose more risk to electronically stored data. Conformity to the eight principles of the Data Protection Act (1998) will be dramatically increased. Client information must be kept up-to-date and accurate without accidental loss, damage or destruction; timely used for its original purpose; be adequate, relevant and not excessive; processed fairly and lawfully, etc. It may become a necessity for employees to complete annual compliance testing and/or Data Protection Act (DPA) questionnaires. Employees must also be aware of the Computer Misuse Act (1990). Although aimed toward attacks from computer hackers, masquerading, worms and viruses, etc.; it can also impede employees, who without an intention to commit an offence, may breach the Act. Advancements in technology may cause argument between what is identified as an offence, but recent legislation has been introduced to contend with these. Whistle-blowing is used in modern practice to identify persons who may use the internet to commit fraud or illegally transfer funds (Fraud Act 2006). People adopting another person s identity to commit illegal activities breaches the Identity Theft and Assumption Deterrence Act. Employees must be made aware of the proper use of the internet and . The Electronic Communications Act (2003) makes it illegal to intercept telephone conversations, , plus similar data transmissions. The company s phase to promote the business by electronic advertising could indeed infringe the this Act, as promotions must comply with client consent. Website forms should offer the availability to opt-in for promotions, questionnaires or canvassing, as this depicts the ethic of harm minimisation. Employees leaving or that are dismissed may be prone to breach of law and close monitoring of them may be necessary. However this may infridge their human rights, Human Rights Act (1998). Employees will be subject to regulations depicted by Health and Safety Legislation (1999), as more use of internet activity will increase screen operation. The company may need to offer free eye tests as well as provide special provisions for the disabled through the Disability Discrimination Act (1995). One more point brings attention to the liability of external companies, especially the software providers, as these must be reliable and provide services under the Supply of Goods and Services Act (1982). 3 Summary and Evaluation The project affordability must be analysed as it entails implementing resources of both human and technological. Security and data integrity are the main concerns along with change to the working environment and the need for training. Reliance and dependability of external companies may raise some concern, especially for an internet service provider may host the company website. 4

7 4 Conclusion The major concern that this project initially presents, lie with the company s moral and professional responsibility for the security of its customers and employees data. By implementing internet access to the existing network, the risk of external threats to the system, will be significantly increased. The company will also become reliant on other organisations to maintain and secure the system. The financial affordability of employing and/or hire of specialist personnel may be questioned. As discussed, a continual responsibility in conforming to and sustaining ethical, legal and professional issues, will be necessary. 5

8 5 Appendix I: Security Overview Diagram 6

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0 NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

OCR LEVEL 3 CAMBRIDGE TECHNICAL

OCR LEVEL 3 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY

More information

Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology

Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology The greatest threat: the Human Being Why is the Human Being the greatest threat?: The Human Being is an integrated

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures

More information

OCR Level 2 CAMBRIDGE TECHNICAL

OCR Level 2 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR Level 2 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT IT security J/601/4057 LEVEL 2 UNIT 18 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 IT SECURITY J/601/4057 LEVEL 2 Aim

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012 Monitoring and Logging Policy Document Status Security Classification Version 1.0 Level 1 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Change History

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Managing internet security

Managing internet security Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

St Hugh s School. Remote Access Policy

St Hugh s School. Remote Access Policy St Hugh s School Remote Access Policy Remote Access Policy v1.0 17/11/15 Item Title Page number 1.0 Introduction 2 1.6 Definitions 2 2.0 Scope and limitations 3 3.0 Available remote services 3-4 4.0 Method

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

OCR LEVEL 3 CAMBRIDGE TECHNICAL

OCR LEVEL 3 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT ORGANISATIONAL SYSTEMS SECURITY T/601/7312 LEVEL 3 UNIT 5 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 ORGANISATIONAL SYSTEMS

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

More information

SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE

SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE (Insert Your Organisation Name) uses social media in its work and recognises that those who are involved in its work

More information

information systems security policy...

information systems security policy... sales assessment.com information systems security policy... Approved: 2nd February 2010 Last updated: 2nd February 2010 sales assessment.com 2 index... 1. Policy Statement 2. IT Governance 3. IT Management

More information

STATEMENT OF ETHICAL PRACTICE

STATEMENT OF ETHICAL PRACTICE STATEMENT OF ETHICAL PRACTICE Preamble Records and information management (RIM) is the branch of the information professions primarily concerned with the efficient and systematic control of the creation,

More information

Policy. Mobile Phone Use Policy. Contents

Policy. Mobile Phone Use Policy. Contents Policy Mobile Phone Use Policy Contents Introduction 2 Policy Scope 2 Policy Intent 2 Policy provisions / principles 2 Eligibility 2 Business Functions 2 Issuing Mobile Devices 3 Using a University-owned

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

REVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE 2015. Social Media Policy

REVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE 2015. Social Media Policy Social Media Policy SOCIAL MEDIA POLICY This Policy applies to all academy staff regardless of their employment status. It is to be read in conjunction with the E Safety and Data Security Policy. This

More information

and Internet Policy

and Internet Policy Email and Internet Policy Responsible Officer Authors Date effective from July 2008 Ben Bennett, Business Planning & Resources Director Policy Development Group Date last amended December 2012 Review date

More information

Information Services. Protecting information. It s everyone s responsibility

Information Services. Protecting information. It s everyone s responsibility Information Services Protecting information It s everyone s responsibility Protecting information >> Contents >> Contents Introduction - we are all responsible for protecting information 03 The golden

More information

Bridget Rankin Principal Pharmacist, Medicines Information Guy s & St. Thomas NHS Foundation Trust April 2015

Bridget Rankin Principal Pharmacist, Medicines Information Guy s & St. Thomas NHS Foundation Trust April 2015 Bridget Rankin Principal Pharmacist, Medicines Information Guy s & St. Thomas NHS Foundation Trust April 2015 Aim of the Session Identify legal and ethical problems that may be encountered when providing

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

Corporate Account Takeover (CATO) Risk Assessment

Corporate Account Takeover (CATO) Risk Assessment Corporate Account Takeover (CATO) Risk Assessment As a business, you want to be sure you have a strong process in place for monitoring and managing who has access to your ECorp services and how the information

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Application Development within University. Security Checklist

Application Development within University. Security Checklist Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security

More information

ABERDARE COMMUNITY SCHOOL. Email Policy. Drafted June 2014 Revised on ... (Chair of Interim Governing Body)

ABERDARE COMMUNITY SCHOOL. Email Policy. Drafted June 2014 Revised on ... (Chair of Interim Governing Body) ABERDARE COMMUNITY SCHOOL Email Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) E-MAIL POLICY Review This policy has been approved

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

CHARTER OF ETHICS AND BEHAVIOUR

CHARTER OF ETHICS AND BEHAVIOUR CHARTER OF ETHICS AND BEHAVIOUR Behaviour Principles and Rules P.02 Deployment P.07 The Charter of Ethics was adopted at the meeting of the Groupe Eurotunnel Board Meeting of 28/01/2013 Groupe Eurotunnel

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources Boston Public Schools Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and Scope of Policy Technology Resources ACCEPTABLE USE POLICY AND GUIDELINES Boston

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Service Schedule for CLOUD SERVICES

Service Schedule for CLOUD SERVICES Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

More information

Personal Information Protection Act Information Sheet 11

Personal Information Protection Act Information Sheet 11 Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores

More information

Audit and Risk Management Committee. IT Security Update

Audit and Risk Management Committee. IT Security Update Audit and Risk Management Committee 26 th February 2015 IT Security Update Description of paper 1. The purpose of this paper is to update the Committee on current security issues and what steps are being

More information

If you have any questions about any of our policies, please contact the Customer Services Team.

If you have any questions about any of our policies, please contact the Customer Services Team. Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting

More information

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data David Haynes, City University, School of Informatics, Department of Information Science August 2011 Background Two surveys

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

Conditions of Use of IT Facilities at the LSE

Conditions of Use of IT Facilities at the LSE Conditions of Use of IT Facilities at the LSE By accessing and/or using the IT Facilities, you agree to be bound by these Conditions of Use including all documents referred to in them, and you agree to

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

2.2 The Policy establishes a framework within which users of these facilities can apply selfregulation to their use of the facilities.

2.2 The Policy establishes a framework within which users of these  facilities can apply selfregulation to their use of the facilities. Email Policy 1 Introduction 1.1 This Email Policy has been developed in response to the acknowledged need for guidelines describing the acceptable use of the University s email and related services and

More information

Information Systems and Technology

Information Systems and Technology As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons

More information

Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online Payroll service and website.

Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online Payroll service and website. Terms and Conditions of Use Your online payroll is run via for MyPAYE Online Payroll Service Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online

More information

Introduction. The steps involved in using this tool

Introduction. The steps involved in using this tool Introduction This tool is designed to cover all the relevant control areas of ISO / IEC 27001:2013. All sorts of organisations and Because it is a general tool, you may find the language challenging at

More information

Online (Internet) Banking Agreement and Disclosure

Online (Internet) Banking Agreement and Disclosure Online (Internet) Banking Agreement and Disclosure This Online (Internet) Banking Agreement and Disclosure ( the Agreement") explains the terms and conditions governing the basic Online Banking services

More information

TERMS AND CONDITIONS LIMASSOL 3on3

TERMS AND CONDITIONS LIMASSOL 3on3 TERMS OF WEBSITE USE TERMS AND CONDITIONS LIMASSOL 3on3 This terms of use (together with the documents referred to in it) tells you the terms of use on which you may make use of our website www.limassol3on3.com

More information

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS TERMS OF SERVICE These terms of service and the documents referred to in them ( Terms ) govern your access to and use of our services, including our website teleportapp.co ( our site ), applications, buttons,

More information

HIPAA Security Training Manual

HIPAA Security Training Manual HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

STRONGER ONLINE SECURITY

STRONGER ONLINE SECURITY STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial

More information

TECHNOLOGY USAGE POLICY

TECHNOLOGY USAGE POLICY TECHNOLOGY USAGE POLICY Computer Usage Policy (CUP). 2 Aims/Objectives. 2 General.. 2 Student Responsibilities 2 Monitoring 3 Access Violations... 3 Personal Devices 3 Internet Safety: Acceptable Usage

More information

Online Banking Customer Awareness and Education Program

Online Banking Customer Awareness and Education Program Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE 1. DISCLAIMER NOTICE UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE The information provided by UGANDA REVENUE AUTHORITY (URA) on the web portal relating to products and services (or

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Seychelles Revenue Commission Practice Statement PS CM 2009/02

Seychelles Revenue Commission Practice Statement PS CM 2009/02 Seychelles Revenue Commission Practice Statement This Corporate Management Practice Statement is issued under the authority of the Revenue Commissioner (Commissioner) of the Seychelles Revenue Commission

More information

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating to all users of UNH IT resources, and improve the availability

More information

Information Security Policy Schedule A - Roles, Standards and Operational Procedures

Information Security Policy Schedule A - Roles, Standards and Operational Procedures Information Security Policy Schedule A - Roles, Standards and Operational Procedures Approving authority Pro Vice Chancellor (Information Services) Approval date 3 July 2014 Advisor Next scheduled review

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

Business Case. for an. Information Security Awareness Program

Business Case. for an. Information Security Awareness Program Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security

More information

IT OUTSOURCING SECURITY

IT OUTSOURCING SECURITY IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Sample Information Security Policies

Sample Information Security Policies Sample Information Security Policies Sample Information Security Policies May 31, 2011 1 13740 Research Blvd Suite 2, Building T Austin, TX 78750 512.351.3700 www.aboundresources.com Boston Austin Atlanta

More information