Legal Aspects


You need to understand:


Corporate Information System Security Policy

The syllabus requires you to:


 

What is a corporate security policy?

Activities:

  1. Read this case study*
  2. List the rules laid down by the policy
  3. What sanctions have been included if the rules are breached?
  4. What other sanctions could be incuded?
  5. The policy refers to guidelines on protecting an account in the User Guide [paragraph 5]. Suggest suitable rules that could be included in the User Guide.
*[Source: Mott, J & Leeming, A.
Information and Communication Technolody for A2 Level.
Abingdon:  Hodder & Stoughton, 2003] 

 

Test your understanding

 

  1. Log into Moodle and work through the tests provided in section 13.6

Audit Requirements

The syllabus requires you to:

 


 

Introduction:

 

Audit Trail

Example:

 

Name DOB Position Rate of Pay
Bloggs, F 01/05/82 Sales Assitant
6.75
Atkins, T 15/12/76 Sales Manager
12.50
White, B 36/08/79 Sales Assitant
6.75

 

  • Original database table for personnel file.
  • Audit trail software creates a log of all transactions
up arrow

 

  • Transaction log includes details such as:
    • Date and time of transaction
    • User ID
    • Details of transaction (e.g. field updated with new & old values)
  • This can be used to check trace the changes in the database
down arrow

 

User Date Time Field Updated Old Value New Value
Rea01 12/10/05 10:15 Rate of Pay 6.75 6.85
Ack03 16/10/05 09:40 Rate of Pay 12.50 12.80
           

 

 

Test your understanding

  1. Log into Moodle and work through the tests provided in section 13.6

Disaster Recovery Management

The syllabus requires you to:


Having recognised potential threats to an information system, it is important to:

Business problems caused by disasters: 

Disaster Recovery Planning:

If a disaster recovery policy or plan exists, then the recovery process can begin immediately and the business can resume function to some degree fairly quickly. One problem following a disaster is that unless an organisation is prepared for it, much precious time is spent in discussion and planning.

A typical disaster recovery plan will contain the following elements: 

Exercise:

Test your understanding

  1. Log into Moodle and work through the tests provided in section 13.6

Legislation:

The syllabus requires you to:


Introduction:

Data Protection Act

Freedom of Information Act

Computer Misuse Act



 


Exercise: