Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Policies Used by PHPS - Coggle Diagram
Security Policies Used by PHPS
Staff Access Rights to information
PHPS needs a clear policy defining who has access to the information
This is to ensure that it is based on a principle of least privilege
Granting Staff the minimum privilege they require in order to only be able to carry out their job role
Prevents unauthorized access of data
Disaster Recovery
PHPS needs to have comprehensive data recovery plan
This ensures business continuity even if a disaster has occured
Requires regular off-site backups to maintain files
Regular on-site backups to maintain files
Procedures for restoring data
Practice Restoring PHPS' data
Responsibility of Staff for Security of Information
PHPS needs to have a policy for outlining the security responsibilities of all staff members
Password management
Data handling procedures
Reporting security incidents
Must be communicated clearly to all employees
Receive regular training to keep up to date with security measures
Information Security Risk Assessment
PHPS needs to have regular risk assessments
Used to identigy potential security vulnerabilities
Identify and threats
Technical vulnerabilities
Human error
Physical security
RFID tokens
Locks
Effectiveness of Security Measures
PHPS needs to have effective security measures
Evaluate current effectiveness of security measures
Security audits
Penetration testing
Monitoring Security logs
Training of Staff to Handle information
PHPS needs to have regular staff training
Maintains regular security awareness
Educates Staff about security best practices
Password security
Phishing Awareness
Malware avoidance
Data handling procedures
How to report security concerns
What to do if a threat is identified