Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security policies used by PHPS - Coggle Diagram
Security policies used by PHPS
Staff access rights to information
This policy should be based on the principle of least privilege, granting only the necessary access for each role.
PHPS needs a clear policy defining who has access to what information.
Disaster recovery
Comprehensive data recovery plan
Ensures business continuity
Regular onsite backups
Regular offsite backups
Data restoration procedures
Practise restoring data
Responsibilities of staff regarding security of information
Reporting security incidents.
Data handling procedures.
Password management.
Information security risk assessment
Risk assessments
Technical vulnerabilities such as unpatched software, social engineering, human vulnerabilities, insider threats, malware, phishing attacks, weak passwords etc.
Human error such as accidentally entering the wrong data or forgetting a step in a procedure etc.
Physical security.
Training of staff to handle information
Educate staff about security best practices
Password security
Data handling procedures
How to report security concerns
Phishing awareness
Effectiveness of security measures
Security audits
Penetration testing.
Monitoring security logs.