Employment Contracts and Security
Hiring Policies
It is important for all business organisations to establish a positive hiring policy that follows the laws for national employment when new employees are being recruited or when existing workers are being promoted. This could involve looking at the background of said employees for reference, including previous employment and crinimal records.
Many organisations often test their personnel for suitablility for their role within a certain period upon rectuitment or, in some cases, promotion. This allows the organisation to establish trust with new recruits and give them responsibility for one stage at a time. It is not a good idea to give new recruits full responsibility straight away before they can prove that they are trustworthy.
Seperation of Duties
Organisations often establish a seperation of duties among the workforce, ensuring that they do not completely rely on one individual to maintain overall systems security. Instead, a critical duty to manage is given to each worker, with a deputy who also had experience in the same department put in place to take over in the manager's absence.
In addition, giving each worker a seperate role in systems security would ensure that no individual would have complete knowledge on the subject. For example, someone who maintains a firewall would have no knowlege on virtual private networks. In another example, a chief security officer may have a summarised overview of the whole system, but would not have detailed knowledge on each individual component.
Ensuring Complience
If an employee or business partner had infringed on establised codes of conduct in regards to systems security, then they would have to be dealt with in a manner that is fair, confidential and legally acceptable. This would ensure complience with established disciplinary and investigation procedures.
Hiowever, there is always the possibility that someone could be falsely accused, leading to a very damaging legal action. If an infringement does occur, then the following appropriate steps could be taken...
- Suspending the employee from working or getting paid.
- Having an independant party conduct a fair and impartial investigation on the matter.
- Having the police involved should the infringement appear to be a crinimal matter.
Training and Communication
It is always reasonable to expect any employer to ensure that all staff would recieve the necessary training, in addition to communicating regularly with staff to ensure that they are all aware of their responsibilities.
Laws
Legistlation
As technology is constantly being improved on, so is the ability to subvert the rights and intellectual property of others. Because of this, it is important for all IT personnel working in an organisation to be aware of the following laws.
Computer Misuse Act (1990)
The Computer Misuse Act is there to help prevent unauthorised access and modification to computer systems. This can come under any of the following...
- Unauthorised access to any computer system and its data, usually through typing someone else’s username and password.
- Unauthorised access to a computer system with criminal intent.
- Unauthorised modification to a computer system.
More Information: http://www.legislation.gov.uk/ukpga/1990/18/contents
Copyright, Designs and Patents Act (1988)
The Copyright, Designs and Patents Act is there to prevent both individuals and organisations from stealing copyrighted material and distributing it as their own. This could include the following..
- Multimedia in all its forms, including music, films, books and games.
- Written material, such as work submitted in an assignments or text from a website.
- Original designs of a system, application, structure or machine.
- Unique images including logos and artwork.
More Information: http://www.legislation.gov.uk/ukpga/1988/48/contents
Data Protection Act (1984, 1998, 2000)
The Data Protection Act is there to help regulate how personal information is acquired, held, used or made known. It also gives people the right to know their own personal information.
More Information: http://www.legislation.gov.uk/ukpga/1998/29/contents
Freedom of Information Act (2000)
The Freedom of Information Act is there to help monitor how official information held by the public authorities, such as the police and the NHS, is accessed by others. However, not all information held by the authorities can be accessed by others. This is especially true for information that could potentially put an entire nation at risk, damage the reputation of the authorities, etc.
More Information: http://www.legislation.gov.uk/ukpga/2000/36/contents
Software Copyrights
Open Source
Open source software is a type of software with its source code being made open to the public, allowing users to make their own modifications and redistribute the modified software, provided that credit is being given to the original creator. Open source software is usually free.
Freeware
Freeware is a full version of the software that can be downloaded for free. However, they are not usually open to modification as with open source software and may not have as many working features as shareware or commercial software.
Shareware
Shareware is a demo version of the full commercial software. The purpose of the free demo version is to allow users to try the software before purchasing the full version. The demo version usually has a limitation, such as having a time limit or having more limited features than the full version.
Commercial Software
Commercial software is a type of software that had to be purchased before use. Commercial software usually has the best features out of all software, but cannot be modified or redistributed freely.
No comments:
Post a Comment