Please enable JavaScript.
Coggle requires JavaScript to display documents.
Protection Measures - Policies - Coggle Diagram
Protection Measures - Policies
Staff access rights to information
Less trusted/newer staff should have less access than higher staff
e.g. in a school, headteacher will have more access to info than teachers
Ensures that people can't be employed somewhere and then immediately have access to all information about the company
Responsibilities of staff for security of information
Staff have some responsibility to uphold these information security policies
Not sharing passwords
Making sure information is transmitted securely
Making sure information is stored in secure places e.g. having passwords on computers
Disaster recovery: In the event of a disaster...
Are there backups of information, both on site and offsite (cloud)?
Is there a disaster recovery plan?
Who is in charge of the disaster recovery plan?
What do we do first?
What do we do second?
Information security risk assessment
What areas of a company have the highest risks to information security?
How can the risks be minimised?
How likely are these risks?
Evaluate the consequences of these risks
Recognise potential problems with information
Effectiveness of protection measures
How effective are the information security measures in place?
How can they be improved?
Do they need to be improved?
Example data protection policy
Data privacy
Password management
Internet usage
Email usage
Company owned devices
Employee owned devices
Social media
Software copyright and licensing
Security incident reporting
Training of staff to handle information
New staff should be trained about information security
E.g. phishing, malware